| |
| |||||||
Log-Analyse und Auswertung: W3i.IQ5.fraud, PC stürzt regelmässig abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.03.2012, 17:37
| #16 |
 |  W3i.IQ5.fraud, PC stürzt regelmässig ab Kann ich erst nach 22 Uhr machen, da Neustart mit Einrichten und Einloggen immer 10-12 Minuten aufgrund vieler parallel laufender Anwendungen benötigt. Ich würde ansonsten vorher versuchen auf "Stop" zu klicken und sehen, ob dies ggf. bereits weiterhelfen könnte(?) Vermutlich sollte ich einige Programme und Anwendungen deaktivieren bzw. löschen, ggf. auf die von hp für den Officejet? Nach jedem Restart springen ein halbes Dutzend Fenster auf, sehr zeitraubend und nervig. |
|
20.03.2012, 18:37
| #17 |
| | W3i.IQ5.fraud, PC stürzt regelmässig ab Ich habe auf "Stop" geklickt;
__________________Scan results Threats found! Scanned Files: 227111 Infected Files: 20 Cleaned Files: 0 Total Scan Time: 10:16:16 Scan status: Finished List of found threats Select Uninstall if you want to remove all ESET Omline Scanner files from your computer. ... ------------------ Klick auf List of found threats Copy to clipboard oder Export to text file... Hier sind die threats mit target und threat aufgelistet, was muss ich eingeben, um die Liste kopieren und einfügen zu können? Copy+Paste fkt., nicht, nur je eine Zeile anklickbar. Vielen Dank für Ihre Mühe! |
|
20.03.2012, 18:48
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | W3i.IQ5.fraud, PC stürzt regelmässig ab Ich hab doch in der Anleitung en kompletten Pfad zum Log angegeben!
__________________
__________________ |
|
20.03.2012, 18:48
| #19 |
| | W3i.IQ5.fraud, PC stürzt regelmässig abHTML-Code: C:\Program Files\Winferno\PC Confidential\PCCBHO.dll Win32/Adware.PCConfidential application C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip Win32/Bagle.gen.zip worm C:\ProgramData\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper4.zip Win32/Bagle.gen.zip worm C:\Users\All Users\Spybot - Search & Destroy\Recovery\RegistryHelper6.zip Win32/Bagle.gen.zip worm C:\Users\Reichow\AppData\Local\Temp\nps7942.tmp PDF/Exploit.Pidief.PBK.Gen trojan C:\Users\Reichow\AppData\Local\Temp\nps8F43.tmp PDF/Exploit.Pidief.PBK.Gen trojan C:\Users\Reichow\AppData\Local\Temp\mia8A50.tmp\data\OFFLINE\D038292B\DBD9B16A\Launcher.exe Win32/RegistryBooster application C:\Users\Reichow\AppData\Local\Temp\mia8A50.tmp\data\OFFLINE\D038292B\DBD9B16A\rbmonitor.exe Win32/RegistryBooster application C:\Users\Reichow\AppData\Local\Temp\mia8A50.tmp\data\OFFLINE\D038292B\DBD9B16A\rbnotifier.exe Win32/RegistryBooster application C:\Users\Reichow\AppData\Local\Temp\mia8A50.tmp\data\OFFLINE\D038292B\DBD9B16A\rb_move_serial.exe Win32/RegistryBooster application C:\Users\Reichow\AppData\Local\Temp\mia8A50.tmp\data\OFFLINE\D038292B\DBD9B16A\registrybooster.exe Win32/RegistryBooster application C:\Users\Reichow\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\19a918c0-3185b769 multiple threats C:\Users\Reichow\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\252699c1-5c6ecd3d multiple threats C:\Users\Reichow\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\7f83c48c-1e4eecff multiple threats C:\Users\Reichow\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\5e42b790-29a8d2cc multiple threats C:\Users\Reichow\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16\69ac9c90-162d6468 multiple threats C:\Users\Reichow\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\5919b2d1-5523ed20 multiple threats C:\Users\Reichow\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5\339aa645-43a41f20 multiple threats C:\Users\Reichow\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7e889bb9-1de2ee35 multiple threats |
|
20.03.2012, 18:51
| #20 |
| | W3i.IQ5.fraud, PC stürzt regelmässig ab Habe es intuitiv versucht und eingestellt, Spybot S+D und Sun dürften OK sein. Wwelche Threats muss ich wie löschen? |
|
20.03.2012, 18:54
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W3i.IQ5.fraud, PC stürzt regelmässig ab Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ --> W3i.IQ5.fraud, PC stürzt regelmässig ab |
|
22.03.2012, 11:26
| #22 |
| | W3i.IQ5.fraud, PC stürzt regelmässig ab OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.03.2012 10:44:55 - Run 1 OTL by OldTimer - Version 3.2.39.1 Folder = c:\Users\Reichow\Documents Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 61,35% Memory free 6,72 Gb Paging File | 5,38 Gb Available in Paging File | 80,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 432,88 Gb Free Space | 75,13% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 9,86 Gb Free Space | 49,32% Space Free | Partition Type: FAT32 Computer Name: STEFANREICHOW | User Name: Reichow | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.03.21 19:50:08 | 000,594,432 | ---- | M] (OldTimer Tools) -- c:\Users\Reichow\Documents\OTL.exe PRC - [2012.03.12 10:58:10 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe PRC - [2012.02.01 23:27:24 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Programme\Google\Update\1.3.21.99\GoogleCrashHandler.exe PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2009.11.18 10:44:34 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe PRC - [2009.11.18 10:38:19 | 000,122,368 | ---- | M] (Google Inc.) -- C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe PRC - [2009.08.05 19:33:13 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2009.06.15 16:09:49 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.03.02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe ========== Modules (No Company Name) ========== MOD - [2012.02.20 14:51:04 | 011,820,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll MOD - [2012.02.20 14:50:56 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll MOD - [2012.02.20 14:50:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll MOD - [2012.02.17 18:49:06 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll MOD - [2012.02.17 18:48:15 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll MOD - [2012.02.17 18:47:56 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll MOD - [2012.02.17 18:42:05 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll MOD - [2011.12.01 18:30:42 | 000,103,424 | ---- | M] () -- C:\Programme\Google\Quick Search Box\bin\1.2.1151.245\rlz.dll MOD - [2011.10.17 15:52:51 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll MOD - [2011.10.17 12:29:54 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll MOD - [2011.06.28 19:04:21 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2010.08.24 10:48:21 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll MOD - [2009.03.30 05:42:12 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2009.03.30 05:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2008.12.10 14:53:52 | 001,691,648 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3257.27012__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll MOD - [2008.12.10 14:53:52 | 000,278,528 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3257.26996__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll MOD - [2008.12.10 14:53:52 | 000,204,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll MOD - [2008.12.10 14:53:52 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3257.27071__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll MOD - [2008.12.10 14:53:52 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll MOD - [2008.12.10 14:53:52 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll MOD - [2008.12.10 14:53:52 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3257.27003__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll MOD - [2008.12.10 14:53:51 | 000,671,744 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3257.27107__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:51 | 000,466,944 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3257.27092__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll MOD - [2008.12.10 14:53:51 | 000,344,064 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:51 | 000,135,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3257.27093__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:51 | 000,094,208 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3257.27056__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll MOD - [2008.12.10 14:53:51 | 000,077,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3257.27106__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll MOD - [2008.12.10 14:53:51 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3257.27003__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:51 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3257.27050__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll MOD - [2008.12.10 14:53:51 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3257.27055__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll MOD - [2008.12.10 14:53:51 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3257.27091__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll MOD - [2008.12.10 14:53:50 | 000,811,008 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3257.27039__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:50 | 000,716,800 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3257.27004__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:50 | 000,405,504 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3257.27065__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll MOD - [2008.12.10 14:53:50 | 000,225,280 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3257.27013__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:50 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3257.27048__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:50 | 000,081,920 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll MOD - [2008.12.10 14:53:50 | 000,036,864 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3257.27047__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll MOD - [2008.12.10 14:53:49 | 000,589,824 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3257.27014__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:49 | 000,450,560 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3257.27033__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:49 | 000,438,272 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll MOD - [2008.12.10 14:53:49 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3257.27037__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll MOD - [2008.12.10 14:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3257.27017__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll MOD - [2008.12.10 14:53:49 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3257.27038__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll MOD - [2008.12.10 14:53:49 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3257.27049__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll MOD - [2008.12.10 14:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3218.28677__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll MOD - [2008.12.10 14:53:49 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3218.28672__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll MOD - [2008.12.10 14:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3218.28683__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll MOD - [2008.12.10 14:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll MOD - [2008.12.10 14:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3218.28685__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll MOD - [2008.12.10 14:53:49 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3218.28705__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll MOD - [2008.12.10 14:53:49 | 000,006,656 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll MOD - [2008.12.10 14:53:48 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3218.28666__90ba9c70f846762e\CLI.Foundation.dll MOD - [2008.12.10 14:53:48 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll MOD - [2008.12.10 14:53:48 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll MOD - [2008.12.10 14:53:48 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll MOD - [2008.12.10 14:53:48 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3218.28702__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll MOD - [2008.12.10 14:53:48 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3218.28664__90ba9c70f846762e\LOG.Foundation.dll MOD - [2008.12.10 14:53:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3218.28665__90ba9c70f846762e\NEWAEM.Foundation.dll MOD - [2008.12.10 14:53:48 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3218.28727__90ba9c70f846762e\CLI.Foundation.XManifest.dll MOD - [2008.12.10 14:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3218.28687__90ba9c70f846762e\DEM.OS.I0602.dll MOD - [2008.12.10 14:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll MOD - [2008.12.10 14:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll MOD - [2008.12.10 14:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3218.28678__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll MOD - [2008.12.10 14:53:48 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3218.28672__90ba9c70f846762e\CLI.Component.Client.Shared.dll MOD - [2008.12.10 14:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3218.28686__90ba9c70f846762e\MOM.Foundation.dll MOD - [2008.12.10 14:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3218.28687__90ba9c70f846762e\DEM.OS.dll MOD - [2008.12.10 14:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll MOD - [2008.12.10 14:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3218.28688__90ba9c70f846762e\DEM.Graphics.dll MOD - [2008.12.10 14:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll MOD - [2008.12.10 14:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3218.28676__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll MOD - [2008.12.10 14:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll MOD - [2008.12.10 14:53:48 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll MOD - [2008.12.10 14:53:47 | 000,106,496 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3257.27085__90ba9c70f846762e\MOM.Implementation.dll MOD - [2008.12.10 14:53:47 | 000,065,536 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3257.27084__90ba9c70f846762e\LOG.Foundation.Implementation.dll MOD - [2008.12.10 14:53:47 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3218.28705__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,053,248 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3218.28692__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3257.27101__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll MOD - [2008.12.10 14:53:47 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3218.28694__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3218.28672__90ba9c70f846762e\LOG.Foundation.Private.dll MOD - [2008.12.10 14:53:47 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3218.28685__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3218.28701__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3218.28690__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3218.28688__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3218.28686__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3218.28693__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll MOD - [2008.12.10 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3218.28686__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll MOD - [2008.12.10 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3218.28689__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll MOD - [2008.12.10 14:53:47 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3218.28685__90ba9c70f846762e\APM.Foundation.dll MOD - [2008.12.10 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll MOD - [2008.12.10 14:53:47 | 000,016,384 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3218.28678__90ba9c70f846762e\AEM.Server.Shared.dll MOD - [2008.12.10 14:53:47 | 000,014,848 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll MOD - [2008.12.10 14:53:47 | 000,013,312 | ---- | M] () -- C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll MOD - [2008.12.10 14:53:47 | 000,011,264 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3257.27109__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll MOD - [2008.12.10 14:53:47 | 000,007,168 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll MOD - [2008.12.10 14:53:46 | 001,073,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3257.27000__90ba9c70f846762e\CLI.Component.Dashboard.dll MOD - [2008.12.10 14:53:46 | 000,532,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3257.27080__90ba9c70f846762e\CLI.Component.Systemtray.dll MOD - [2008.12.10 14:53:46 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3257.27008__90ba9c70f846762e\CLI.Component.Wizard.dll MOD - [2008.12.10 14:53:46 | 000,073,728 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3257.26994__90ba9c70f846762e\ATIDEMOS.dll MOD - [2008.12.10 14:53:46 | 000,069,632 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3257.26994__90ba9c70f846762e\CLI.Component.Runtime.dll MOD - [2008.12.10 14:53:46 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3257.26992__90ba9c70f846762e\APM.Server.dll MOD - [2008.12.10 14:53:46 | 000,057,344 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3257.26995__90ba9c70f846762e\CLI.Component.SkinFactory.dll MOD - [2008.12.10 14:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll MOD - [2008.12.10 14:53:46 | 000,045,056 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3257.26993__90ba9c70f846762e\AEM.Server.dll MOD - [2008.12.10 14:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3218.28670__90ba9c70f846762e\CLI.Foundation.Private.dll MOD - [2008.12.10 14:53:46 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3218.28675__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll MOD - [2008.12.10 14:53:46 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll MOD - [2008.12.10 14:53:46 | 000,028,672 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3257.27085__90ba9c70f846762e\CCC.Implementation.dll MOD - [2008.12.10 14:53:46 | 000,024,576 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3218.28681__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll MOD - [2008.12.10 14:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3218.28682__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll MOD - [2008.12.10 14:53:46 | 000,020,480 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3218.28695__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll MOD - [2008.12.01 21:46:10 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SBSDWSCService) SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.11.16 17:23:44 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2009.08.05 19:33:13 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2009.06.15 16:09:49 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc) SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys -- (Profos) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.03.19 09:36:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2009.12.07 18:04:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2009.06.15 16:09:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.03.30 09:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio) DRV - [2008.12.01 23:14:32 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.11.11 18:29:42 | 000,154,272 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtHDMIV.sys -- (RTHDMIAzAudService) DRV - [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\ahcix86s.sys -- (ahcix86s) DRV - [2008.06.19 16:24:30 | 000,028,544 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\pavboot.sys -- (pavboot) DRV - [2008.04.28 14:26:42 | 000,014,352 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO) DRV - [2008.02.14 14:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169) DRV - [2007.10.12 02:40:14 | 000,010,632 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\amdide.sys -- (amdide) DRV - [2007.09.21 09:38:22 | 000,554,496 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bigseekpro.com/finalvdfilebulldog/{9B722CA1-83E0-4FFB-8904-CE6FC9C2825C} IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\.DEFAULT\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.goingpublic.de/ IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Final Video Downloader FileBulldog Toolbar\tbhelper.dll () IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MEDB_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=_stINRqRlHu36v59ZTe7snr8m7s?q={searchTerms} IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.goingpublic.de/vorschau/ipocountdown/ipocountdown.hbs" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: downloader@finalvideotools.com:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {75656794-AB59-4712-BFBC-5D816D56F3BC}:1.1.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.126 FF - prefs.js..keyword.URL: "hxxp://www.bigseekpro.com/search/toolbar/finalvdfilebulldog/{9B722CA1-83E0-4FFB-8904-CE6FC9C2825C}?q=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..somoto.old_dnscatch: "data:text/plain,keyword.URL=hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q=" FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=hxxp://de.google.mozilla.com/firefox?client=firefox-a&rls=com.google:de:official" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@pandasecurity.com/activescan: C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Reichow\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Reichow\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2009.11.18 10:39:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.29 11:49:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.06.27 01:51:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.19 16:31:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.10 23:23:22 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.01.29 11:49:05 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\antispam\tbspamfilter [2010.02.07 15:11:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reichow\AppData\Roaming\mozilla\Extensions [2011.11.10 08:38:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Reichow\AppData\Roaming\mozilla\Firefox\Profiles\qntj13og.default\extensions [2010.04.27 18:34:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Reichow\AppData\Roaming\mozilla\Firefox\Profiles\qntj13og.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011.08.11 06:59:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Reichow\AppData\Roaming\mozilla\Firefox\Profiles\qntj13og.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2011.02.19 12:35:58 | 000,000,000 | ---D | M] (Final Video Downloader FileBulldog Toolbar) -- C:\Users\Reichow\AppData\Roaming\mozilla\Firefox\Profiles\qntj13og.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC} [2011.02.24 02:22:51 | 000,002,394 | ---- | M] () -- C:\Users\Reichow\AppData\Roaming\Mozilla\Firefox\Profiles\qntj13og.default\searchplugins\search.xml [2011.11.10 23:23:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.19 16:31:26 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.02.02 20:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.20 21:54:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.20 21:54:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.20 21:54:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.20 21:54:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.20 21:54:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.20 21:54:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de CHR - default_search_provider: suggest_url = CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Reichow\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Reichow\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Reichow\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Reichow\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll CHR - plugin: Panda ActiveScan 2.0 (Enabled) = C:\Program Files\Panda Security\ActiveScan 2.0\npwrapper.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: AT_Splendid = C:\Users\Reichow\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\ CHR - Extension: YouTube = C:\Users\Reichow\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Reichow\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Reichow\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.126_0\ CHR - Extension: Google Mail = C:\Users\Reichow\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.03.26 16:30:26 | 000,303,871 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 10469 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Final Video Downloader FileBulldog Toolbar\tbcore3.dll () O3 - HKLM\..\Toolbar: (Final Video Downloader FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Final Video Downloader FileBulldog Toolbar\tbcore3.dll () O3 - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\Toolbar\WebBrowser: (Final Video Downloader FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Final Video Downloader FileBulldog Toolbar\tbcore3.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google) O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.) O4 - HKLM..\Run: [Google Updater] C:\Program Files\Google\Google Updater\GoogleUpdater.exe (Google) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - Startup: C:\Users\Reichow\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8BAD6E69-3C7F-46E5-BE6B-0B2B02252AED}: DhcpNameServer = 192.168.1.1 193.189.244.194 193.189.244.202 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Reichow\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Reichow\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error. ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: aux - wdmaud.drv (Microsoft Corporation) Drivers32: aux1 - wdmaud.drv (Microsoft Corporation) Drivers32: aux2 - wdmaud.drv (Microsoft Corporation) Drivers32: midi - wdmaud.drv (Microsoft Corporation) Drivers32: midi1 - wdmaud.drv (Microsoft Corporation) Drivers32: midi2 - wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - midimap.dll (Microsoft Corporation) Drivers32: mixer - wdmaud.drv (Microsoft Corporation) Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation) Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation) Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation) Drivers32: vidc.cvid - iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - DivX.dll (DivX, Inc.) Drivers32: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yuy2 - msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - DivX.dll (DivX, Inc.) Drivers32: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - msyuv.dll (Microsoft Corporation) Drivers32: wave - wdmaud.drv (Microsoft Corporation) Drivers32: wave1 - wdmaud.drv (Microsoft Corporation) Drivers32: wave2 - wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.21 19:50:07 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Reichow\Documents\OTL.exe [2012.03.19 17:16:37 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.16 20:03:03 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.03.16 20:03:01 | 000,000,000 | ---D | C] -- C:\Users\Reichow\AppData\Roaming\Malwarebytes [2012.03.16 20:02:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.16 20:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.16 20:02:34 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.16 20:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2 C:\Users\Reichow\Documents\*.tmp files -> C:\Users\Reichow\Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.03.22 10:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job [2012.03.22 10:37:00 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.22 10:24:49 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.03.22 10:24:48 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.22 10:24:48 | 000,000,416 | ---- | M] () -- C:\Windows\tasks\PCConfidential.job [2012.03.22 10:24:48 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\Free File Viewer Update Checker.job [2012.03.22 10:24:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 10:24:40 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.22 10:24:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.22 10:24:30 | 3487,883,264 | -HS- | M] () -- C:\hiberfil.sys [2012.03.22 10:02:00 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3658888087-4266470633-1359848893-1000UA.job [2012.03.22 03:21:08 | 000,632,014 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.22 03:21:08 | 000,598,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.22 03:21:08 | 000,104,716 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.22 03:21:07 | 000,127,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.21 23:02:01 | 000,001,076 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3658888087-4266470633-1359848893-1000Core.job [2012.03.21 19:50:08 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Reichow\Documents\OTL.exe [2012.03.21 10:55:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2012.03.19 09:36:27 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.03.16 20:02:37 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.03.15 08:00:15 | 000,423,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.02.24 18:57:36 | 000,057,856 | ---- | M] () -- C:\Users\Reichow\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2 C:\Users\Reichow\Documents\*.tmp files -> C:\Users\Reichow\Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.03.16 20:02:37 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2010.10.25 15:25:56 | 000,000,680 | ---- | C] () -- C:\Users\Reichow\AppData\Local\d3d9caps.dat [2010.09.13 13:50:37 | 000,000,003 | ---- | C] () -- C:\Windows\treeskp.sys [2010.09.13 13:50:37 | 000,000,003 | ---- | C] () -- C:\Windows\sbacknt.bin ========== LOP Check ========== [2010.08.03 16:46:42 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Alxyw [2011.02.08 00:29:25 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\com.w3i.FlipToast [2011.02.19 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\FinalTorrent [2011.10.10 13:38:35 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\FinalVideoDownloader [2011.02.15 20:06:59 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\FreeFileViewer [2010.01.20 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\OpenOffice.org [2011.08.26 19:37:59 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Opera [2009.02.12 13:06:29 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Template [2011.02.08 00:29:21 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Uniblue [2010.10.27 19:35:56 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\vghd [2010.08.03 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Viqeny [2012.03.22 10:24:48 | 000,000,382 | ---- | M] () -- C:\Windows\Tasks\Free File Viewer Update Checker.job [2012.03.22 10:24:48 | 000,000,416 | ---- | M] () -- C:\Windows\Tasks\PCConfidential.job [2012.03.22 03:41:52 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.03.22 10:50:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.02.25 19:18:54 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Adobe [2010.08.03 16:46:42 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Alxyw [2009.06.18 21:46:33 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Apple Computer [2009.02.06 09:31:00 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\ATI [2011.02.08 00:29:25 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\com.w3i.FlipToast [2009.03.24 15:18:45 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Corel [2010.05.03 19:12:43 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\DivX [2011.02.19 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\FinalTorrent [2011.10.10 13:38:35 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\FinalVideoDownloader [2011.02.15 20:06:59 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\FreeFileViewer [2009.11.18 11:19:41 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Google [2009.03.20 01:58:44 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\HP [2010.02.07 15:11:52 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\HPAppData [2010.07.13 07:58:27 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\HpUpdate [2009.02.06 09:30:36 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Identities [2009.02.06 09:29:35 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Macromedia [2012.03.16 20:03:02 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Malwarebytes [2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Media Center Programs [2009.11.18 16:54:24 | 000,000,000 | --SD | M] -- C:\Users\Reichow\AppData\Roaming\Microsoft [2010.02.07 15:11:34 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Mozilla [2009.05.19 09:53:40 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Nero [2010.01.20 17:58:52 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\OpenOffice.org [2011.08.26 19:37:59 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Opera [2010.01.29 12:51:07 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Real [2010.08.03 19:15:28 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Spybot - Search & Destroy [2009.02.12 13:06:29 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Template [2011.02.08 00:29:21 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Uniblue [2010.10.27 19:35:56 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\vghd [2010.08.03 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Viqeny < %APPDATA%\*.exe /s > [2011.11.17 19:22:15 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Reichow\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB7xx\RAID\LH\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\drivers\ahcix86s.sys [2008.10.03 17:08:52 | 000,183,312 | ---- | M] (Advanced Micro Devices, Inc) MD5=03081E98C515CB838434D252F407F6E8 -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_697786ab\ahcix86s.sys [2007.11.01 20:31:44 | 000,122,880 | ---- | M] (Promise Technology, Inc.) MD5=4283A0F3A9557EB133D2BA8979747A77 -- C:\ATI\WinVista\8_561\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.11.12 14:12:11 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 03:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2008.12.01 21:47:28 | 000,425,984 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\system32\ATIDEMGX.dll < End of report > |
|
22.03.2012, 11:28
| #23 |
| | W3i.IQ5.fraud, PC stürzt regelmässig ab OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 22.03.2012 10:44:55 - Run 1
OTL by OldTimer - Version 3.2.39.1 Folder = c:\Users\Reichow\Documents
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 61,35% Memory free
6,72 Gb Paging File | 5,38 Gb Available in Paging File | 80,15% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 432,88 Gb Free Space | 75,13% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 9,86 Gb Free Space | 49,32% Space Free | Partition Type: FAT32
Computer Name: STEFANREICHOW | User Name: Reichow | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files\File Type Assistant\tsassist.exe" "%1" (Trusted Software ApS)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{40F26874-B474-4724-9516-06BC3ABC85AB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C724DD46-396F-4260-BB80-D04ECE43EF60}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{FB3C29D3-18CD-4477-9F9F-4E66BFB9D037}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0439C2BC-D3BF-40E8-BE38-970829B89DB8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{180BD3C4-3048-421A-930E-8F1609853914}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{19D14264-8229-4287-88B6-B65F8C7E3BB7}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{1A0B4E68-4666-4C7A-9DEF-480E9341DC83}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{27CFCBAF-2762-4FCE-AC9B-28C3D3A9C918}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{2C86FC56-7BEC-4644-82D7-7FF35A5E036B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{32F10327-82D6-4D35-A82F-F988B8DC419B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{3624FADD-5C23-4179-BF15-B51834583C4F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe |
"{3B09F957-ED88-44F1-AC61-F1A2823B1569}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{45724485-C2AC-4434-A9AB-ADD119CCD9FF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{48422429-D1D4-4D77-8FF8-6ACFBF8BDE2F}" = dir=in | app=c:\program files\freefileviewer\ffvcheckforupdates.exe |
"{48A77E2F-0F01-4B98-9E69-015EEDCDF9E1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{5043FBA5-B467-45E2-895E-F2B007277C24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe |
"{70E00007-EA56-4CD1-BEA0-54D9A2CC2609}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe |
"{7C936E19-B71D-4031-9221-FA519DF62C24}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{7DADC230-10E8-4723-9653-90F7D3E9F90E}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe |
"{8099468D-076D-4890-9103-C0F4B02F83A0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{8368B6AF-CEC9-4BC9-81E4-8BF91E702D7E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{83EBEB25-01CD-47A3-95A7-8D074E83A0D9}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{8D52BABD-704B-4DA4-ABA7-84C53D6B8D72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99DD6130-F0D2-44DF-98D2-DE47CDD0F6CA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{AD9477DE-6A1C-4DAE-B90F-BC591AFB4E58}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C7435E2C-A80C-4DB4-AE04-3F800EFE3DB4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe |
"{C98786AC-2064-4067-81CC-FC79A5225CDC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe |
"{CF2F9940-C5DB-451D-B687-635F77E71D2D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D4B66CAD-5B72-4AEE-BDC9-6EC5C8B996AD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{2085E205-4E1D-4CC8-9EFB-FDD02B052679}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{967AB278-E57B-44B8-87BF-C712CDAA98BD}C:\users\reichow\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\reichow\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{9869A5F3-4A8B-4034-8C40-99E8B8F5005F}C:\program files\real\realplayer\recordingmanager.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"TCP Query User{FD60C4EF-FEB7-4DD7-9728-1544208CA0D2}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{5B184F8E-A4D7-42DA-803B-EE46D0024628}C:\users\reichow\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\reichow\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{78E01BF4-2A86-4140-B401-8692EA085DD7}C:\program files\real\realplayer\recordingmanager.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\recordingmanager.exe |
"UDP Query User{A11276E7-CA68-4566-B848-BE1D37E0BA3C}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{F49161D2-0249-4804-A31F-EDA38C424B7F}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15E9F68F-3D8A-9281-B6BF-F6D610D8839E}" = Catalyst Control Center Graphics Previews Vista
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40A55E23-B9B4-E627-2112-384E95C47F84}" = ccc-utility
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{59FF69C1-8711-4961-F7B9-E5B92550F881}" = CCC Help English
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5D277F84-ED91-614E-9119-A64CE088972D}" = Catalyst Control Center Graphics Full New
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{699C91CC-B484-3913-C4C4-BF5957910EDC}" = ccc-core-static
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{948CCDD3-3C8D-A6A7-B406-A56D8C005FA9}" = Skins
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{956F3605-8739-5130-BAFA-F1AF028118A2}" = Catalyst Control Center InstallProxy
"{99537FD9-8DC9-40E9-5381-7E27511AE004}" = Catalyst Control Center Graphics Full Existing
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A73FEB3E-22A7-4507-D8EC-119EE98824B9}" = DAF Desk
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.6 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8428EB4-F84C-9BA0-6E4D-DF9858D8802D}" = Catalyst Control Center Graphics Light
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C6CA467B-13F3-CC4A-3489-463D2EE28172}" = Catalyst Control Center Core Implementation
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E73E0ECF-080F-8E71-C413-0961332D47A0}" = ATI Catalyst Install Manager
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7F58620-9837-DAE7-1B96-61EC7EA0495B}" = Catalyst Control Center Localization German
"{F8E38EFB-8897-0996-F7C7-97FF0F25609B}" = CCC Help German
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"de.anleger-fernsehen.dafdesk.C1051E74B3FAE4202E494B14ADD69FC8A349CD49.1" = DAF Desk
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Final Video Downloader FileBulldog Toolbar" = Final Video Downloader FileBulldog Toolbar
"FreeFileViewer_is1" = Free File Viewer 2011
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Opera 11.61.1250" = Opera 11.61
"Picasa 3" = Picasa 3
"PROR" = Microsoft Office Professional 2007-Testversion
"Quick Search Box" = Google-Schnellsuchfeld
"RealPlayer 12.0" = RealPlayer
"Trusted Software Assistant_is1" = File Type Assistant
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.03.2012 02:52:10 | Computer Name = StefanReichow | Source = Avira AntiVir | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion <Scan> für die Datei C:\Users\Reichow\AppData\Local\Google\Chrome\User
Data\Default\Cache\f_001df4. [ACCESS_VIOLATION Exception!! EIP = 0x15d3972] Bitte
Avira informieren und die obige Datei übersenden!
Error - 12.03.2012 05:52:27 | Computer Name = StefanReichow | Source = WinMgmt | ID = 10
Description =
Error - 12.03.2012 11:55:31 | Computer Name = StefanReichow | Source = WinMgmt | ID = 10
Description =
Error - 12.03.2012 12:02:39 | Computer Name = StefanReichow | Source = Windows Search Service | ID = 3013
Description =
Error - 12.03.2012 12:02:39 | Computer Name = StefanReichow | Source = Windows Search Service | ID = 3013
Description =
Error - 12.03.2012 12:02:39 | Computer Name = StefanReichow | Source = Windows Search Service | ID = 3013
Description =
Error - 12.03.2012 12:02:39 | Computer Name = StefanReichow | Source = Windows Search Service | ID = 3013
Description =
Error - 12.03.2012 13:28:05 | Computer Name = StefanReichow | Source = WinMgmt | ID = 10
Description =
Error - 12.03.2012 14:51:35 | Computer Name = StefanReichow | Source = WinMgmt | ID = 10
Description =
Error - 12.03.2012 16:02:46 | Computer Name = StefanReichow | Source = WinMgmt | ID = 10
Description =
[ OSession Events ]
Error - 31.07.2009 04:27:47 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 57369
seconds with 480 seconds of active time. This session ended with a crash.
Error - 10.09.2009 04:04:01 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12
seconds with 0 seconds of active time. This session ended with a crash.
Error - 09.10.2009 04:21:48 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 172643
seconds with 7080 seconds of active time. This session ended with a crash.
Error - 06.11.2009 04:16:04 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 676
seconds with 180 seconds of active time. This session ended with a crash.
Error - 06.11.2009 10:55:45 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 17094
seconds with 120 seconds of active time. This session ended with a crash.
Error - 23.11.2009 13:56:55 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 245
seconds with 0 seconds of active time. This session ended with a crash.
Error - 24.11.2009 05:13:39 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
seconds with 0 seconds of active time. This session ended with a crash.
Error - 27.11.2009 15:44:48 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 126397
seconds with 2280 seconds of active time. This session ended with a crash.
Error - 03.12.2009 07:15:59 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 840
seconds with 60 seconds of active time. This session ended with a crash.
Error - 20.02.2011 19:34:57 | Computer Name = StefanReichow | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6550.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2050
seconds with 300 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 21.03.2012 22:13:24 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7000
Description =
Error - 21.03.2012 22:13:24 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7009
Description =
Error - 21.03.2012 22:13:24 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7000
Description =
Error - 21.03.2012 22:45:27 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7022
Description =
Error - 22.03.2012 02:43:03 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7011
Description =
Error - 22.03.2012 05:24:36 | Computer Name = StefanReichow | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 22.03.2012 um 10:17:20 unerwartet heruntergefahren.
Error - 22.03.2012 05:26:31 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7022
Description =
Error - 22.03.2012 05:29:10 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7009
Description =
Error - 22.03.2012 05:29:43 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7009
Description =
Error - 22.03.2012 05:29:43 | Computer Name = StefanReichow | Source = Service Control Manager | ID = 7000
Description =
< End of report >
Bitte nur #25 OTl.Txt und #26 Extras.Txt beachten, mehrfacher Eingabefehler. |
|
22.03.2012, 13:00
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W3i.IQ5.fraud, PC stürzt regelmässig abZitat:
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.03.2012, 14:47
| #25 |
| | W3i.IQ5.fraud, PC stürzt regelmässig ab Keine Kinofilme oder Serien, nur sehr selten über die TV-Sender homepages. Nach über eintägig stabilem PC-Betrieb mit Opera und IE/-Browsern soeben zwei Abstürze in kurzer Zeit bei Nutzung von Mozilla. Wie kann ich die Malware und Schadprogramme loswerden und wieder einen stabilen PC kriegen? |
|
22.03.2012, 15:40
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W3i.IQ5.fraud, PC stürzt regelmässig ab Wie gesagt einfach mal diesen Mist sein lassen. Deinstalliere am besten alle Plugns und Webplayer, für sowas wie Youtube braucht man das eh nicht. Mach danach wieder ein neues OTL-Log.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2012, 15:56
| #27 |
| | W3i.IQ5.fraud, PC stürzt regelmässig ab Java brauche ich beruflich, sind aber mehrere Versionen m.E., welche anderen Programme sollte ich wie genau bitte löschen? Über Programme mit Klick auf die Windows Taste und nach Deinstallieren Apllikation suchen oder anders? FileViewer deinsatalliert, auch DivX, einige Videos abgespielt und gespeichert damit, macht es den PC instabil? Kann ich HP deinstallieren, bei Restart springen immer 5-6 Windows auf, macht System lansamer vermutlich, für den HP Officejet, sehr selten in Gebrauch, vermutlich über CD wieder bei Bedarf zu installieren? Suche über Windows-Taste und Alle Programme die vermuteten, linke Maustaste und auf deinstallieren. Nero ist nicht mehr lizensiert, springt bei jedem Neustart auf, lösche ich sicher am besten auch? |
|
22.03.2012, 16:20
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W3i.IQ5.fraud, PC stürzt regelmässig ab Ja kann alles runter Was zum Geier brauchst du da beruflich? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.03.2012, 16:35
| #29 |
| | W3i.IQ5.fraud, PC stürzt regelmässig ab Die Java-Applikation für Banking-Software, Orderbuch-Level II-Anzeige |
|
23.03.2012, 20:26
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | W3i.IQ5.fraud, PC stürzt regelmässig ab Und was soll das mit DivX zu tun haben?  Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bigseekpro.com/finalvdfilebulldog/{9B722CA1-83E0-4FFB-8904-CE6FC9C2825C}
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-18\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.goingpublic.de/
IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\URLSearchHook: {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Programme\Final Video Downloader FileBulldog Toolbar\tbhelper.dll ()
IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.de/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB_de
IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rlz=1I7MEDB_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=_stINRqRlHu36v59ZTe7snr8m7s?q={searchTerms}
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "http://www.goingpublic.de/vorschau/ipocountdown/ipocountdown.hbs"
FF - prefs.js..extensions.enabledItems: downloader@finalvideotools.com:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "http://www.bigseekpro.com/search/toolbar/finalvdfilebulldog/{9B722CA1-83E0-4FFB-8904-CE6FC9C2825C}?q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..somoto.old_dnscatch: "data:text/plain,keyword.URL=http://www.google.com/search?ie=UTF-8&oe=UTF-8&gfns=1&sourceid=navclient&rls=com.google:de:official&q="
FF - prefs.js..browser.startup.homepage: "data:text/plain,browser.startup.homepage=http://de.google.mozilla.com/firefox?client=firefox-a&rls=com.google:de:official"
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2010.04.27 18:34:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Reichow\AppData\Roaming\mozilla\Firefox\Profiles\qntj13og.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.11 06:59:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Reichow\AppData\Roaming\mozilla\Firefox\Profiles\qntj13og.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011.02.19 12:35:58 | 000,000,000 | ---D | M] (Final Video Downloader FileBulldog Toolbar) -- C:\Users\Reichow\AppData\Roaming\mozilla\Firefox\Profiles\qntj13og.default\extensions\{75656794-AB59-4712-BFBC-5D816D56F3BC}
[2011.02.24 02:22:51 | 000,002,394 | ---- | M] () -- C:\Users\Reichow\AppData\Roaming\Mozilla\Firefox\Profiles\qntj13og.default\searchplugins\search.xml
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Programme\Final Video Downloader FileBulldog Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Final Video Downloader FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Final Video Downloader FileBulldog Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-3658888087-4266470633-1359848893-1000\..\Toolbar\WebBrowser: (Final Video Downloader FileBulldog Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Programme\Final Video Downloader FileBulldog Toolbar\tbcore3.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.02.08 00:29:21 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Uniblue
[2010.10.27 19:35:56 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\vghd
[2010.08.03 16:52:48 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Viqeny
[2010.08.03 16:46:42 | 000,000,000 | ---D | M] -- C:\Users\Reichow\AppData\Roaming\Alxyw
:Commands
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu W3i.IQ5.fraud, PC stürzt regelmässig ab |
| antivir, antivirus, avira, bho, bildschirm, browser, computer, desktop, dllhost.exe, dnsapi.dll, downloader, entfernen, error, erweiterungen, failed, firefox, google, lanmanworkstation, mozilla, object, picasa, plug-in, presentationhost.exe, realtek, registry, registry key, required, rootkit, safer networking, software, system, tunnel, viren, vista, w3i.iq5.fraud, zugriff verweigert |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
