|
Log-Analyse und Auswertung: explorer.exe stürzt ständig abWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
15.09.2010, 23:01 | #1 |
| explorer.exe stürzt ständig ab Hallo Weiß nicht ob Ich jetzt ein Virus habe oder ob es an den 64 Bit Tücken liegt^^. Denn bei mir stürzt ständig der explorer ab. G-data und Malwarbytes finden nichts. Habe mal Hijackscan drüber laufen lassen dazu hier mal der logfile. Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:00:54, on 15.09.2010 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18943) Boot mode: Normal Running processes: C:\Program Files (x86)\MagicTune Premium\GammaTray.exe C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\****\Downloads\Neuer Ordner\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.msn.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O1 - Hosts: ::1 localhost O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file) O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file) O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe --background O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST') O4 - Global Startup: GammaTray.exe.lnk = ? O4 - Global Startup: NCProTray.lnk = ? O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing) O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MagicTuneEngine - Unknown owner - (no file) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 8836 bytes |
16.09.2010, 08:37 | #2 |
| explorer.exe stürzt ständig ab Hi,
__________________wann stürzt der Explorer ab, wenn Du in ein Verzeichnis mit Mediendateien reingehst? Cureit: http://www.trojaner-board.de/59299-a...eb-cureit.html Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log. Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn. Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet. OTL Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
chris
__________________ |
16.09.2010, 15:36 | #3 |
| explorer.exe stürzt ständig ab Hallo
__________________Danke schon mal in voraus für deine Hilfe. Am meisten stürzt der explorer ab wenn ich im Internet bin. Habe hier erst mal den OTL logfile bin gestern nicht mehr dazu gekommen den hoch zu laden den scann von Drweb reiche ich noch nach sobald ich den durch habe OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 15.09.2010 23:14:33 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\******\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 724,78 Gb Total Space | 360,33 Gb Free Space | 49,72% Space Free | Partition Type: NTFS Drive D: | 206,73 Gb Total Space | 198,97 Gb Free Space | 96,25% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ******** Current User Name: ****** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\******\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision ) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () PRC - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung) PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe () ========== Modules (SafeList) ========== MOD - C:\Users\******\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (InstallShield Licensing Service) -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision ) SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\DRIVERS\gdwfpcd64.sys (G DATA Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys () DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://***.msn.de/ IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B AB 64 58 A7 AA CA 01 [binary data] IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "***.web.de" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.15 00:47:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.09 12:52:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.09 12:00:52 | 000,000,000 | ---D | M] [2009.09.11 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2010.09.15 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions [2010.04.27 10:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.12 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\personas@christopher.beard [2010.09.15 22:47:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.06 18:27:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.04.20 01:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.17 12:32:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.12 17:54:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.02.12 14:45:03 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2010.03.12 17:54:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.12 17:54:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.12 17:54:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.12 17:54:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.15 22:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.09.15 22:31:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.15 22:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.09.15 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\MFTools [2010.09.15 22:10:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL [2010.09.15 22:10:53 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL [2010.09.15 22:10:39 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2010.09.13 22:57:54 | 000,000,000 | ---D | C] -- C:\b0a675dbe8de819280 [2010.09.13 22:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2010.09.13 22:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2010.09.13 22:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll [2010.09.13 22:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll [2010.09.13 22:55:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll [2010.09.13 22:55:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll [2010.09.13 22:55:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll [2010.09.13 22:55:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll [2010.09.13 22:55:10 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll [2010.09.13 22:55:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll [2010.09.13 22:55:09 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe [2010.09.13 22:55:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe [2010.09.13 22:55:08 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe [2010.09.13 22:55:05 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll [2010.09.13 22:55:05 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe [2010.09.13 22:55:05 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll [2010.09.13 22:55:05 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll [2010.09.13 22:55:05 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe [2010.09.13 22:55:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll [2010.09.13 22:55:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll [2010.09.13 22:55:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll [2010.09.13 22:55:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe [2010.09.13 22:55:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe [2010.09.13 22:55:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe [2010.09.13 22:54:59 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll [2010.09.13 22:54:59 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll [2010.09.13 22:54:59 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe [2010.09.13 22:54:59 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll [2010.09.13 22:54:59 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll [2010.09.13 22:54:59 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll [2010.09.13 22:54:59 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll [2010.09.13 22:54:58 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll [2010.09.13 22:54:58 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll [2010.09.13 22:54:58 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe [2010.08.17 12:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.17 12:32:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.08.17 12:32:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.08.17 12:32:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.15 23:25:21 | 003,670,016 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT [2010.09.15 22:46:26 | 000,000,846 | ---- | M] () -- C:\Users\****\Desktop\CCleaner.lnk [2010.09.15 22:42:57 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.15 22:42:57 | 000,633,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.15 22:42:57 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.15 22:42:57 | 000,128,784 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.15 22:42:57 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.09.15 22:36:51 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.15 22:36:50 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.15 22:36:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.15 22:36:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.15 22:36:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.15 22:36:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.15 22:35:27 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010.09.15 22:35:27 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010.09.15 22:35:14 | 003,721,260 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2010.09.15 22:31:48 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.14 02:47:19 | 000,097,280 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.13 23:03:40 | 001,476,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.01 12:46:17 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.24 23:57:32 | 000,000,000 | -H-- | M] () -- C:\Users\******\Documents\Default.rdp [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.15 22:46:26 | 000,000,846 | ---- | C] () -- C:\Users\*****\Desktop\CCleaner.lnk [2010.09.15 22:31:48 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 23:03:40 | 001,476,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2010.08.24 23:57:32 | 000,000,000 | -H-- | C] () -- C:\Users\*****\Documents\Default.rdp [2010.06.06 18:30:24 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll [2010.04.28 22:13:06 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.04.28 22:12:09 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.15 21:32:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.04.15 01:16:56 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.27 16:13:06 | 000,437,258 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI059F.txt [2010.02.27 16:13:06 | 000,011,458 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI059F.txt [2010.01.05 17:49:28 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini [2009.12.21 01:35:39 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat [2009.12.03 12:16:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.12.03 12:15:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.10 15:19:37 | 000,097,280 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.10 13:33:15 | 000,521,458 | ---- | C] () -- C:\Users\****\AppData\Local\dd_ATL80SP1_KB973923MSI28A8.txt [2009.09.10 13:33:14 | 000,012,532 | ---- | C] () -- C:\Users\****\AppData\Local\dd_ATL80SP1_KB973923UI28A8.txt [2009.09.10 13:18:09 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys [2009.09.10 10:27:27 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== LOP Check ========== [2010.03.03 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\autobingooo [2010.05.25 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint [2010.04.23 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\digital publishing [2010.06.06 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor [2010.01.31 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FlightSimTools.com [2010.07.18 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2009.11.28 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JavaEditor [2010.04.23 11:19:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDisc [2010.06.06 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client [2010.09.15 22:35:18 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > und hier der zweite OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 15.09.2010 23:14:33 - Run 1 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\***\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 724,78 Gb Total Space | 360,33 Gb Free Space | 49,72% Space Free | Partition Type: NTFS Drive D: | 206,73 Gb Total Space | 198,97 Gb Free Space | 96,25% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: *** Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* File not found cmdfile [open] -- "%1" %* File not found comfile [open] -- "%1" %* File not found exefile [open] -- "%1" %* File not found helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* File not found regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" File not found scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S File not found txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = 9F 9E 16 8C DC 5B C8 01 [binary data] "VistaSp2" = 0D 47 15 09 05 74 CA 01 [binary data] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "oobe_av" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 0 "DisableNotifications" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{21B1222F-78BE-4A10-8278-F162B5943C5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{D240B2D9-F1A3-4F89-AB22-E675ADFA18FC}" = lport=2869 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{096AFD61-4C71-4A64-A0A9-96ED0CE0A420}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{15C2CD0E-7526-46C8-A71F-573182C35AFC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | "{15E4FE9B-807E-4DB7-B7C5-6D4B9FC832EA}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | "{1B3FFE10-5F99-4C1E-AB30-567940F31DB6}" = dir=in | app=c:\program files (x86)\homecinema\powerdirector\pdr.exe | "{27755509-1A84-489E-BBD8-813103324356}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{3C48E1C9-1A24-4DB9-8662-6B740FDF79AA}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | "{7545D561-B4DA-4F5F-A7FB-EF48195ADB50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{7840D3F5-79F8-4B2B-A42E-797BCB26787A}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "{7C8682A8-BC37-4D64-8FD1-CE51EB0BE07D}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe | "{9675EA91-5277-42BA-A701-99E6281C72D8}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe | "{967B40E4-10A4-4414-8CE2-F3FDAD2EACEF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{FEA88F10-27A5-4C24-950B-11989AE48880}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | "TCP Query User{07313A72-2058-4E66-94FC-1658F44707EA}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | "TCP Query User{632666DE-6C49-4118-8B89-31037170233E}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | "UDP Query User{2950F5E8-8DF9-4ACC-871A-471E607E03C6}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | "UDP Query User{D5EDCEA8-68C8-4577-9F07-E302D513D5B6}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300" = Canon iP5300 "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64) "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "TeamSpeak 3 Client" = TeamSpeak 3 Client "WinRAR archiver" = WinRAR [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{2184E36F-BE0B-45C5-BA9B-63B8A2EAE106}" = Microsoft Flight Simulator X "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{42F1C44A-1BCE-4373-B134-3B1E172EA393}" = Microsoft Flight Simulator X "{45A3EACA-F0CA-4533-A560-7D4E89635B82}" = Boeing Stratoliner for FSX "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4DBF727E-DADA-4AA3-A527-F21D035666B4}" = Vickers Vernon II for FSX "{55A83A82-54E6-4E73-A9BE-534C188A6754}" = Armstrong Whitworth Ensign for FSX "{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter "{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{619289AF-D736-4292-A4BD-E406E302CE1C}" = Addon Converter X "{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK "{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1 "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium "{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{94015C3E-CF62-478F-ABC2-CCF29D4A5D4D}" = Douglas C-124 Globemaster II for FSX "{A023A62C-D0A6-40D7-87EB-4C24255C28C8}" = Vickers Vimy Commercial for FSX "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable "{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4 "{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{BB2158B2-6A0A-4159-B373-4D8768C80170}" = Microsoft Flight Simulator X "{C2C601B7-F00A-4C29-AE97-9B6254B548BA}" = Microsoft Flight Simulator X "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity "{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0 "{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "{FBAA269E-A2B3-474D-B889-308EAA9AF33B}" = Douglas DC-6 for FSX "{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro "{FD523531-7EA3-4F11-948C-C5F4B734FDB2}" = FSX Bonus Multiplayer Racing Missions "{FE7160F6-45DC-44E0-BC90-ED37FD16D494}" = Bristol Britannia for FSX "7-Zip" = 7-Zip 9.07 beta "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall "ArmA2" = ArmA2 Uninstall "AstrumNival Allods" = Allods Online 1700 "CCleaner" = CCleaner "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "DivX Setup.divx.com" = DivX-Setup "Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint "FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration "FLV Player" = FLV Player 2.0 (build 25) "Guild Wars" = GUILD WARS "HijackThis" = HijackThis 2.0.2 "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "MediaNavigation.CDLabelPrint" = CD-LabelPrint "Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9) "PokerStars.net" = PokerStars.net "RealPlayer 12.0" = RealPlayer "RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X "SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1 "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2 "VLC media player" = VLC media player 1.0.1 "WinGimp-2.0_is1" = GIMP 2.6.10 "WinLiveSuite_Wave3" = Windows Live Essentials ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "DLR Airbus A320-232" = DLR Airbus A320-232 "Move Media Player" = Move Media Player ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 14.09.2010 07:33:20 | Computer Name = ***** | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 14.09.2010 07:33:20 | Computer Name = ***** | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 14.09.2010 07:34:37 | Computer Name = ******* | Source = WinMgmt | ID = 10 Description = Error - 14.09.2010 13:22:30 | Computer Name = ********* | Source = WinMgmt | ID = 10 Description = Error - 15.09.2010 04:04:03 | Computer Name = ********* | Source = WinMgmt | ID = 10 Description = Error - 15.09.2010 16:02:51 | Computer Name = ****** | Source = WinMgmt | ID = 10 Description = Error - 15.09.2010 16:24:40 | Computer Name = ***** | Source = WinMgmt | ID = 10 Description = Error - 15.09.2010 16:36:46 | Computer Name = **** | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest. Error - 15.09.2010 16:36:47 | Computer Name = ****** | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 15.09.2010 16:37:57 | Computer Name = ***** | Source = WinMgmt | ID = 10 Description = [ System Events ] Error - 15.09.2010 04:04:03 | Computer Name = ***** | Source = Service Control Manager | ID = 7026 Description = Error - 15.09.2010 16:01:17 | Computer Name = ***** | Source = Microsoft-Windows-ResourcePublication | ID = 1002 Description = Error - 15.09.2010 16:02:51 | Computer Name = **** | Source = Service Control Manager | ID = 7026 Description = Error - 15.09.2010 16:11:53 | Computer Name = **** | Source = Service Control Manager | ID = 7009 Description = Error - 15.09.2010 16:11:53 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 15.09.2010 16:11:54 | Computer Name = ***** | Source = DCOM | ID = 10005 Description = Error - 15.09.2010 16:11:54 | Computer Name = *** | Source = Service Control Manager | ID = 7009 Description = Error - 15.09.2010 16:11:54 | Computer Name = *** | Source = Service Control Manager | ID = 7000 Description = Error - 15.09.2010 16:24:40 | Computer Name = **** | Source = Service Control Manager | ID = 7026 Description = Error - 15.09.2010 16:37:58 | Computer Name = **** | Source = Service Control Manager | ID = 7026 Description = < End of report > |
16.09.2010, 18:41 | #4 |
| explorer.exe stürzt ständig ab Hi, ins Auge fällt mir erstmal nichts... Poste noch das Log von Cureit... Einige CLS-Ids... Bitte folgende Files prüfen: Dateien Online überprüfen lassen:
Code:
ATTFilter C:\Windows\explorer.exe C:\Windows\SysWow64\explorer.exe
Fix für OTL:
Code:
ATTFilter :OTL O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. :Commands [emptytemp] [Reboot]
Tiefer graben mit OTL:
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys mv61xx.sys /md5stop c:\windows\system32\drivers\*.sys /lockedfiles c:\windows\system32\*.dll /lockedfiles %systemroot%\*. /mp /s %PROGRAMFILES%\*. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs CREATERESTOREPOINT
chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
16.09.2010, 23:17 | #5 |
| explorer.exe stürzt ständig ab Hi, So habe mal Dr. Web drüber laufen lassen einmal die kurze Fassung und einmal die lange. Was Infiziertes hat er nicht gefunden allerdings hat er die Hosts-Datei in die Quarantäne verschoben weil die modifiziert wurde weiß nicht ob dies was zu sagen hat. Die logfile ist 17 mb groß daher werde ich sie nicht hochladen. dann als nächstes die beiden explorer Dateien C:\Windows\SysWow64\explorer.exe (Sorry für die unschöne Zusammenstellung^^) Code:
ATTFilter Antivirus Version Last Update Result AhnLab-V3 2010.09.17.00 2010.09.16 - AntiVir 8.2.4.52 2010.09.16 - Antiy-AVL 2.0.3.7 2010.09.16 - Authentium 5.2.0.5 2010.09.16 - Avast 4.8.1351.0 2010.09.16 - Avast5 5.0.594.0 2010.09.16 - AVG 9.0.0.851 2010.09.16 - BitDefender 7.2 2010.09.16 - CAT-QuickHeal 11.00 2010.09.16 - ClamAV 0.96.2.0-git 2010.09.16 - Comodo 6101 2010.09.16 - DrWeb 5.0.2.03300 2010.09.16 - Emsisoft 5.0.0.37 2010.09.16 - eSafe 7.0.17.0 2010.09.15 - eTrust-Vet 36.1.7860 2010.09.16 - F-Prot 4.6.1.107 2010.09.16 - F-Secure 9.0.15370.0 2010.09.16 - Fortinet 4.1.143.0 2010.09.16 - GData 21 2010.09.16 - Ikarus T3.1.1.88.0 2010.09.16 - Jiangmin 13.0.900 2010.09.16 - K7AntiVirus 9.63.2533 2010.09.16 - Kaspersky 7.0.0.125 2010.09.16 - McAfee 5.400.0.1158 2010.09.16 - McAfee-GW-Edition 2010.1C 2010.09.16 - Microsoft 1.6103 2010.09.16 - NOD32 5456 2010.09.16 - Norman 6.06.06 2010.09.16 - nProtect 2010-09-16.02 2010.09.16 - Panda 10.0.2.7 2010.09.16 - PCTools 7.0.3.5 2010.09.16 - Prevx 3.0 2010.09.16 - Rising 22.65.03.04 2010.09.16 - Sophos 4.57.0 2010.09.16 - Sunbelt 6884 2010.09.16 - SUPERAntiSpyware 4.40.0.1006 2010.09.16 - Symantec 20101.1.1.7 2010.09.16 - TheHacker 6.7.0.0.020 2010.09.16 - TrendMicro 9.120.0.1004 2010.09.16 - TrendMicro-HouseCall 9.120.0.1004 2010.09.16 - VBA32 3.12.14.0 2010.09.16 - ViRobot 2010.8.25.4006 2010.09.16 - VirusBuster 12.65.10.0 2010.09.16 - MD5 : d07d4c3038f3578ffce1c0237f2a1253 SHA1 : 4b3bd605b63749ff255e048ca6f27aff95aec24a SHA256:135dd05678c8997b45982d77298dbdd98061c9d4fe43d77866846012eb061a04 ssdeep: 24576:5d8uxOc/QpDk5pGYCW5uXSA7jTeFadRsxFb/g/J/ulZl:TOcLC8A7/eFwY3l/ File size : 2926592 bytes First seen: 2009-05-24 18:27:11 Last seen : 2010-09-16 21:23:01 TrID: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Windows Explorer original name: EXPLORER.EXE internal name: explorer file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Code:
ATTFilter MD5 : 6b08e54a451b3f95e4109dba7e594270 SHA1 : 4a4ffbeb8c559f25b2ff7fdaa63c021610f8fa52 SHA256: 0419e4100c3b4ad1831fbf9249173cf32c8209c71b7101674b239a0a47c30e42 ssdeep: 24576:J7uIrM5dLy0oH2N1JwBpGYCW5uXSA7jTeFadRsxFb/g/J/ulZ:JuIrMTLyVw1JwrLC8A7 /eFwY3l File size : 3079168 bytes First seen: 2009-05-10 20:06:31 Last seen : 2010-09-16 21:52:37 TrID: Win64 Executable Generic (95.5%) Generic Win/DOS Executable (2.2%) DOS Executable Generic (2.2%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: Microsoft Corporation copyright....: (c) Microsoft Corporation. All rights reserved. product......: Microsoft_ Windows_ Operating System description..: Windows Explorer original name: EXPLORER.EXE internal name: explorer file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830) comments.....: n/a signers......: - signing date.: - verified.....: Unsigned So dann als nächstes den OTL Fix und den erweiterten ORL scann allerdings weiß ich nicht ob der so geklappt hat wie er soll dar er diesmal nur eine Datei erstellt hat. Code:
ATTFilter All processes killed ========== OTL ========== ::1 localhost removed from HOSTS file successfully Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. Registry value HKEY_USERS\S-1-5-21-3710354763-2675476858-1227895641-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: **** ->Temp folder emptied: 530313 bytes ->Temporary Internet Files folder emptied: 338461 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 42864604 bytes ->Flash cache emptied: 3193 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 525536 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 42,00 mb OTL by OldTimer - Version 3.2.12.1 log created on 09162010_212624 Files\Folders moved on Reboot... File\Folder C:\Windows\temp\TMP0000004949C6F9BA9F373F7D not found! Registry entries deleted on Reboot... Code:
ATTFilter OTL logfile created on: 16.09.2010 21:37:35 - Run 2 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\****\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 724,78 Gb Total Space | 389,64 Gb Free Space | 53,76% Space Free | Partition Type: NTFS Drive D: | 206,73 Gb Total Space | 198,97 Gb Free Space | 96,25% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: **** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision ) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () PRC - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung) PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe () ========== Modules (SafeList) ========== MOD - C:\Users\****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (InstallShield Licensing Service) -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision ) SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\DRIVERS\gdwfpcd64.sys (G DATA Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys () DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h***p://www.msn.de/ IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h***p://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B AB 64 58 A7 AA CA 01 [binary data] IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "h**p://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "w**.web.de" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.15 00:47:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.09 12:52:45 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.09 12:00:52 | 000,000,000 | ---D | M] [2009.09.11 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Extensions [2010.09.15 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions [2010.04.27 10:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.12 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\personas@christopher.beard [2010.09.15 22:47:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.06 18:27:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.04.20 01:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.17 12:32:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.12 17:54:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.02.12 14:45:03 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2010.03.12 17:54:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.12 17:54:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.12 17:54:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.12 17:54:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.16 21:26:25 | 000,001,446 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme (x86)\Microsoft Office\Office12\ONENOTEM.EXE - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: ISW - hkey= - key= - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vsmon - Service SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {32782297-F0C6-D5D1-DE7E-77985353E7DD} - Java (Sun) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.09.16 21:26:24 | 000,000,000 | ---D | C] -- C:\_OTL [2010.09.16 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\DoctorWeb [2010.09.15 22:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner [2010.09.15 22:31:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.15 22:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.09.15 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools [2010.09.13 22:57:54 | 000,000,000 | ---D | C] -- C:\b0a675dbe8de819280 [2010.09.13 22:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2010.09.13 22:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2010.08.17 12:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.01 00:59:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ArmA 2 OA [2010.07.31 23:18:39 | 000,000,000 | ---D | C] -- C:\Programme\Bohemia Interactive [2010.07.18 15:50:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.07.18 15:50:48 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails [2010.07.18 15:49:34 | 000,000,000 | ---D | C] -- C:\Users\Rene1988\.gimp-2.6 [2010.07.18 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0 [2010.07.09 18:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic [2010.06.29 12:13:48 | 000,000,000 | ---D | C] -- C:\coolspot AG [2010.06.26 14:56:25 | 000,000,000 | ---D | C] -- C:\2697e6b62259a8878c2045e8ce808a [2010.06.24 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.09.16 21:50:22 | 003,670,016 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2010.09.16 21:32:29 | 000,633,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.16 21:32:29 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.16 21:32:29 | 000,128,784 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.16 21:32:29 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.09.16 21:32:28 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.16 21:28:01 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.16 21:28:00 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.16 21:27:41 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.16 21:27:40 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.16 21:27:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.16 21:27:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.16 21:26:48 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010.09.16 21:26:48 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010.09.16 21:26:41 | 001,947,723 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db [2010.09.16 21:00:56 | 000,001,460 | ---- | M] () -- C:\Users\*\AppData\Local\d3d9caps64.dat [2010.09.16 01:03:08 | 000,100,864 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.15 22:46:26 | 000,000,846 | ---- | M] () -- C:\Users\**\Desktop\CCleaner.lnk [2010.09.15 22:31:48 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 23:03:40 | 001,476,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.01 12:46:17 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.24 23:57:32 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2010.08.12 12:17:32 | 000,282,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.04 22:57:45 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2010.08.01 00:51:21 | 000,000,995 | ---- | M] () -- C:\Users\**\Desktop\ARMA 2 Combined Operations.lnk [2010.07.31 23:55:07 | 000,000,961 | ---- | M] () -- C:\Users\***\Desktop\ARMA II starten.lnk [2010.07.18 19:14:43 | 000,002,126 | ---- | M] () -- C:\Users\**\.recently-used.xbel [2010.07.18 15:49:18 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010.07.11 10:53:32 | 000,001,421 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.07.11 10:53:12 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.09 22:28:06 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.07.09 18:24:04 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk [2010.07.06 21:41:53 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\Allods Online.lnk [2010.06.28 01:49:46 | 000,001,007 | ---- | M] () -- C:\Users\***\Desktop\Content.IE5 - Verknüpfung.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.15 22:46:26 | 000,000,846 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010.09.15 22:31:48 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 23:03:40 | 001,476,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2010.08.24 23:57:32 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2010.08.01 00:51:21 | 000,000,995 | ---- | C] () -- C:\Users\***\Desktop\ARMA 2 Combined Operations.lnk [2010.07.31 23:55:07 | 000,000,961 | ---- | C] () -- C:\Users\***\Desktop\ARMA II starten.lnk [2010.07.18 19:14:43 | 000,002,126 | ---- | C] () -- C:\Users\**\.recently-used.xbel [2010.07.18 15:49:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010.07.09 18:24:04 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk [2010.07.06 21:41:53 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Allods Online.lnk [2010.06.28 01:49:46 | 000,001,007 | ---- | C] () -- C:\Users\****\Desktop\Content.IE5 - Verknüpfung.lnk [2010.06.06 18:30:24 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll [2010.04.28 22:13:06 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.04.28 22:12:09 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.15 21:32:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.04.15 01:16:56 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.27 16:13:06 | 000,437,258 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI059F.txt [2010.02.27 16:13:06 | 000,011,458 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI059F.txt [2010.01.05 17:49:28 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini [2009.12.21 01:35:39 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat [2009.12.03 12:16:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.12.03 12:15:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.10 15:19:37 | 000,100,864 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.10 13:33:15 | 000,521,458 | ---- | C] () -- C:\Users\***\AppData\Local\dd_ATL80SP1_KB973923MSI28A8.txt [2009.09.10 13:33:14 | 000,012,532 | ---- | C] () -- C:\Users\***\AppData\Local\dd_ATL80SP1_KB973923UI28A8.txt [2009.09.10 13:18:09 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys [2009.09.10 10:27:27 | 000,001,460 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps64.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== LOP Check ========== [2010.03.03 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\autobingooo [2010.05.25 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CheckPoint [2010.04.23 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\digital publishing [2010.06.06 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\eXPert PDF Editor [2010.01.31 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FlightSimTools.com [2010.07.18 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2009.11.28 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JavaEditor [2010.04.23 11:19:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDisc [2010.06.06 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2010.09.16 21:26:44 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < c:\windows\system32\drivers\*.sys /lockedfiles > < c:\windows\system32\*.dll /lockedfiles > < %systemroot%\*. /mp /s > < %PROGRAMFILES%\*. > [2009.10.14 00:37:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip [2010.01.19 13:14:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2009.09.10 11:38:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies [2009.09.10 14:37:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon [2010.09.15 22:46:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner [2009.09.10 14:33:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CD-LabelPrint [2010.08.17 12:32:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2009.09.10 14:52:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink [2010.07.11 10:53:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX [2009.09.10 20:12:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FLV Player [2010.06.06 18:13:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\G DATA [2010.07.18 15:48:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0 [2010.05.19 21:28:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUILD WARS [2009.09.10 14:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HomeCinema [2010.07.09 18:24:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2009.09.10 11:35:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel [2010.08.12 03:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2010.08.17 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2009.09.10 12:45:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MagicTune Premium [2010.09.15 22:31:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.05.27 03:02:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft [2010.08.31 22:56:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games [2009.09.10 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2010.09.08 14:48:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight [2009.09.10 14:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2009.09.10 14:02:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works [2010.09.13 23:31:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2010.09.09 12:00:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2010.01.06 10:56:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0 [2010.01.05 17:46:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero [2010.07.09 18:24:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Panasonic [2009.11.07 13:14:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.NET [2010.04.15 00:46:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real [2009.09.10 11:55:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek [2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2009.09.10 13:17:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SEC [2009.09.10 14:55:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Teamspeak2_RC2 [2009.09.10 12:00:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp [2006.11.02 17:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2009.09.10 20:19:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN [2010.06.06 18:30:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Visagesoft [2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar [2008.01.21 05:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration [2008.01.21 05:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2009.09.10 14:00:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live [2009.09.10 13:59:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive [2010.09.15 22:18:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery [2009.12.04 16:04:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2009.12.03 12:35:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > [/code] |
17.09.2010, 06:54 | #6 |
| explorer.exe stürzt ständig ab Hi, Hmm, meines Wissens sollte das nicht unter 64-Bit laufen (kann daher auch ein "Fehlalarm" sein)... Rootkit/Wurm->IPINIP.SYS, Prevx Dort findest Du auch die beiden anderen Filenamen... Der Fix stoppt die Treiber, deregistriert sie und versucht die Files zu löschen (wenn er sie findet)... Fix für OTL:
Code:
ATTFilter :OTL DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found :Commands [emptytemp] [Reboot]
Windows 7: 1.Die Befehlszeile aufrufen über Start -> Im Suchfeld „cmd“ eingeben Nun nicht Enter drücken sondern folgende Tastenkombination: [Strg]+[Umschalten/Shift]+[Return/Eingabe] Damit wird die Console als Administrator gestartet, was unerlässlich für die Reperatur ist. Alternativ über Rechtsklick auf den Desktop, Neu-Verknüpfung erstellen, Ziel: C:\Windows\System32\cmd.exe Name eingeben, Fertig. Dann Rechtsklick auf die neu erstellte Verknüpfung und "Ausführen als Administrator" auswählen. chris
__________________ --> explorer.exe stürzt ständig ab |
17.09.2010, 10:10 | #7 |
| explorer.exe stürzt ständig ab Hi, So habe das Programm drüber laufen lassen hat aber nichts gefunden. Was soll ich mit der Datei in der Quarantäne machen kann die weg oder war das was Wichtiges? Aber erst mal der OTL Fix Code:
ATTFilter All processes killed ========== OTL ========== Service NwlnkFwd stopped successfully! Service NwlnkFwd deleted successfully! File C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found not found. Service NwlnkFlt stopped successfully! Service NwlnkFlt deleted successfully! File C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found not found. Service IpInIp stopped successfully! Service IpInIp deleted successfully! File C:\Windows\SysNative\DRIVERS\ipinip.sys File not found not found. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: **** ->Temp folder emptied: 14749690 bytes ->Temporary Internet Files folder emptied: 25662637 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 43176749 bytes ->Flash cache emptied: 3980 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1248 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 80,00 mb OTL by OldTimer - Version 3.2.12.1 log created on 09172010_100420 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
18.09.2010, 19:04 | #8 |
| explorer.exe stürzt ständig ab Hi, noch mal den Customscan mit OTL um zu prüfen ob die Treiber weg sind, oder sich das Teil neu registriert hat....
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\*.exe /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys mv61xx.sys /md5stop c:\windows\system32\drivers\*.sys /lockedfiles c:\windows\system32\*.dll /lockedfiles %systemroot%\*. /mp /s %PROGRAMFILES%\*. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs CREATERESTOREPOINT
Danach mach ein Update von CureIT und lasse ihn nochmal laufen und poste das Log (nur die Zeilen die "infiziert" enthalten)... Wie verhält sich der Rechner? chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
18.09.2010, 21:33 | #9 |
| explorer.exe stürzt ständig ab Hi, So habe Dr. Web nochmals rüber laufen lassen was Infiziertes hat er nicht gefunden allerdings hat er wieder diese hosts Datei in die Quarantäne verschieben wollen weil die irgendwie manipuliert ist. C:\Windows\system32\drivers\etc\hosts - Verschieben nicht möglich OTL habe ich auch drüber laufen lassen dazu hier der log. OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.09.2010 20:48:08 - Run 3 OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\****\Downloads 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free 8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 724,78 Gb Total Space | 437,15 Gb Free Space | 60,31% Space Free | Partition Type: NTFS Drive D: | 206,73 Gb Total Space | 198,97 Gb Free Space | 96,25% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: **** Current User Name: ***** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Include 64bit Scans Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\Rene1988\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) PRC - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision ) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe () PRC - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung) PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe () ========== Modules (SafeList) ========== MOD - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG) SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG) SRV - (InstallShield Licensing Service) -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision ) SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG) ========== Driver Services (SafeList) ========== DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software) DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\DRIVERS\gdwfpcd64.sys (G DATA Software AG) DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG) DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG) DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG) DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG) DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof () DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys () DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/ IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B AB 64 58 A7 AA CA 01 [binary data] IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch" FF - prefs.js..browser.search.order.1: "Search the web (Babylon)" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "www.web.de" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.15 00:47:15 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.17 12:47:03 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.17 00:23:37 | 000,000,000 | ---D | M] [2009.09.11 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010.09.18 08:10:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions [2010.04.27 10:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.09.12 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\personas@christopher.beard [2010.09.18 08:10:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.06 18:27:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2010.04.20 01:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.17 12:32:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.03.12 17:54:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.02.12 14:45:03 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2010.03.12 17:54:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.03.12 17:54:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.03.12 17:54:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.03.12 17:54:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.09.16 21:26:25 | 000,001,446 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG) O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.) O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* MsConfig:64bit - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme (x86)\Microsoft Office\Office12\ONENOTEM.EXE - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: ISW - hkey= - key= - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vsmon - Service SafeBootNet:64bit: WudfPf - Driver SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vsmon - Service SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {32782297-F0C6-D5D1-DE7E-77985353E7DD} - Java (Sun) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.09.17 10:06:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Temp [2010.09.16 21:26:24 | 000,000,000 | ---D | C] -- C:\_OTL [2010.09.16 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\****\DoctorWeb [2010.09.15 22:31:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010.09.15 22:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.09.15 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\MFTools [2010.09.13 22:57:54 | 000,000,000 | ---D | C] -- C:\b0a675dbe8de819280 [2010.09.13 22:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell [2010.09.13 22:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell [2010.08.17 12:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.08.01 00:59:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ArmA 2 OA [2010.07.31 23:18:39 | 000,000,000 | ---D | C] -- C:\Programme\Bohemia Interactive [2010.07.18 15:50:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\gtk-2.0 [2010.07.18 15:50:48 | 000,000,000 | ---D | C] -- C:\Users\****\.thumbnails [2010.07.18 15:49:34 | 000,000,000 | ---D | C] -- C:\Users\****\.gimp-2.6 [2010.07.18 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0 [2010.07.09 18:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic [2010.06.29 12:13:48 | 000,000,000 | ---D | C] -- C:\coolspot AG [2010.06.26 14:56:25 | 000,000,000 | ---D | C] -- C:\2697e6b62259a8878c2045e8ce808a [2010.06.24 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.09.18 21:03:19 | 003,670,016 | -HS- | M] () -- C:\Users\****\NTUSER.DAT [2010.09.18 19:17:36 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.18 19:17:36 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.18 15:22:40 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.09.18 15:22:40 | 000,633,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.09.18 15:22:40 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.09.18 15:22:40 | 000,128,784 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.09.18 15:22:40 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.09.18 15:19:46 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat [2010.09.18 15:19:46 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001 [2010.09.18 15:17:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.18 15:17:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.18 14:50:12 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms [2010.09.18 14:50:12 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf [2010.09.18 00:10:55 | 003,148,125 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db [2010.09.17 22:40:56 | 000,106,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.09.17 09:50:54 | 000,000,053 | ---- | M] () -- C:\Windows\wininit.ini [2010.09.16 21:00:56 | 000,001,460 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps64.dat [2010.09.15 22:31:48 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 23:03:40 | 001,476,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.01 12:46:17 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.24 23:57:32 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp [2010.08.12 12:17:32 | 000,282,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.08.04 22:57:45 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys [2010.08.01 00:51:21 | 000,000,995 | ---- | M] () -- C:\Users\***\Desktop\ARMA 2 Combined Operations.lnk [2010.07.31 23:55:07 | 000,000,961 | ---- | M] () -- C:\Users\***\Desktop\ARMA II starten.lnk [2010.07.18 19:14:43 | 000,002,126 | ---- | M] () -- C:\Users\**\.recently-used.xbel [2010.07.18 15:49:18 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010.07.11 10:53:32 | 000,001,421 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk [2010.07.11 10:53:12 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.07.09 22:28:06 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini [2010.07.09 18:24:04 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk [2010.07.06 21:41:53 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\Allods Online.lnk [2010.06.28 01:49:46 | 000,001,007 | ---- | M] () -- C:\Users\***\Desktop\Content.IE5 - Verknüpfung.lnk [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.17 09:50:46 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini [2010.09.15 22:31:48 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.13 23:03:40 | 001,476,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs [2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs [2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml [2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml [2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl [2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl [2010.08.24 23:57:32 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp [2010.08.01 00:51:21 | 000,000,995 | ---- | C] () -- C:\Users\***\Desktop\ARMA 2 Combined Operations.lnk [2010.07.31 23:55:07 | 000,000,961 | ---- | C] () -- C:\Users\**\Desktop\ARMA II starten.lnk [2010.07.18 19:14:43 | 000,002,126 | ---- | C] () -- C:\Users\**\.recently-used.xbel [2010.07.18 15:49:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk [2010.07.09 18:24:04 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk [2010.07.06 21:41:53 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Allods Online.lnk [2010.06.28 01:49:46 | 000,001,007 | ---- | C] () -- C:\Users\***\Desktop\Content.IE5 - Verknüpfung.lnk [2010.06.06 18:30:24 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll [2010.04.28 22:13:06 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.04.28 22:12:09 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.04.15 21:32:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2010.04.15 01:16:56 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini [2010.02.27 16:13:06 | 000,437,258 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI059F.txt [2010.02.27 16:13:06 | 000,011,458 | ---- | C] () -- C:\Users\**\AppData\Local\dd_vcredistUI059F.txt [2010.01.05 17:49:28 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini [2009.12.21 01:35:39 | 000,000,680 | ---- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat [2009.12.03 12:16:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll [2009.12.03 12:15:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.09.10 15:19:37 | 000,106,496 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009.09.10 13:33:15 | 000,521,458 | ---- | C] () -- C:\Users\***\AppData\Local\dd_ATL80SP1_KB973923MSI28A8.txt [2009.09.10 13:33:14 | 000,012,532 | ---- | C] () -- C:\Users\****\AppData\Local\dd_ATL80SP1_KB973923UI28A8.txt [2009.09.10 13:18:09 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys [2009.09.10 10:27:27 | 000,001,460 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps64.dat [2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll [2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll [2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll [2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini ========== LOP Check ========== [2010.03.03 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\autobingooo [2010.05.25 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\CheckPoint [2010.04.23 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\digital publishing [2010.06.06 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor [2010.01.31 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FlightSimTools.com [2010.07.18 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0 [2009.11.28 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\JavaEditor [2010.04.23 11:19:53 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDisc [2010.06.06 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TS3Client [2010.09.18 14:50:08 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys [2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys < MD5 for: ATAPI.SYS > [2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys [2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\HomeCinema\PowerDirector\EventLog.dll < MD5 for: IASTORV.SYS > [2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys < MD5 for: NETLOGON.DLL > [2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll [2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll [2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll < MD5 for: NVSTOR.SYS > [2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll [2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll [2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll < c:\windows\system32\drivers\*.sys /lockedfiles > < c:\windows\system32\*.dll /lockedfiles > < %systemroot%\*. /mp /s > < %PROGRAMFILES%\*. > [2009.10.14 00:37:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip [2010.01.19 13:14:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe [2009.09.10 11:38:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies [2009.09.10 14:37:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon [2009.09.10 14:33:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CD-LabelPrint [2010.08.17 12:32:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files [2009.09.10 14:52:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink [2010.07.11 10:53:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX [2009.09.10 20:12:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FLV Player [2010.06.06 18:13:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\G DATA [2010.07.18 15:48:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0 [2010.05.19 21:28:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUILD WARS [2009.09.10 14:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HomeCinema [2010.07.09 18:24:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information [2009.09.10 11:35:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel [2010.08.12 03:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer [2010.08.17 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java [2009.09.10 12:45:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MagicTune Premium [2010.09.15 22:31:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010.05.27 03:02:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft [2010.08.31 22:56:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games [2009.09.10 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office [2010.09.08 14:48:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight [2009.09.10 14:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2009.09.10 14:02:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works [2010.09.13 23:31:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET [2010.09.17 00:23:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox [2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild [2010.01.06 10:56:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0 [2010.01.05 17:46:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero [2010.07.09 18:24:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Panasonic [2009.11.07 13:14:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.NET [2010.04.15 00:46:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real [2009.09.10 11:55:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek [2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies [2009.09.10 13:17:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SEC [2009.09.10 14:55:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Teamspeak2_RC2 [2009.09.10 12:00:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp [2006.11.02 17:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information [2009.09.10 20:19:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN [2010.06.06 18:30:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Visagesoft [2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar [2008.01.21 05:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration [2008.01.21 05:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender [2009.09.10 14:00:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live [2009.09.10 13:59:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive [2010.09.15 22:18:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail [2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player [2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT [2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery [2009.12.04 16:04:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices [2009.12.03 12:35:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > [/code] |
18.09.2010, 22:15 | #10 |
| explorer.exe stürzt ständig ab Hi, sieht eigentlich gut aus, allerdings stimmt mit der hosts-Datei wirklich was nicht... O1 HOSTS File: ([2010.09.16 21:26:25 | 000,001,446 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts Über 1kB und dann nur ein Eintrag (mit ca. 30 Bytes) drin? O1 - Hosts: 127.0.0.1 localhost Poste die Datei hier mal hoch: Fileuplod: File-Upload.net - Ihr kostenloser File Hoster!, hochladen und den Link (mit Löschlink) als "PrivateMail" an mich... Ggf. lasse wir sie von OTL zurücksetzen... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
18.09.2010, 22:30 | #11 |
| explorer.exe stürzt ständig ab Hi, habe sie dir geschickt |
20.09.2010, 07:41 | #12 |
| explorer.exe stürzt ständig ab Hi, hosts-file ist ok, damit wären wir erstmal durch, wenn der Rechner keine Mucken mehr macht... chris
__________________ Don't bring me down Vor dem posten beachten! Spenden (Wer spenden will, kann sich gerne melden ) |
20.09.2010, 20:17 | #13 |
| explorer.exe stürzt ständig ab Hi, ob der Rechner läuft werde ich erst nächste Woche rausfinden dar ich so lange nicht an den Rechner rankomme^^. aber wenn noch was ist kann man aber glaub ich einen Virus ausschließen und eher an die 64bit Tücken denken. Aber auf jeden Fall vielen Dank für deine Hilfe. |
Themen zu explorer.exe stürzt ständig ab |
adobe, antivirus, bho, dateisystem, expert pdf, explorer, firefox, firewall, g-data, hijackthis, internet, internet explorer, microsoft, mozilla, nvidia, object, ordner, pdf, plug-in, programdata, proxy, rundll, security, senden, software, syswow64, virus, vista, windows, wmp |