Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.10.2010, 14:41   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



Häh? Ich schrieb was von nicht aktuellem Malwarebytes und Du postest mit (neue) OTL-Logs!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 22.10.2010, 17:04   #17
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4907

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.10.2010 18:02:25
mbam-log-2010-10-22 (18-02-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|H:\|)
Durchsuchte Objekte: 364336
Laufzeit: 6 Stunde(n), 42 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 16

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\bk (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\idln2 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\24d1ca9a-a864-4f7b-86fe-495eb56529d8 (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\7bde84a2-f58f-46ec-9eac-f1f90fead080 (Malware.Trace) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
F:\Dokumente und Einstellungen\Mudimu\Lokale Einstellungen\Temp\pdfupd.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
F:\Dokumente und Einstellungen\Mudimu\Lokale Einstellungen\Temp\0.9923040617720125.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
F:\Dokumente und Einstellungen\Mudimu\Lokale Einstellungen\Temporary Internet Files\Content.IE5\OAPJ55MD\myexebr[1].exe (Spyware.Zbot) -> Quarantined and deleted successfully.
F:\Users\Mudimu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7Z3ECLUH\1143001287[1].tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
F:\Users\Mudimu\AppData\Local\Temp\eapp32hst.dll (Trojan.FakeAV) -> Quarantined and deleted successfully.
F:\Users\Mudimu\AppData\Local\Temp\topwesitjh (Trojan.FakeAlert) -> Quarantined and deleted successfully.
F:\Users\Mudimu\AppData\Local\Temp\tvr.exe (Worm.Palevo) -> Quarantined and deleted successfully.
F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Templates\memory.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
F:\Windows.old\Windows\system32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
F:\Windows.old\Windows\Temp\22D.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
F:\Windows.old\Windows\Temp\306.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
F:\Windows.old\Windows\Temp\379.tmp (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
F:\Users\Mudimu\AppData\Roaming\jsfhjjsd.bat (Malware.Trace) -> Quarantined and deleted successfully.
F:\Users\Public\Documents\Server\admin.txt (Malware.Trace) -> Quarantined and deleted successfully.
F:\Users\Public\Documents\Server\server.dat (Malware.Trace) -> Quarantined and deleted successfully.
F:\Users\Mudimu\AppData\Roaming\dsfsds.bat (Malware.Trace) -> Quarantined and deleted successfully.
__________________


Alt 22.10.2010, 17:14   #18
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 22.10.2010 18:04:33 - Run 2
OTL by OldTimer - Version 3.2.16.0     Folder = F:\Users\Mudimu\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 461,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 7,41 Gb Free Space | 7,58% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS
Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS
 
Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- F:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_GROOVE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_GROOVE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_GROOVE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_GROOVE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0000-0000-0000000FF1CE}" = Microsoft Office Groove 2007
"{90120000-00BA-0000-0000-0000000FF1CE}_GROOVE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0000-0000-0000000FF1CE}_GROOVE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_GROOVE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_GROOVE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_GROOVE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter und der Feuerkelch™
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Google Chrome" = Google Chrome
"GROOVE" = Microsoft Office Groove 2007
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"VISPRO" = Microsoft Office Visio Professional 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.10.2010 16:09:14 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdcc5  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075cf0  ID des fehlerhaften
 Prozesses: 0xd14  Startzeit der fehlerhaften Anwendung: 0x01cb6fb8195e530e  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: be48c086-dbbc-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 16:10:12 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdc89  Name des fehlerhaften Moduls: NPSWF32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4bfd730a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x632918e6
ID
 des fehlerhaften Prozesses: 0x7a4  Startzeit der fehlerhaften Anwendung: 0x01cb6fb84661b0be
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: NPSWF32.dll  Berichtskennung: e06f8fb4-dbbc-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 17:08:20 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdcc5  Name des fehlerhaften Moduls: CoolType.dll, Version: 5.5.69.1,
 Zeitstempel: 0x4c1d66b7  Ausnahmecode: 0xc0000409  Fehleroffset: 0x00184a20  ID des fehlerhaften
 Prozesses: 0xf30  Startzeit der fehlerhaften Anwendung: 0x01cb6fc9a0ee85c5  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: F:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll  Berichtskennung: ff745be8-dbc4-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 17:09:26 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdc89  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0x280  Startzeit der fehlerhaften Anwendung: 0x01cb6fc9ca2c975f  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 271642fb-dbc5-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 17:27:15 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdcc5  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00064fbd  ID des fehlerhaften
 Prozesses: 0x120  Startzeit der fehlerhaften Anwendung: 0x01cb6fd1f61ba89b  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: a4319494-dbc7-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 17:27:33 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdc89  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0x6f4  Startzeit der fehlerhaften Anwendung: 0x01cb6fd226000938  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: aec8d8bf-dbc7-11df-8c55-0018f35bb59f
 
Error - 20.10.2010 06:07:35 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdcc5  Name des fehlerhaften Moduls: CoolType.dll, Version: 5.5.69.1,
 Zeitstempel: 0x4c1d66b7  Ausnahmecode: 0xc0000409  Fehleroffset: 0x00184a20  ID des fehlerhaften
 Prozesses: 0xabc  Startzeit der fehlerhaften Anwendung: 0x01cb703cbccdd013  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: F:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll  Berichtskennung: dbfc3116-dc31-11df-a595-0018f35bb59f
 
Error - 20.10.2010 10:39:42 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 10.145.7329.0,
 Zeitstempel: 0x4019138d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004ef37  ID des fehlerhaften
 Prozesses: 0x898  Startzeit der fehlerhaften Anwendung: 0x01cb7039dca38c86  Pfad der
 fehlerhaften Anwendung: F:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: F:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Berichtskennung:
 df52cfcf-dc57-11df-a595-0018f35bb59f
 
Error - 20.10.2010 10:43:05 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_Google Chrome, Version:
 7.0.517.41, Zeitstempel: 0x4cb3d03b  Name des fehlerhaften Moduls: setup.exe, Version:
 7.0.517.41, Zeitstempel: 0x4cb3d03b  Ausnahmecode: 0x40000015  Fehleroffset: 0x0005c280
ID
 des fehlerhaften Prozesses: 0x58c  Startzeit der fehlerhaften Anwendung: 0x01cb706505edfc68
Pfad
 der fehlerhaften Anwendung: F:\Windows\Temp\CR_AB62.tmp\setup.exe  Pfad des fehlerhaften
 Moduls: F:\Windows\Temp\CR_AB62.tmp\setup.exe  Berichtskennung: 584a1b5f-dc58-11df-a595-0018f35bb59f
 
Error - 20.10.2010 11:04:30 | Computer Name = Mudimu-PC | Source = Application Hang | ID = 1002
Description = Programm RealUpgrade.exe, Version 1.0.2.170 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 6ec    Startzeit: 01cb70676a57ef22    Endzeit: 31    Anwendungspfad: F:\Program
 Files\Real\RealUpgrade\RealUpgrade.exe    Berichts-ID: 5310237d-dc5b-11df-bfab-0018f35bb59f

 
[ Media Center Events ]
Error - 12.10.2010 03:22:50 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:49 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 03:22:52 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 03:22:52 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:52 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 14:20:46 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:20:46 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 14:21:21 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:20 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 14:21:22 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:22 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 14:21:28 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:23 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 13.10.2010 14:02:34 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:02:34 - Fehler beim Herstellen der Internetverbindung.  20:02:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.10.2010 14:02:45 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:02:40 - Fehler beim Herstellen der Internetverbindung.  20:02:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2010 04:27:41 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 10:27:32 - Fehler beim Herstellen der Internetverbindung.  10:27:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 14.09.2010 10:24:37 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.09.2010 10:24:47 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.09.2010 11:36:03 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.09.2010 11:36:04 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.09.2010 11:36:04 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
 
< End of report >
         
--- --- ---
__________________

Alt 22.10.2010, 17:14   #19
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.10.2010 18:04:33 - Run 2
OTL by OldTimer - Version 3.2.16.0     Folder = F:\Users\Mudimu\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 461,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 7,41 Gb Free Space | 7,58% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS
Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS
 
Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\Users\Mudimu\AppData\Local\Temp\543903.exe (Microsoft Corporation)
PRC - F:\Users\Mudimu\AppData\Local\Temp\86867.exe ()
PRC - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - F:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - F:\Windows\explorer.exe (Microsoft Corporation)
PRC - F:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - F:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools)
MOD - F:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - F:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - F:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - F:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - F:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - F:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - F:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - F:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - F:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - F:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - F:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- F:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- F:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WwanSvc) -- F:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- F:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- F:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- F:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- F:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- F:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- F:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- F:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- F:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- F:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- F:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- F:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- F:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- F:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- F:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- F:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- F:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- F:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- F:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- F:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- F:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- F:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- F:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (KSecPkg) -- F:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- F:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- F:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- F:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- F:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- F:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- F:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- F:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- F:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- F:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- F:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- F:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- F:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- F:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- F:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- F:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- F:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- F:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- F:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- F:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- F:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- F:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- F:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- F:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- F:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- F:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- F:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- F:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- F:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- F:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- F:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- F:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- F:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- F:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- F:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- F:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- F:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- F:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- F:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- F:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- F:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- F:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- F:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- F:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- F:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- F:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- F:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- F:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- F:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- F:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- F:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- F:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- F:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- F:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- F:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- F:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- F:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- F:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- F:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- F:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- F:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- F:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- F:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- F:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- F:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- F:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- F:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- F:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- F:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- F:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (atikmdag) -- F:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonw7) -- F:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (b57nd60x) -- F:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- F:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- F:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MTsensor) -- F:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 10 54 A8 4E 27 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25536
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {71D81AB0-74A4-4E16-A52F-46750D03B515}:1.9.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.24 19:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.04.13 19:24:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:06:20 | 000,000,000 | ---D | M]
 
[2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions
[2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.10.22 15:12:15 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions
[2010.07.20 14:32:14 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280}
[2010.10.11 18:14:16 | 000,000,000 | ---D | M] (Media Converter) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.10.21 21:16:45 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2010.10.16 17:06:15 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.16 17:06:16 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.10.22 08:20:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.23 20:51:42 | 000,000,000 | ---D | M] (Greasemonkey) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.18 15:05:41 | 000,000,000 | ---D | M] -- F:\Programme\Mozilla Firefox\extensions
[2010.10.22 00:49:10 | 000,001,392 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 00:49:10 | 000,002,344 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 00:49:10 | 000,006,805 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 00:49:10 | 000,001,178 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 00:49:10 | 000,001,105 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.17 12:57:10 | 000,002,109 | RHS- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 69.65.50.148 google.com 
O1 - Hosts: 69.65.50.148 google.com.au 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.be 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.com.br 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ca 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ch 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.de 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.dk 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.fr 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ie 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.it 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.co.jp 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.nl 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 22 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [download] F:\Users\Mudimu\AppData\Roaming\download2\svcnost.exe File not found
O4 - HKCU..\Run: [engel] F:\Users\Mudimu\AppData\Roaming\updates\updates.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O4 - Startup: F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.27 21:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.22 16:58:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
[2010.10.22 16:58:37 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\updates
[2010.10.20 17:54:25 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\Desktop\Numba
[2010.10.20 17:02:09 | 000,000,000 | ---D | C] -- F:\ProgramData\NOS
[2010.10.20 17:02:08 | 000,000,000 | ---D | C] -- F:\Program Files\NOS
[2010.10.19 23:49:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\Malwarebytes
[2010.10.19 23:49:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.19 23:49:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys
[2010.10.19 23:49:31 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2010.10.19 23:49:30 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010.10.18 19:32:46 | 000,000,000 | ---D | C] -- F:\Windows\System32\appmgmt
[2010.10.18 10:25:31 | 000,000,000 | ---D | C] -- F:\Windows\pss
[2010.10.17 19:15:27 | 000,000,000 | -H-D | C] -- F:\Users\Mudimu\Desktop\.picasaoriginals
[2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\ProgramData\SMHGCYE
[2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\Users\Mudimu\AppData\Roaming\Smart Engine
[2010.10.16 17:12:59 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2010.10.15 23:20:49 | 000,000,000 | ---D | C] -- F:\Programme\MSECache
[2010.10.14 20:53:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Local\{71D81AB0-74A4-4E16-A52F-46750D03B515}
[2010.10.13 17:00:29 | 000,363,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\StructuredQuery.dll
[2010.10.13 12:36:44 | 000,096,104 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys
[2010.10.13 12:36:44 | 000,056,816 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys
[2010.10.13 12:36:44 | 000,028,520 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys
[2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\ProgramData\Avira
[2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\Program Files\Avira
[2010.10.13 11:49:45 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download
[2010.10.13 11:12:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Grisoft
[2010.10.12 23:49:13 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download2
[2010.10.11 21:33:06 | 000,000,000 | -H-D | C] -- F:\Users\Public\Documents\Server
[2010.10.11 18:41:57 | 000,719,872 | ---- | C] (Abysmal Software) -- F:\Windows\System32\devil.dll
[2010.10.11 18:41:57 | 000,369,152 | ---- | C] (The Public) -- F:\Windows\System32\avisynth.dll
[2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\yv12vfw.dll
[2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\i420vfw.dll
[2010.10.11 18:41:55 | 000,000,000 | ---D | C] -- F:\Program Files\AviSynth 2.5
[2010.10.11 18:40:23 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSSplitter.ax
[2010.10.11 18:40:22 | 000,092,672 | RHS- | C] (RadLight) -- F:\Windows\System32\RLVorbisDec.ax
[2010.10.11 18:40:22 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSDecoder.ax
[2010.10.11 18:40:22 | 000,067,584 | RHS- | C] (RadLight, LLC) -- F:\Windows\System32\RLTheoraDec.ax
[2010.10.11 18:40:21 | 000,186,880 | RHS- | C] (RadLight) -- F:\Windows\System32\RLOgg.ax
[2010.10.11 18:40:20 | 000,161,792 | RHS- | C] (Gabest) -- F:\Windows\System32\RealMediaDX.ax
[2010.10.11 18:40:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- F:\Windows\System32\nbDX.dll
[2010.10.11 18:40:19 | 000,169,472 | RHS- | C] (Gabest) -- F:\Windows\System32\MatroskaDX.ax
[2010.10.11 18:40:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- F:\Windows\System32\msfDX.dll
[2010.10.11 18:40:18 | 000,179,200 | RHS- | C] (Gabest) -- F:\Windows\System32\DiracSplitter.ax
[2010.10.11 18:40:18 | 000,163,328 | RHS- | C] (Gabest) -- F:\Windows\System32\flvDX.dll
[2010.10.11 18:40:17 | 000,123,904 | RHS- | C] (CoreCodec) -- F:\Windows\System32\AVCDX.ax
[2010.10.11 18:39:00 | 000,000,000 | ---D | C] -- F:\Program Files\eRightSoft
[2010.10.10 21:52:51 | 000,000,000 | ---D | C] -- F:\ProgramData\AntiVir PersonalEdition Classic
[2010.10.08 16:13:25 | 000,000,000 | ---D | C] -- F:\Program Files\iPod
[2010.10.08 16:13:11 | 000,000,000 | ---D | C] -- F:\Program Files\iTunes
[2010.10.08 15:57:28 | 000,000,000 | ---D | C] -- F:\Programme\QuickTime
[2010.10.08 15:54:09 | 000,000,000 | ---D | C] -- F:\Programme\Bonjour
[1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.22 17:41:00 | 000,001,096 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.22 16:58:32 | 000,107,520 | ---- | M] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
[2010.10.22 16:09:53 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2010.10.22 13:42:49 | 000,002,290 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk
[2010.10.22 13:41:04 | 000,001,092 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.22 08:21:16 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.22 08:21:16 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.22 08:13:39 | 804,659,200 | -HS- | M] () -- F:\hiberfil.sys
[2010.10.19 23:49:34 | 000,000,983 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.19 23:15:28 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MpSigStub.exe
[2010.10.18 15:24:56 | 000,023,552 | ---- | M] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc
[2010.10.17 23:57:23 | 000,000,006 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\start
[2010.10.17 23:50:51 | 000,000,010 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\install
[2010.10.17 23:42:31 | 000,096,104 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys
[2010.10.17 23:42:31 | 000,056,816 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys
[2010.10.17 23:42:31 | 000,028,520 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys
[2010.10.17 23:32:56 | 000,000,185 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat
[2010.10.17 19:15:28 | 000,143,976 | ---- | M] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg
[2010.10.17 17:40:16 | 000,648,466 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2010.10.17 17:40:16 | 000,611,134 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2010.10.17 17:40:16 | 000,128,724 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2010.10.17 17:40:16 | 000,105,314 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2010.10.17 12:57:10 | 000,002,109 | RHS- | M] () -- F:\Windows\System32\drivers\etc\hosts
[2010.10.16 17:13:27 | 000,002,043 | ---- | M] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk
[2010.10.16 12:59:52 | 000,000,120 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat
[2010.10.16 12:59:37 | 000,000,000 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin
[2010.10.13 22:04:19 | 001,991,640 | ---- | M] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa
[2010.10.13 12:51:30 | 000,002,016 | ---- | M] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.11 18:40:24 | 000,001,998 | ---- | M] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.10.11 18:40:24 | 000,001,974 | ---- | M] () -- F:\Users\Public\Desktop\SUPER ©.lnk
[2010.10.10 15:45:16 | 000,001,284 | ---- | M] () -- F:\Users\Public\Desktop\Fahren Lernen Offline.lnk
[2010.10.08 16:16:40 | 000,002,429 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk
[2010.10.08 15:58:20 | 000,001,815 | ---- | M] () -- F:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.25 18:08:24 | 000,102,020 | ---- | M] () -- F:\Users\Mudimu\Desktop\fvwt34wb9xs.jpg
[1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.19 23:49:34 | 000,000,983 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.19 23:15:28 | 000,000,217 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat
[2010.10.18 15:24:56 | 000,023,552 | ---- | C] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc
[2010.10.17 23:57:23 | 000,000,006 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\start
[2010.10.17 23:50:51 | 000,000,010 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\install
[2010.10.17 23:32:56 | 000,000,185 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat
[2010.10.17 19:15:28 | 000,143,976 | ---- | C] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg
[2010.10.16 17:13:01 | 000,002,043 | ---- | C] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk
[2010.10.14 20:53:44 | 000,000,120 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat
[2010.10.14 20:53:44 | 000,000,000 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin
[2010.10.13 22:04:16 | 001,991,640 | ---- | C] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa
[2010.10.13 12:51:30 | 000,002,016 | ---- | C] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.11 18:41:56 | 000,027,648 | ---- | C] () -- F:\Windows\System32\AVSredirect.dll
[2010.10.11 18:40:24 | 000,001,998 | ---- | C] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.10.11 18:40:24 | 000,001,974 | ---- | C] () -- F:\Users\Public\Desktop\SUPER ©.lnk
[2010.10.11 18:40:22 | 000,051,712 | RHS- | C] () -- F:\Windows\System32\RLSpeexDec.ax
[2010.10.11 18:40:21 | 000,107,520 | RHS- | C] () -- F:\Windows\System32\RLMPCDec.ax
[2010.10.11 18:40:21 | 000,070,656 | RHS- | C] () -- F:\Windows\System32\RLAPEDec.ax
[2010.10.11 18:40:19 | 000,120,832 | RHS- | C] () -- F:\Windows\System32\MPCDx.ax
[2010.10.11 18:40:18 | 000,097,280 | RHS- | C] () -- F:\Windows\System32\FLACDX.ax
[2010.10.11 18:40:17 | 000,175,104 | RHS- | C] () -- F:\Windows\System32\CoreAAC.ax
[2010.10.11 18:40:16 | 000,227,328 | RHS- | C] () -- F:\Windows\System32\ac3DX.ax
[2010.10.11 18:40:16 | 000,081,920 | RHS- | C] () -- F:\Windows\System32\aac_parser.ax
[2010.10.08 16:16:40 | 000,002,429 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk
[2010.10.08 15:58:20 | 000,001,815 | ---- | C] () -- F:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.25 18:08:12 | 000,102,020 | ---- | C] () -- F:\Users\Mudimu\Desktop\fvwt34wb9xs.jpg
[2010.08.16 23:54:41 | 000,007,168 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.13 10:32:52 | 000,000,534 | ---- | C] () -- F:\Windows\ODBC.INI
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- F:\Windows\System32\drivers\ASACPI.sys

< End of report >
         
--- --- ---

Alt 22.10.2010, 17:15   #20
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 22.10.2010 18:04:33 - Run 2
OTL by OldTimer - Version 3.2.16.0     Folder = F:\Users\Mudimu\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 461,00 Mb Available Physical Memory | 45,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 55,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive F: | 97,65 Gb Total Space | 7,41 Gb Free Space | 7,58% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS
Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS
 
Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\Users\Mudimu\AppData\Local\Temp\543903.exe (Microsoft Corporation)
PRC - F:\Users\Mudimu\AppData\Local\Temp\86867.exe ()
PRC - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - F:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - F:\Windows\explorer.exe (Microsoft Corporation)
PRC - F:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - F:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools)
MOD - F:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - F:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - F:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - F:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - F:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - F:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - F:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - F:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - F:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - F:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - F:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- F:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nosGetPlusHelper) getPlus(R) -- F:\Program Files\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- F:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WwanSvc) -- F:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- F:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- F:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- F:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- F:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- F:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- F:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- F:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- F:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- F:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- F:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- F:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- F:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- F:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- F:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- F:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- F:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- F:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- F:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- F:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- F:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- F:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- F:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (KSecPkg) -- F:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- F:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- F:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- F:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- F:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- F:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- F:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- F:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- F:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- F:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- F:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- F:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- F:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- F:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- F:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- F:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- F:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- F:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- F:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- F:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- F:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- F:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- F:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- F:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- F:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- F:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- F:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- F:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- F:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- F:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- F:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- F:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- F:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- F:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- F:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- F:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- F:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- F:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- F:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- F:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- F:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- F:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- F:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- F:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- F:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- F:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- F:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- F:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- F:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- F:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- F:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- F:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- F:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- F:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- F:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- F:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- F:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- F:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- F:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- F:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- F:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- F:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- F:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- F:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- F:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- F:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- F:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- F:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- F:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- F:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (atikmdag) -- F:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonw7) -- F:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (b57nd60x) -- F:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- F:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- F:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MTsensor) -- F:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 10 54 A8 4E 27 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25536
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {71D81AB0-74A4-4E16-A52F-46750D03B515}:1.9.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.91
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.24 19:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.04.13 19:24:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:06:20 | 000,000,000 | ---D | M]
 
[2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions
[2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.10.22 15:12:15 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions
[2010.07.20 14:32:14 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280}
[2010.10.11 18:14:16 | 000,000,000 | ---D | M] (Media Converter) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.10.21 21:16:45 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2010.10.16 17:06:15 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.16 17:06:16 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.10.22 08:20:49 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.08.23 20:51:42 | 000,000,000 | ---D | M] (Greasemonkey) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.18 15:05:41 | 000,000,000 | ---D | M] -- F:\Programme\Mozilla Firefox\extensions
[2010.10.22 00:49:10 | 000,001,392 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 00:49:10 | 000,002,344 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 00:49:10 | 000,006,805 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 00:49:10 | 000,001,178 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 00:49:10 | 000,001,105 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.17 12:57:10 | 000,002,109 | RHS- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 69.65.50.148 google.com 
O1 - Hosts: 69.65.50.148 google.com.au 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.be 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.com.br 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ca 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ch 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.de 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.dk 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.fr 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ie 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.it 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.co.jp 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.nl 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 22 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [download] F:\Users\Mudimu\AppData\Roaming\download2\svcnost.exe File not found
O4 - HKCU..\Run: [engel] F:\Users\Mudimu\AppData\Roaming\updates\updates.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
O4 - Startup: F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.27 21:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.22 16:58:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
[2010.10.22 16:58:37 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\updates
[2010.10.20 17:54:25 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\Desktop\Numba
[2010.10.20 17:02:09 | 000,000,000 | ---D | C] -- F:\ProgramData\NOS
[2010.10.20 17:02:08 | 000,000,000 | ---D | C] -- F:\Program Files\NOS
[2010.10.19 23:49:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\Malwarebytes
[2010.10.19 23:49:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.19 23:49:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys
[2010.10.19 23:49:31 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2010.10.19 23:49:30 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010.10.18 19:32:46 | 000,000,000 | ---D | C] -- F:\Windows\System32\appmgmt
[2010.10.18 10:25:31 | 000,000,000 | ---D | C] -- F:\Windows\pss
[2010.10.17 19:15:27 | 000,000,000 | -H-D | C] -- F:\Users\Mudimu\Desktop\.picasaoriginals
[2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\ProgramData\SMHGCYE
[2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\Users\Mudimu\AppData\Roaming\Smart Engine
[2010.10.16 17:12:59 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2010.10.15 23:20:49 | 000,000,000 | ---D | C] -- F:\Programme\MSECache
[2010.10.14 20:53:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Local\{71D81AB0-74A4-4E16-A52F-46750D03B515}
[2010.10.13 17:00:29 | 000,363,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\StructuredQuery.dll
[2010.10.13 12:36:44 | 000,096,104 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys
[2010.10.13 12:36:44 | 000,056,816 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys
[2010.10.13 12:36:44 | 000,028,520 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys
[2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\ProgramData\Avira
[2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\Program Files\Avira
[2010.10.13 11:49:45 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download
[2010.10.13 11:12:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Grisoft
[2010.10.12 23:49:13 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download2
[2010.10.11 21:33:06 | 000,000,000 | -H-D | C] -- F:\Users\Public\Documents\Server
[2010.10.11 18:41:57 | 000,719,872 | ---- | C] (Abysmal Software) -- F:\Windows\System32\devil.dll
[2010.10.11 18:41:57 | 000,369,152 | ---- | C] (The Public) -- F:\Windows\System32\avisynth.dll
[2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\yv12vfw.dll
[2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\i420vfw.dll
[2010.10.11 18:41:55 | 000,000,000 | ---D | C] -- F:\Program Files\AviSynth 2.5
[2010.10.11 18:40:23 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSSplitter.ax
[2010.10.11 18:40:22 | 000,092,672 | RHS- | C] (RadLight) -- F:\Windows\System32\RLVorbisDec.ax
[2010.10.11 18:40:22 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSDecoder.ax
[2010.10.11 18:40:22 | 000,067,584 | RHS- | C] (RadLight, LLC) -- F:\Windows\System32\RLTheoraDec.ax
[2010.10.11 18:40:21 | 000,186,880 | RHS- | C] (RadLight) -- F:\Windows\System32\RLOgg.ax
[2010.10.11 18:40:20 | 000,161,792 | RHS- | C] (Gabest) -- F:\Windows\System32\RealMediaDX.ax
[2010.10.11 18:40:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- F:\Windows\System32\nbDX.dll
[2010.10.11 18:40:19 | 000,169,472 | RHS- | C] (Gabest) -- F:\Windows\System32\MatroskaDX.ax
[2010.10.11 18:40:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- F:\Windows\System32\msfDX.dll
[2010.10.11 18:40:18 | 000,179,200 | RHS- | C] (Gabest) -- F:\Windows\System32\DiracSplitter.ax
[2010.10.11 18:40:18 | 000,163,328 | RHS- | C] (Gabest) -- F:\Windows\System32\flvDX.dll
[2010.10.11 18:40:17 | 000,123,904 | RHS- | C] (CoreCodec) -- F:\Windows\System32\AVCDX.ax
[2010.10.11 18:39:00 | 000,000,000 | ---D | C] -- F:\Program Files\eRightSoft
[2010.10.10 21:52:51 | 000,000,000 | ---D | C] -- F:\ProgramData\AntiVir PersonalEdition Classic
[2010.10.08 16:13:25 | 000,000,000 | ---D | C] -- F:\Program Files\iPod
[2010.10.08 16:13:11 | 000,000,000 | ---D | C] -- F:\Program Files\iTunes
[2010.10.08 15:57:28 | 000,000,000 | ---D | C] -- F:\Programme\QuickTime
[2010.10.08 15:54:09 | 000,000,000 | ---D | C] -- F:\Programme\Bonjour
[1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.22 17:41:00 | 000,001,096 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.22 16:58:32 | 000,107,520 | ---- | M] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
[2010.10.22 16:09:53 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2010.10.22 13:42:49 | 000,002,290 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk
[2010.10.22 13:41:04 | 000,001,092 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.22 08:21:16 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.22 08:21:16 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.22 08:13:39 | 804,659,200 | -HS- | M] () -- F:\hiberfil.sys
[2010.10.19 23:49:34 | 000,000,983 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.19 23:15:28 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MpSigStub.exe
[2010.10.18 15:24:56 | 000,023,552 | ---- | M] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc
[2010.10.17 23:57:23 | 000,000,006 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\start
[2010.10.17 23:50:51 | 000,000,010 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\install
[2010.10.17 23:42:31 | 000,096,104 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys
[2010.10.17 23:42:31 | 000,056,816 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys
[2010.10.17 23:42:31 | 000,028,520 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys
[2010.10.17 23:32:56 | 000,000,185 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat
[2010.10.17 19:15:28 | 000,143,976 | ---- | M] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg
[2010.10.17 17:40:16 | 000,648,466 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2010.10.17 17:40:16 | 000,611,134 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2010.10.17 17:40:16 | 000,128,724 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2010.10.17 17:40:16 | 000,105,314 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2010.10.17 12:57:10 | 000,002,109 | RHS- | M] () -- F:\Windows\System32\drivers\etc\hosts
[2010.10.16 17:13:27 | 000,002,043 | ---- | M] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk
[2010.10.16 12:59:52 | 000,000,120 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat
[2010.10.16 12:59:37 | 000,000,000 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin
[2010.10.13 22:04:19 | 001,991,640 | ---- | M] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa
[2010.10.13 12:51:30 | 000,002,016 | ---- | M] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.11 18:40:24 | 000,001,998 | ---- | M] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.10.11 18:40:24 | 000,001,974 | ---- | M] () -- F:\Users\Public\Desktop\SUPER ©.lnk
[2010.10.10 15:45:16 | 000,001,284 | ---- | M] () -- F:\Users\Public\Desktop\Fahren Lernen Offline.lnk
[2010.10.08 16:16:40 | 000,002,429 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk
[2010.10.08 15:58:20 | 000,001,815 | ---- | M] () -- F:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.25 18:08:24 | 000,102,020 | ---- | M] () -- F:\Users\Mudimu\Desktop\fvwt34wb9xs.jpg
[1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.19 23:49:34 | 000,000,983 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.19 23:15:28 | 000,000,217 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat
[2010.10.18 15:24:56 | 000,023,552 | ---- | C] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc
[2010.10.17 23:57:23 | 000,000,006 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\start
[2010.10.17 23:50:51 | 000,000,010 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\install
[2010.10.17 23:32:56 | 000,000,185 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat
[2010.10.17 19:15:28 | 000,143,976 | ---- | C] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg
[2010.10.16 17:13:01 | 000,002,043 | ---- | C] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk
[2010.10.14 20:53:44 | 000,000,120 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat
[2010.10.14 20:53:44 | 000,000,000 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin
[2010.10.13 22:04:16 | 001,991,640 | ---- | C] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa
[2010.10.13 12:51:30 | 000,002,016 | ---- | C] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.11 18:41:56 | 000,027,648 | ---- | C] () -- F:\Windows\System32\AVSredirect.dll
[2010.10.11 18:40:24 | 000,001,998 | ---- | C] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.10.11 18:40:24 | 000,001,974 | ---- | C] () -- F:\Users\Public\Desktop\SUPER ©.lnk
[2010.10.11 18:40:22 | 000,051,712 | RHS- | C] () -- F:\Windows\System32\RLSpeexDec.ax
[2010.10.11 18:40:21 | 000,107,520 | RHS- | C] () -- F:\Windows\System32\RLMPCDec.ax
[2010.10.11 18:40:21 | 000,070,656 | RHS- | C] () -- F:\Windows\System32\RLAPEDec.ax
[2010.10.11 18:40:19 | 000,120,832 | RHS- | C] () -- F:\Windows\System32\MPCDx.ax
[2010.10.11 18:40:18 | 000,097,280 | RHS- | C] () -- F:\Windows\System32\FLACDX.ax
[2010.10.11 18:40:17 | 000,175,104 | RHS- | C] () -- F:\Windows\System32\CoreAAC.ax
[2010.10.11 18:40:16 | 000,227,328 | RHS- | C] () -- F:\Windows\System32\ac3DX.ax
[2010.10.11 18:40:16 | 000,081,920 | RHS- | C] () -- F:\Windows\System32\aac_parser.ax
[2010.10.08 16:16:40 | 000,002,429 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk
[2010.10.08 15:58:20 | 000,001,815 | ---- | C] () -- F:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.25 18:08:12 | 000,102,020 | ---- | C] () -- F:\Users\Mudimu\Desktop\fvwt34wb9xs.jpg
[2010.08.16 23:54:41 | 000,007,168 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.13 10:32:52 | 000,000,534 | ---- | C] () -- F:\Windows\ODBC.INI
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- F:\Windows\System32\drivers\ASACPI.sys

< End of report >
         
--- --- ---


Alt 23.10.2010, 18:47   #21
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25536
O4 - HKCU..\Run: [download] F:\Users\Mudimu\AppData\Roaming\download2\svcnost.exe File not found
O4 - HKCU..\Run: [engel] F:\Users\Mudimu\AppData\Roaming\updates\updates.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Uninstall Adobe Download Manager]  File not found
[2010.10.22 16:58:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
[2010.10.22 16:58:37 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\updates
[2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\ProgramData\SMHGCYE
[2010.10.11 21:33:06 | 000,000,000 | -H-D | C] -- F:\Users\Public\Documents\Server
[2010.10.19 23:15:28 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat
[2010.10.17 23:57:23 | 000,000,006 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\start
[2010.10.17 23:50:51 | 000,000,010 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\install
[2010.10.17 23:32:56 | 000,000,185 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat
[2010.10.16 12:59:52 | 000,000,120 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Cperafujahoza.dat
[2010.10.16 12:59:37 | 000,000,000 | ---- | M] () -- F:\Users\Mudimu\AppData\Local\Ksavegaqabiheba.bin
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
--> explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme

Alt 25.10.2010, 17:50   #22
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



es kam leider kein logfile nach dem Fix

Alt 25.10.2010, 17:51   #23
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



hab OTL nochmal laufen lassen, hier mein Logfile:

Alt 25.10.2010, 17:51   #24
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.10.2010 18:45:35 - Run 3
OTL by OldTimer - Version 3.2.16.0     Folder = F:\Users\Mudimu\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 349,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive E: | 2,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 97,65 Gb Total Space | 9,21 Gb Free Space | 9,43% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS
Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS
Drive I: | 488,84 Mb Total Space | 162,55 Mb Free Space | 33,25% Space Free | Partition Type: FAT
 
Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Microsoft Corporation)
PRC - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools)
PRC - F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - F:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - F:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - F:\Program Files\Audible\Bin\AudibleDownloadHelper.exe (Audible, Inc.)
PRC - F:\Windows\explorer.exe (Microsoft Corporation)
PRC - F:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - F:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - F:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - F:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - F:\Users\Mudimu\Downloads\OTL.exe (OldTimer Tools)
MOD - F:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - F:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - F:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - F:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - F:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - F:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - F:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - F:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - F:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - F:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - F:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - F:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirSchedulerService) -- F:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- F:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- F:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- F:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- F:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- F:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WwanSvc) -- F:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- F:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- F:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- F:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- F:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- F:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- F:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- F:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- F:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- F:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- F:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- F:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- F:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- F:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- F:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- F:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- F:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- F:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- F:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- F:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- F:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- F:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- F:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- F:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (KSecPkg) -- F:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (cmdide) -- F:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- F:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- F:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- F:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- F:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- F:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- F:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- F:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- F:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- F:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- F:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- F:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- F:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- F:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- F:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- F:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- F:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- F:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- F:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- F:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- F:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- F:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- F:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- F:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- F:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- F:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- F:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- F:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- F:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- F:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- F:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- F:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- F:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- F:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- F:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- F:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- F:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- F:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- F:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- F:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- F:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- F:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- F:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- F:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- F:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- F:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- F:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- F:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- F:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- F:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- F:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- F:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- F:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- F:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- F:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- F:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- F:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- F:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- F:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- F:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- F:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- F:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- F:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- F:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- F:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- F:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- F:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- F:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- F:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (atikmdag) -- F:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (yukonw7) -- F:\Windows\System32\drivers\yk62x86.sys (Marvell)
DRV - (b57nd60x) -- F:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- F:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- F:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (avgio) -- F:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (MTsensor) -- F:\Windows\System32\drivers\ASACPI.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D6 10 54 A8 4E 27 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:25536
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {542e4d79-1970-4e95-9862-fdb96f61b280}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {76aeea42-e04a-4b62-83ab-df4b2be2541e}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {6e764c17-863a-450f-bdd0-6772bd5aaa18}:1.0.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {71D81AB0-74A4-4E16-A52F-46750D03B515}:1.9.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.07.24 19:33:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: F:\Program Files\Mozilla Firefox\components [2010.04.13 19:24:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: F:\Program Files\Mozilla Firefox\plugins [2010.05.25 21:06:20 | 000,000,000 | ---D | M]
 
[2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions
[2010.07.03 21:54:31 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.10.24 15:47:00 | 000,000,000 | ---D | M] -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions
[2010.07.20 14:32:14 | 000,000,000 | ---D | M] (Messenger Plus Live Germany Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{542e4d79-1970-4e95-9862-fdb96f61b280}
[2010.10.11 18:14:16 | 000,000,000 | ---D | M] (Media Converter) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
[2010.10.21 21:16:45 | 000,000,000 | ---D | M] (MessengerPlusLive Germany TB Toolbar) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{76aeea42-e04a-4b62-83ab-df4b2be2541e}
[2010.10.16 17:06:15 | 000,000,000 | ---D | M] (Adblock Plus) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.10.16 17:06:16 | 000,000,000 | ---D | M] (No name found) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.08.23 20:51:42 | 000,000,000 | ---D | M] (Greasemonkey) -- F:\Users\Mudimu\AppData\Roaming\mozilla\Firefox\Profiles\6lq47pgj.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.10.18 15:05:41 | 000,000,000 | ---D | M] -- F:\Programme\Mozilla Firefox\extensions
[2010.10.22 00:49:10 | 000,001,392 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.22 00:49:10 | 000,002,344 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.22 00:49:10 | 000,006,805 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.22 00:49:10 | 000,001,178 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.22 00:49:10 | 000,001,105 | ---- | M] () -- F:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.17 12:57:10 | 000,002,109 | RHS- | M]) - F:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 69.65.50.148 google.com 
O1 - Hosts: 69.65.50.148 google.com.au 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.be 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.com.br 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ca 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ch 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.de 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.dk 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.fr 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.ie 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.it 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.co.jp 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 69.65.50.148 google.nl 
O1 - Hosts: 69.65.50.148 Google
O1 - Hosts: 22 more lines...
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - F:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Germany Toolbar) - {542e4d79-1970-4e95-9862-fdb96f61b280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MessengerPlusLive Germany TB Toolbar) - {76aeea42-e04a-4b62-83ab-df4b2be2541e} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Germany Toolbar) - {542E4D79-1970-4E95-9862-FDB96F61B280} - F:\Program Files\Messenger_Plus_Live_Germany\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (MessengerPlusLive Germany TB Toolbar) - {76AEEA42-E04A-4B62-83AB-DF4B2BE2541E} - F:\Program Files\MessengerPlusLive_Germany_TB\tbMess.dll (Conduit Ltd.)
O4 - HKLM..\Run: [DivXUpdate] F:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] F:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] F:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [{04771518-AD31-B248-B999-5462D46FD854}] F:\Users\Mudimu\AppData\Roaming\Itlyvu\suyvi.exe File not found
O4 - Startup: F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O8 - Extra context menu item: Add to Google Photos Screensa&ver - F:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - F:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-de.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - F:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - F:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - F:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - F:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - F:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - F:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - F:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.10.27 21:37:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - F:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.10.07 06:07:16 | 000,000,341 | RHS- | M] () - I:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.25 18:14:34 | 000,000,000 | ---D | C] -- F:\_OTL
[2010.10.22 23:13:18 | 003,181,568 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mf.dll
[2010.10.22 23:13:18 | 001,619,456 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\WMVDECOD.DLL
[2010.10.22 23:13:18 | 000,196,608 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\mfreadwrite.dll
[2010.10.22 22:06:08 | 000,000,000 | ---D | C] -- F:\Program Files\Feedback Tool
[2010.10.22 22:04:14 | 020,698,424 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\Desktop\IE9-Windows7-x86-deu.exe
[2010.10.22 16:58:37 | 000,107,520 | ---- | C] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
[2010.10.22 16:58:37 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\updates
[2010.10.20 17:54:25 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\Desktop\Numba
[2010.10.19 23:49:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\Malwarebytes
[2010.10.19 23:49:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.19 23:49:31 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- F:\Windows\System32\drivers\mbam.sys
[2010.10.19 23:49:31 | 000,000,000 | ---D | C] -- F:\ProgramData\Malwarebytes
[2010.10.19 23:49:30 | 000,000,000 | ---D | C] -- F:\Program Files\Malwarebytes' Anti-Malware
[2010.10.18 19:32:46 | 000,000,000 | ---D | C] -- F:\Windows\System32\appmgmt
[2010.10.18 10:25:31 | 000,000,000 | ---D | C] -- F:\Windows\pss
[2010.10.17 19:15:27 | 000,000,000 | -H-D | C] -- F:\Users\Mudimu\Desktop\.picasaoriginals
[2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\ProgramData\SMHGCYE
[2010.10.16 21:59:37 | 000,000,000 | -HSD | C] -- F:\Users\Mudimu\AppData\Roaming\Smart Engine
[2010.10.16 17:12:59 | 000,000,000 | ---D | C] -- F:\Program Files\Trend Micro
[2010.10.15 23:20:49 | 000,000,000 | ---D | C] -- F:\Programme\MSECache
[2010.10.14 20:53:43 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Local\{71D81AB0-74A4-4E16-A52F-46750D03B515}
[2010.10.13 17:00:29 | 000,363,520 | ---- | C] (Microsoft Corporation) -- F:\Windows\System32\StructuredQuery.dll
[2010.10.13 12:36:44 | 000,096,104 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys
[2010.10.13 12:36:44 | 000,056,816 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys
[2010.10.13 12:36:44 | 000,028,520 | ---- | C] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys
[2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\ProgramData\Avira
[2010.10.13 12:36:25 | 000,000,000 | ---D | C] -- F:\Program Files\Avira
[2010.10.13 11:49:45 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download
[2010.10.13 11:12:01 | 000,000,000 | ---D | C] -- F:\ProgramData\Grisoft
[2010.10.12 23:49:13 | 000,000,000 | ---D | C] -- F:\Users\Mudimu\AppData\Roaming\download2
[2010.10.11 18:41:57 | 000,719,872 | ---- | C] (Abysmal Software) -- F:\Windows\System32\devil.dll
[2010.10.11 18:41:57 | 000,369,152 | ---- | C] (The Public) -- F:\Windows\System32\avisynth.dll
[2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\yv12vfw.dll
[2010.10.11 18:41:56 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- F:\Windows\System32\i420vfw.dll
[2010.10.11 18:41:55 | 000,000,000 | ---D | C] -- F:\Program Files\AviSynth 2.5
[2010.10.11 18:40:23 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSSplitter.ax
[2010.10.11 18:40:22 | 000,092,672 | RHS- | C] (RadLight) -- F:\Windows\System32\RLVorbisDec.ax
[2010.10.11 18:40:22 | 000,090,112 | RHS- | C] (-) -- F:\Windows\System32\TTADSDecoder.ax
[2010.10.11 18:40:22 | 000,067,584 | RHS- | C] (RadLight, LLC) -- F:\Windows\System32\RLTheoraDec.ax
[2010.10.11 18:40:21 | 000,186,880 | RHS- | C] (RadLight) -- F:\Windows\System32\RLOgg.ax
[2010.10.11 18:40:20 | 000,161,792 | RHS- | C] (Gabest) -- F:\Windows\System32\RealMediaDX.ax
[2010.10.11 18:40:19 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- F:\Windows\System32\nbDX.dll
[2010.10.11 18:40:19 | 000,169,472 | RHS- | C] (Gabest) -- F:\Windows\System32\MatroskaDX.ax
[2010.10.11 18:40:19 | 000,031,232 | RHS- | C] (Hans Mayerl) -- F:\Windows\System32\msfDX.dll
[2010.10.11 18:40:18 | 000,179,200 | RHS- | C] (Gabest) -- F:\Windows\System32\DiracSplitter.ax
[2010.10.11 18:40:18 | 000,163,328 | RHS- | C] (Gabest) -- F:\Windows\System32\flvDX.dll
[2010.10.11 18:40:17 | 000,123,904 | RHS- | C] (CoreCodec) -- F:\Windows\System32\AVCDX.ax
[2010.10.11 18:39:00 | 000,000,000 | ---D | C] -- F:\Program Files\eRightSoft
[2010.10.10 21:52:51 | 000,000,000 | ---D | C] -- F:\ProgramData\AntiVir PersonalEdition Classic
[2010.10.08 16:13:25 | 000,000,000 | ---D | C] -- F:\Program Files\iPod
[2010.10.08 16:13:11 | 000,000,000 | ---D | C] -- F:\Program Files\iTunes
[2010.10.08 15:57:28 | 000,000,000 | ---D | C] -- F:\Programme\QuickTime
[2010.10.08 15:54:09 | 000,000,000 | ---D | C] -- F:\Programme\Bonjour
[1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.25 18:42:16 | 000,001,092 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.25 18:42:06 | 000,067,584 | --S- | M] () -- F:\Windows\bootstat.dat
[2010.10.25 18:41:58 | 804,659,200 | -HS- | M] () -- F:\hiberfil.sys
[2010.10.24 20:47:20 | 000,001,096 | ---- | M] () -- F:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.24 15:43:11 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.24 15:43:11 | 000,014,752 | -H-- | M] () -- F:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.23 12:46:36 | 000,648,466 | ---- | M] () -- F:\Windows\System32\perfh007.dat
[2010.10.23 12:46:36 | 000,611,134 | ---- | M] () -- F:\Windows\System32\perfh009.dat
[2010.10.23 12:46:36 | 000,128,724 | ---- | M] () -- F:\Windows\System32\perfc007.dat
[2010.10.23 12:46:36 | 000,105,314 | ---- | M] () -- F:\Windows\System32\perfc009.dat
[2010.10.23 01:47:54 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\25969.bat
[2010.10.22 23:05:52 | 000,000,134 | ---- | M] () -- F:\Users\Mudimu\Desktop\Internet Explorer-Problembehebung.url
[2010.10.22 22:05:24 | 020,698,424 | ---- | M] (Microsoft Corporation) -- F:\Users\Mudimu\Desktop\IE9-Windows7-x86-deu.exe
[2010.10.22 18:53:02 | 000,689,333 | ---- | M] () -- F:\Users\Mudimu\Desktop\830px-Ministrybreakin.png
[2010.10.22 16:58:32 | 000,107,520 | ---- | M] (Microsoft Corporation) -- F:\Users\Mudimu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mousedriver.exe
[2010.10.22 13:42:49 | 000,002,290 | ---- | M] () -- F:\Users\Public\Desktop\Google Chrome.lnk
[2010.10.19 23:49:34 | 000,000,983 | ---- | M] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.19 23:15:28 | 000,000,217 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- F:\Windows\System32\MpSigStub.exe
[2010.10.18 15:24:56 | 000,023,552 | ---- | M] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc
[2010.10.17 23:42:31 | 000,096,104 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avipbb.sys
[2010.10.17 23:42:31 | 000,056,816 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\avgntflt.sys
[2010.10.17 23:42:31 | 000,028,520 | ---- | M] (Avira GmbH) -- F:\Windows\System32\drivers\ssmdrv.sys
[2010.10.17 23:32:56 | 000,000,185 | ---- | M] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat
[2010.10.17 19:15:28 | 000,143,976 | ---- | M] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg
[2010.10.17 12:57:10 | 000,002,109 | RHS- | M] () -- F:\Windows\System32\drivers\etc\hosts
[2010.10.16 17:13:27 | 000,002,043 | ---- | M] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk
[2010.10.13 22:04:19 | 001,991,640 | ---- | M] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa
[2010.10.13 12:51:30 | 000,002,016 | ---- | M] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.11 18:40:24 | 000,001,998 | ---- | M] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.10.11 18:40:24 | 000,001,974 | ---- | M] () -- F:\Users\Public\Desktop\SUPER ©.lnk
[2010.10.10 15:45:16 | 000,001,284 | ---- | M] () -- F:\Users\Public\Desktop\Fahren Lernen Offline.lnk
[2010.10.08 16:16:40 | 000,002,429 | ---- | M] () -- F:\Users\Public\Desktop\iTunes.lnk
[2010.10.08 15:58:20 | 000,001,815 | ---- | M] () -- F:\Users\Public\Desktop\QuickTime Player.lnk
[1 F:\Users\Mudimu\*.tmp files -> F:\Users\Mudimu\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.23 01:47:54 | 000,000,217 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\25969.bat
[2010.10.22 23:05:52 | 000,000,134 | ---- | C] () -- F:\Users\Mudimu\Desktop\Internet Explorer-Problembehebung.url
[2010.10.22 18:52:55 | 000,689,333 | ---- | C] () -- F:\Users\Mudimu\Desktop\830px-Ministrybreakin.png
[2010.10.19 23:49:34 | 000,000,983 | ---- | C] () -- F:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.19 23:15:28 | 000,000,217 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\18719.bat
[2010.10.18 15:24:56 | 000,023,552 | ---- | C] () -- F:\Users\Mudimu\Documents\Remove Wininit.doc
[2010.10.17 23:32:56 | 000,000,185 | ---- | C] () -- F:\Users\Mudimu\AppData\Roaming\23311.bat
[2010.10.17 19:15:28 | 000,143,976 | ---- | C] () -- F:\Users\Mudimu\Desktop\101013_171857.jpg
[2010.10.16 17:13:01 | 000,002,043 | ---- | C] () -- F:\Users\Mudimu\Desktop\HijackThis.lnk
[2010.10.13 22:04:16 | 001,991,640 | ---- | C] () -- F:\Users\Mudimu\Desktop\SPB_TV_2.0.ipa
[2010.10.13 12:51:30 | 000,002,016 | ---- | C] () -- F:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.11 18:41:56 | 000,027,648 | ---- | C] () -- F:\Windows\System32\AVSredirect.dll
[2010.10.11 18:40:24 | 000,001,998 | ---- | C] () -- F:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.10.11 18:40:24 | 000,001,974 | ---- | C] () -- F:\Users\Public\Desktop\SUPER ©.lnk
[2010.10.11 18:40:22 | 000,051,712 | RHS- | C] () -- F:\Windows\System32\RLSpeexDec.ax
[2010.10.11 18:40:21 | 000,107,520 | RHS- | C] () -- F:\Windows\System32\RLMPCDec.ax
[2010.10.11 18:40:21 | 000,070,656 | RHS- | C] () -- F:\Windows\System32\RLAPEDec.ax
[2010.10.11 18:40:19 | 000,120,832 | RHS- | C] () -- F:\Windows\System32\MPCDx.ax
[2010.10.11 18:40:18 | 000,097,280 | RHS- | C] () -- F:\Windows\System32\FLACDX.ax
[2010.10.11 18:40:17 | 000,175,104 | RHS- | C] () -- F:\Windows\System32\CoreAAC.ax
[2010.10.11 18:40:16 | 000,227,328 | RHS- | C] () -- F:\Windows\System32\ac3DX.ax
[2010.10.11 18:40:16 | 000,081,920 | RHS- | C] () -- F:\Windows\System32\aac_parser.ax
[2010.10.08 16:16:40 | 000,002,429 | ---- | C] () -- F:\Users\Public\Desktop\iTunes.lnk
[2010.10.08 15:58:20 | 000,001,815 | ---- | C] () -- F:\Users\Public\Desktop\QuickTime Player.lnk
[2010.08.16 23:54:41 | 000,007,168 | ---- | C] () -- F:\Users\Mudimu\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.13 10:32:52 | 000,000,534 | ---- | C] () -- F:\Windows\ODBC.INI
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- F:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- F:\Windows\System32\BWContextHandler.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- F:\Windows\System32\drivers\ASACPI.sys

< End of report >
         
--- --- ---

Alt 25.10.2010, 17:52   #25
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 25.10.2010 18:45:35 - Run 3
OTL by OldTimer - Version 3.2.16.0     Folder = F:\Users\Mudimu\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 349,00 Mb Available Physical Memory | 34,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 63,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = F: | %SystemRoot% = F:\Windows | %ProgramFiles% = F:\Program Files
Drive C: | 2,00 Gb Total Space | 0,01 Gb Free Space | 0,64% Space Free | Partition Type: NTFS
Drive E: | 2,82 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 97,65 Gb Total Space | 9,21 Gb Free Space | 9,43% Space Free | Partition Type: NTFS
Drive G: | 24,41 Gb Total Space | 0,02 Gb Free Space | 0,07% Space Free | Partition Type: NTFS
Drive H: | 11,72 Gb Total Space | 10,46 Gb Free Space | 89,26% Space Free | Partition Type: NTFS
Drive I: | 488,84 Mb Total Space | 162,55 Mb Free Space | 33,25% Space Free | Partition Type: FAT
 
Computer Name: MUDIMU-PC | User Name: Mudimu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- F:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- F:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- F:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{452473D3-1D26-4E61-8060-3B216620D60C}_is1" = Fahren Lernen Offline 1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_GROOVE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_GROOVE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_GROOVE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_GROOVE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0000-0000-0000000FF1CE}" = Microsoft Office Groove 2007
"{90120000-00BA-0000-0000-0000000FF1CE}_GROOVE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0000-0000-0000000FF1CE}_GROOVE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_GROOVE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_GROOVE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_GROOVE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9799BD05-5F89-484C-008E-F50592F53440}" = Harry Potter und der Feuerkelch™
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5760-0000-900000000003}" = Japanese Fonts Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AudibleDownloadManager" = Audible Download Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup.divx.com" = DivX-Setup
"Google Chrome" = Google Chrome
"GROOVE" = Microsoft Office Groove 2007
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live_Germany Toolbar" = Messenger_Plus_Live_Germany Toolbar
"MessengerPlusLive_Germany_TB Toolbar" = MessengerPlusLive Germany TB Toolbar
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Picasa 3" = Picasa 3
"RealPlayer 12.0" = RealPlayer
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"VISPRO" = Microsoft Office Visio Professional 2007
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 19.10.2010 16:09:14 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdcc5  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00075cf0  ID des fehlerhaften
 Prozesses: 0xd14  Startzeit der fehlerhaften Anwendung: 0x01cb6fb8195e530e  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: be48c086-dbbc-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 16:10:12 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdc89  Name des fehlerhaften Moduls: NPSWF32.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4bfd730a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x632918e6
ID
 des fehlerhaften Prozesses: 0x7a4  Startzeit der fehlerhaften Anwendung: 0x01cb6fb84661b0be
Pfad
 der fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: NPSWF32.dll  Berichtskennung: e06f8fb4-dbbc-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 17:08:20 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdcc5  Name des fehlerhaften Moduls: CoolType.dll, Version: 5.5.69.1,
 Zeitstempel: 0x4c1d66b7  Ausnahmecode: 0xc0000409  Fehleroffset: 0x00184a20  ID des fehlerhaften
 Prozesses: 0xf30  Startzeit der fehlerhaften Anwendung: 0x01cb6fc9a0ee85c5  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: F:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll  Berichtskennung: ff745be8-dbc4-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 17:09:26 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdc89  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0x280  Startzeit der fehlerhaften Anwendung: 0x01cb6fc9ca2c975f  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 271642fb-dbc5-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 17:27:15 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdcc5  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00064fbd  ID des fehlerhaften
 Prozesses: 0x120  Startzeit der fehlerhaften Anwendung: 0x01cb6fd1f61ba89b  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: a4319494-dbc7-11df-8c55-0018f35bb59f
 
Error - 19.10.2010 17:27:33 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdc89  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b21e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00046bf0  ID des fehlerhaften
 Prozesses: 0x6f4  Startzeit der fehlerhaften Anwendung: 0x01cb6fd226000938  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\plugin-container.exe  Pfad
 des fehlerhaften Moduls: F:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: aec8d8bf-dbc7-11df-8c55-0018f35bb59f
 
Error - 20.10.2010 06:07:35 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3909,
 Zeitstempel: 0x4c8fdcc5  Name des fehlerhaften Moduls: CoolType.dll, Version: 5.5.69.1,
 Zeitstempel: 0x4c1d66b7  Ausnahmecode: 0xc0000409  Fehleroffset: 0x00184a20  ID des fehlerhaften
 Prozesses: 0xabc  Startzeit der fehlerhaften Anwendung: 0x01cb703cbccdd013  Pfad der
 fehlerhaften Anwendung: F:\Program Files\Mozilla Firefox\firefox.exe  Pfad des fehlerhaften
 Moduls: F:\Program Files\Adobe\Reader 9.0\Reader\CoolType.dll  Berichtskennung: dbfc3116-dc31-11df-a595-0018f35bb59f
 
Error - 20.10.2010 10:39:42 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: MSONSEXT.DLL, Version: 10.145.7329.0,
 Zeitstempel: 0x4019138d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0004ef37  ID des fehlerhaften
 Prozesses: 0x898  Startzeit der fehlerhaften Anwendung: 0x01cb7039dca38c86  Pfad der
 fehlerhaften Anwendung: F:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls: F:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
Berichtskennung:
 df52cfcf-dc57-11df-a595-0018f35bb59f
 
Error - 20.10.2010 10:43:05 | Computer Name = Mudimu-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: setup.exe_Google Chrome, Version:
 7.0.517.41, Zeitstempel: 0x4cb3d03b  Name des fehlerhaften Moduls: setup.exe, Version:
 7.0.517.41, Zeitstempel: 0x4cb3d03b  Ausnahmecode: 0x40000015  Fehleroffset: 0x0005c280
ID
 des fehlerhaften Prozesses: 0x58c  Startzeit der fehlerhaften Anwendung: 0x01cb706505edfc68
Pfad
 der fehlerhaften Anwendung: F:\Windows\Temp\CR_AB62.tmp\setup.exe  Pfad des fehlerhaften
 Moduls: F:\Windows\Temp\CR_AB62.tmp\setup.exe  Berichtskennung: 584a1b5f-dc58-11df-a595-0018f35bb59f
 
Error - 20.10.2010 11:04:30 | Computer Name = Mudimu-PC | Source = Application Hang | ID = 1002
Description = Programm RealUpgrade.exe, Version 1.0.2.170 kann nicht mehr unter 
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem 
zu suchen.    Prozess-ID: 6ec    Startzeit: 01cb70676a57ef22    Endzeit: 31    Anwendungspfad: F:\Program
 Files\Real\RealUpgrade\RealUpgrade.exe    Berichts-ID: 5310237d-dc5b-11df-bfab-0018f35bb59f

 
[ Media Center Events ]
Error - 12.10.2010 03:22:50 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:49 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 03:22:52 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:51 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 03:22:52 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 09:22:52 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 14:20:46 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:20:46 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 14:21:21 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:20 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 14:21:22 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:22 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
zugrunde liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal
 konnte keine Vertrauensstellung hergestellt werden..)  
 
Error - 12.10.2010 14:21:28 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:21:23 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 13.10.2010 14:02:34 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:02:34 - Fehler beim Herstellen der Internetverbindung.  20:02:34 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.10.2010 14:02:45 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 20:02:40 - Fehler beim Herstellen der Internetverbindung.  20:02:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 17.10.2010 04:27:41 | Computer Name = Mudimu-PC | Source = MCUpdate | ID = 0
Description = 10:27:32 - Fehler beim Herstellen der Internetverbindung.  10:27:32 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 13.09.2010 13:01:25 | Computer Name = Mudimu-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 13.09.2010 13:02:16 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 13.09.2010 13:02:16 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 13.09.2010 13:02:16 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 13.09.2010 13:02:27 | Computer Name = Mudimu-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
--- --- ---

Alt 25.10.2010, 19:02   #26
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



Das ist nicht das Fix-Log!
Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 28.10.2010, 15:50   #27
Ignorans
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



Sorry, es scheint, als sei auf meinem Rechner kein _OTL unter C vorhanden!

Alt 28.10.2010, 19:30   #28
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Standard

explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme



Dann machden Fix bitte nochmal.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme
alert, andere, angemeldet, avira, befinden, brauche, dinge, einfach, explorer.exe, explorer.exe wininit.exe trojaner, facharbeit, hoffe, malware, problem, probleme, richtig, security, security alert, seite, tr/spy., troja, trojaner, virus, virus?, windows, windows security, windows security alert




Ähnliche Themen: explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme


  1. Microsoft und Adobe bereiten Patchday vor
    Nachrichten - 09.05.2014 (0)
  2. Windows 7: Laptop lahmt plötzlich und Probleme mit der explorer.exe bzw dem Windowss Explorer
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. Wininit.exe netzwerkverbindung
    Antiviren-, Firewall- und andere Schutzprogramme - 01.06.2013 (4)
  4. Bereiten Sie sich auf die Sicherheitsupdates für November 2012 vor
    Nachrichten - 12.11.2012 (0)
  5. Blue-Screen durch wininit.exe
    Alles rund um Windows - 21.09.2012 (5)
  6. Wininit.ini NUL=... au_.exe
    Alles rund um Windows - 04.12.2010 (11)
  7. Entfernen von Virus:Win32/Bamital.H und Trojan:Win32/Spyeye.H aus wininit.exe und explorer.exe
    Plagegeister aller Art und deren Bekämpfung - 19.11.2010 (37)
  8. Virusbefall explorer.exe mit TR/Spy.2614272.6 und wininit.exe/TR.Spy.96256.37
    Plagegeister aller Art und deren Bekämpfung - 05.11.2010 (5)
  9. Trojaner TR/Patched.KL.134 in wininit.exe
    Log-Analyse und Auswertung - 01.11.2010 (6)
  10. TR/bamtial.CB in C:\Windows\System32\wininit.exe
    Log-Analyse und Auswertung - 31.10.2010 (1)
  11. TR/Spy.2614272.4 und TR/Spy.96256.33 machen mir Sorgen...
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (15)
  12. TR/spy.2614272.4 und TR/spy.96256.33 bekomme ich nicht gelöscht
    Log-Analyse und Auswertung - 14.10.2010 (4)
  13. Explorer.exe TR/Spy.2614272.2 Found
    Plagegeister aller Art und deren Bekämpfung - 30.09.2010 (1)
  14. Trojaner in wininit.exe und csrss.exe?
    Log-Analyse und Auswertung - 01.09.2010 (1)
  15. PSW.OnLineGames und Autorun Wurm bereiten unwohles Gefühl
    Plagegeister aller Art und deren Bekämpfung - 04.07.2010 (11)
  16. Wininit.exe fehlt
    Alles rund um Windows - 21.12.2009 (6)
  17. wininit.ini
    Archiv - 13.01.2003 (31)

Zum Thema explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme - Häh? Ich schrieb was von nicht aktuellem Malwarebytes und Du postest mit (neue) OTL-Logs! - explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme...
Archiv
Du betrachtest: explorer.exe (TR/Spy.2614272.4) und wininit.exe (TR/Spy96256.33) bereiten Probleme auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.