| Windows 7 Task-Manager startet nicht / Regedit nicht möglich. Hallo zusammen,
ich weiß das es einen Thread mit ähnlichem Titel schon gibt http://www.trojaner-board.de/90896-w...-moeglich.html , den hab ich auch schon durchgelesen weil ich die gleichen Symptome wie die in diesem Tread habe.
Mein Taskmanager startet nicht mehr und ich kann die regedit nicht mehr ausführen.
Deshalb poste ich jetzt ma die Logfiles von Malwarebytes und OTL in der Hoffnung das mir einer von euch beim beseitigen dieser Plage helfen kann Zitat:
OTL logfile created on: 05.11.2010 12:04:59 - Run 2
OTL by OldTimer - Version Folder = C:\Users\***\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 174,00 Mb Available Physical Memory | 17,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 42,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,29 Gb Total Space | 128,95 Gb Free Space | 84,12% Space
Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 120,98 Gb Free Space | 64,93% Space Free | Partition Type: NTFS
Computer Name: BERND-PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days ========== Processes (SafeList) ==========
PRC - C:\Users\Bernd\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) ========== Modules (SafeList) ==========
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ==========
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ==========
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm62x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (Si3132r5) -- C:\Windows\system32\DRIVERS\Si3132r5.sys (Silicon Image, Inc)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4054037748-1846205000-1530063180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-4054037748-1846205000-1530063180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-4054037748-1846205000-1530063180-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 2D 76 4E 7D 68 CA 01 [binary data]
IE - HKU\S-1-5-21-4054037748-1846205000-1530063180-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.11
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.9
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.03.09 19:40:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.02.21 17:12:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.02.21 17:12:49 | 000,000,000 | ---D | M]
[2009.10.25 12:02:33 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\mozilla\Extensions
[2010.11.05 11:41:58 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions
[2010.11.04 14:08:31 | 000,000,000 | ---D | M] (Forecastfox Weather) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.01.19 20:36:12 | 000,000,000 | ---D | M] (All-in-One Sidebar) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}
[2010.11.04 14:08:29 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2009.10.25 14:37:17 | 000,000,000 | ---D | M] (TorrentBar) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\{7b821b0e-b102-4f9b-b6e3-433ede1fe379}
[2010.06.12 19:28:01 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.11.04 14:08:31 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.11.04 14:08:32 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.11.04 14:08:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009.10.25 13:03:25 | 000,000,000 | ---D | M] -- C:\Users\Bernd\AppData\Roaming\mozilla\Firefox\Profiles\baellg4x.default\extensions\FasterFox_Lite@BigRedBrent
[2010.11.04 14:08:49 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.10.25 19:20:14 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Programme\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.11.05 11:28:10 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-4054037748-1846205000-1530063180-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer =
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27 - HKLM IFEO\regedit.exe: Debugger - 0 File not found
O27 - HKLM IFEO\taskmgr.exe: Debugger - 0 File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1c36e6eb-c153-11de-8050-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1c36e6eb-c153-11de-8050-806e6f6e6963}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 180 Days ==========
[2010.11.05 11:28:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.11.05 11:10:54 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\Bernd\Desktop\OTL.exe
[2010.11.05 11:03:29 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Roaming\Malwarebytes
[2010.11.05 11:03:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.05 11:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.11.05 11:03:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.05 11:03:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.11.05 10:56:11 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Wise Installation Wizard
[2010.11.05 10:54:58 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.11.05 10:54:58 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.11.05 10:54:58 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.11.05 10:54:57 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.11.05 10:54:57 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.11.05 10:54:57 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.11.05 10:54:57 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll
[2010.11.05 10:54:56 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.11.05 10:54:56 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_6.dll
[2010.11.05 10:54:56 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_6.dll
[2010.11.05 10:54:56 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_4.dll
[2010.11.05 10:54:55 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_5.dll
[2010.11.05 10:54:55 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_5.dll
[2010.11.05 10:54:55 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_7.dll
[2010.11.05 10:54:54 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_42.dll
[2010.11.05 10:54:54 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_42.dll
[2010.11.05 10:54:53 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_42.dll
[2010.11.05 10:54:53 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_42.dll
[2010.11.05 10:54:52 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll
[2010.11.05 10:54:52 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_42.dll
[2010.11.05 10:54:52 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll
[2010.11.05 10:54:52 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll
[2010.11.05 10:54:51 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll
[2010.11.05 10:54:51 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll
[2010.11.05 10:54:51 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll
[2010.11.05 10:54:51 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll
[2010.11.05 10:54:51 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll
[2010.11.05 10:54:51 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll
[2010.11.05 10:54:50 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll
[2010.11.05 10:54:50 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll
[2010.11.05 10:54:50 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll
[2010.11.05 10:54:49 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll
[2010.11.05 10:54:49 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll
[2010.11.05 10:54:49 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll
[2010.11.05 10:54:49 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll
[2010.11.05 10:54:49 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll
[2010.11.05 10:54:48 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll
[2010.11.05 10:54:48 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll
[2010.11.05 10:54:48 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll
[2010.11.05 10:54:48 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll
[2010.11.05 10:54:47 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll
[2010.11.05 10:54:47 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll
[2010.11.05 10:54:47 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll
[2010.11.05 10:54:47 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll
[2010.11.05 10:54:47 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll
[2010.11.05 10:54:46 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll
[2010.11.05 10:54:46 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_0.dll
[2010.11.05 10:54:46 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_0.dll
[2010.11.05 10:54:45 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_37.dll
[2010.11.05 10:54:45 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_37.dll
[2010.11.05 10:54:45 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_37.dll
[2010.11.05 10:54:45 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_3.dll
[2010.11.05 10:54:44 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_36.dll
[2010.11.05 10:54:44 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_36.dll
[2010.11.05 10:54:44 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_10.dll
[2010.11.05 10:54:43 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_36.dll
[2010.11.05 10:54:43 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_9.dll
[2010.11.05 10:54:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.11.05 10:54:42 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.11.05 10:54:42 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.11.05 10:54:42 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2010.11.05 10:54:42 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_2.dll
[2010.11.05 10:54:41 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.11.05 10:54:41 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.11.05 10:54:41 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.11.05 10:54:41 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2010.11.05 10:54:40 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2010.11.05 10:54:40 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2010.11.05 10:54:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2010.11.05 10:54:40 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2010.11.05 10:54:39 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2010.11.05 10:54:39 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2010.11.05 10:54:39 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2010.11.05 10:54:38 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2010.11.05 10:54:38 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2010.11.05 10:54:38 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2010.11.05 10:54:38 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2010.11.05 10:54:37 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.11.05 10:54:37 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.11.05 10:54:37 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.11.05 10:54:37 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.11.05 10:54:36 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.11.05 10:54:30 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_30.dll
[2010.11.05 10:54:29 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.11.05 10:54:29 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.11.05 10:54:29 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.11.05 10:54:28 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_28.dll
[2010.11.05 10:54:28 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.11.05 10:54:28 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.11.05 10:54:27 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.11.05 10:54:27 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.11.05 10:43:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2010.11.05 10:41:31 | 000,068,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System\xinput1_3.dll
[2010.11.05 10:30:47 | 000,000,000 | ---D | C] -- C:\Users\Bernd\AppData\Local\2K Games
[2010.11.04 14:25:39 | 000,000,000 | ---D | C] -- C:\Programme\SystemRequirementsLab
[2010.11.04 14:24:31 | 000,000,000 | ---D | C] -- C:\Users\Bernd\SystemRequirementsLab
[2010.11.04 14:13:03 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.11.04 14:11:58 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.11.04 14:11:43 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.11.04 14:11:40 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.11.04 14:11:28 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.11.04 14:11:28 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.11.04 14:11:28 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.11.04 14:11:28 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.11.04 14:11:16 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.11.04 14:11:16 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.11.04 14:11:11 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.11.04 14:11:10 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.11.04 14:11:10 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.11.04 14:11:09 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.11.04 14:11:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.11.04 14:11:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.11.04 14:11:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.11.04 14:11:09 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.11.04 14:11:09 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.11.04 14:11:09 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.11.04 14:11:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.11.04 14:10:58 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.11.04 14:10:56 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.11.04 14:10:55 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.11.04 14:07:44 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.19 17:20:17 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2010.09.25 20:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.09.25 20:18:55 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.08.25 19:31:06 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.25 19:30:56 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.08.25 19:30:56 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.25 19:30:52 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.25 19:30:52 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.07.16 11:55:35 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.07.10 04:37:00 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.07.10 04:37:00 | 011,008,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.07.10 04:37:00 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.07.10 04:37:00 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.07.10 04:37:00 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.07.10 04:37:00 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.07.10 04:37:00 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.07.10 04:37:00 | 000,236,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.07.10 04:37:00 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.07.10 04:37:00 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.07.09 15:37:10 | 013,939,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.07.09 15:37:10 | 001,469,544 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010.07.09 15:37:10 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010.06.25 17:09:39 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.25 17:09:39 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.25 17:09:39 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.12 19:18:13 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.12 19:17:12 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.12 19:17:11 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.23 08:47:58 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.05.23 08:47:51 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.05.23 08:47:51 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys ========== Files - Modified Within 180 Days ==========
[2010.11.05 11:40:34 | 000,002,995 | ---- | M] () -- C:\Users\Bernd\Desktop\HiJackThis.lnk
[2010.11.05 11:37:23 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.05 11:37:23 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.05 11:37:23 | 000,134,150 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.05 11:37:23 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.05 11:35:31 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.05 11:35:31 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.05 11:30:26 | 000,405,792 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.05 11:30:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.05 11:30:01 | 804,745,216 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.05 11:28:10 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2010.11.05 11:10:52 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Bernd\Desktop\OTL.exe
[2010.11.05 11:03:21 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.05 10:12:27 | 067,207,912 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.11.04 14:12:27 | 000,000,975 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.10.19 17:22:33 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010.10.09 22:35:26 | 000,023,040 | ---- | M] () -- C:\Users\Bernd\Documents\Kündigung Domus Pro.doc
[2010.09.08 05:28:53 | 000,606,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.09.08 05:28:42 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.09.08 05:28:42 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.09.08 05:28:15 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.09.08 05:28:11 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.09.08 05:28:01 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.09.08 05:28:01 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.09.08 05:27:56 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.09.08 05:25:58 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.09.08 04:22:31 | 000,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.09.08 03:48:16 | 001,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.09.01 05:23:49 | 012,625,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.09.01 03:34:52 | 002,327,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.31 05:32:30 | 000,954,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.08.31 05:32:30 | 000,954,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.08.26 05:39:58 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.08.21 06:36:33 | 000,738,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.08.04 07:18:45 | 000,641,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.08.04 07:17:50 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.08.04 07:15:03 | 000,204,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.08.04 07:15:03 | 000,199,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.07.29 07:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.07.16 11:55:35 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.07.16 11:54:59 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.07.13 06:22:54 | 000,026,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.07.10 04:37:00 | 014,092,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.07.10 04:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.07.10 04:37:00 | 010,267,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.07.10 04:37:00 | 009,818,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.07.10 04:37:00 | 004,553,832 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.07.10 04:37:00 | 002,892,904 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.07.10 04:37:00 | 002,506,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.07.10 04:37:00 | 001,625,192 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010.07.10 04:37:00 | 000,604,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvuninst.exe
[2010.07.10 04:37:00 | 000,604,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010.07.10 04:37:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod1922.dll
[2010.07.10 04:37:00 | 000,236,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.07.10 04:37:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.07.10 04:37:00 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.07.10 04:37:00 | 000,009,596 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010.07.09 15:37:10 | 013,939,816 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.07.09 15:37:10 | 001,469,544 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010.07.09 15:37:10 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010.06.19 07:33:29 | 003,955,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.06.19 07:33:29 | 003,899,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.06.19 07:23:50 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.06.19 07:15:54 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.06.03 08:35:25 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.06.02 04:55:30 | 000,527,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_7.dll
[2010.06.02 04:55:30 | 000,239,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_7.dll
[2010.06.02 04:55:30 | 000,074,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_5.dll
[2010.05.27 08:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.05.27 04:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.05.26 11:41:02 | 002,106,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_43.dll
[2010.05.26 11:41:02 | 001,998,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_43.dll
[2010.05.26 11:41:02 | 001,868,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3dcsx_43.dll
[2010.05.26 11:41:02 | 000,470,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_43.dll
[2010.05.26 11:41:02 | 000,248,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3dx11_43.dll ========== Files Created - No Company Name ==========
[2010.11.05 11:03:21 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.04 14:12:27 | 000,000,975 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.10.19 17:22:33 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010.10.09 22:34:23 | 000,023,040 | ---- | C] () -- C:\Users\Bernd\Documents\Kündigung Domus Pro.doc
[2010.07.10 04:37:00 | 000,009,596 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.03.09 19:36:04 | 000,000,896 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010.01.03 11:42:01 | 000,000,002 | -HS- | C] () -- C:\Users\Bernd\AppData\Roaming\.zreglib
[2010.01.03 11:13:20 | 000,000,107 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.10.25 22:01:12 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.09.28 09:22:00 | 000,315,392 | ---- | C] () -- C:\Windows\System32\drivers\yk62x86.sys
[2009.07.14 01:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.14 07:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2004.08.13 09:56:20 | 000,005,810 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys ========== Alternate Data Streams ==========
@Alternate Data Stream - 48 bytes -> C:\Windows 8B6F4EB19800BB3
< End of report >
| Zitat:
OTL Extras logfile created on: 05.11.2010 12:04:59 - Run 2
OTL by OldTimer - Version Folder = C:\Users\****\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.023,00 Mb Total Physical Memory | 174,00 Mb Available Physical Memory | 17,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 42,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,29 Gb Total Space | 128,95 Gb Free Space | 84,12% Space Free | Partition Type: NTFS
Drive D: | 186,31 Gb Total Space | 120,98 Gb Free Space | 64,93% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 180 Days ========== Extra Registry (SafeList) ========== ========== File Associations ==========
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ==========
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ==========
"DisableNotifications" = 0
"EnableFirewall" = 1
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableNotifications" = 0
"EnableFirewall" = 0 ========== Authorized Applications List ==========
"C:\Windows\system32\avprot.exe" = C:\Windows\system32\avprot.exe:*:Enabled:Transport Layer -- File not found ========== HKEY_LOCAL_MACHINE Uninstall List ==========
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{AB49B509-8FCA-45E6-9FB9-9E4AEEB8F148}" = System Requirements Lab CYRI
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BCB313A5-1AD0-4829-9D6F-EB41C3CFCD4B}" = Phase 5 HTML-Editor
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}" = Microsoft Outlook-Sicherung für Persönliche Ordner
"{D6A1E429-CCE1-4140-A615-710B806D12BA}" = Motorola Driver Installation 3.2.0
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"1&1 SMS-Manager" = 1&1 SMS-Manager
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AnyDVD" = AnyDVD
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CloneDVD2" = CloneDVD2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Foxit PDF Editor" = Foxit PDF Editor
"Foxit Reader" = Foxit Reader
"HijackThis" = HijackThis 2.0.2
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"RegDom" = Registry-Dompteur
"Shop for HP Supplies" = Shop for HP Supplies
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.2
"WinRAR archiver" = WinRAR ========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.10.2010 03:23:07 | Computer Name = Bernd-PC | Source = VSS | ID = 8194
Description =
Error - 05.10.2010 18:31:44 | Computer Name = Bernd-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 09.10.2010 18:31:38 | Computer Name = PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 13.10.2010 08:37:38 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version:,
Zeitstempel: 0x4b5102f0 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version:,
Zeitstempel: 0x495057f6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c8e ID des fehlerhaften
Prozesses: 0xad0 Startzeit der fehlerhaften Anwendung: 0x01cb6ad2025409ae Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\PROGRA~1\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung: a9747949-d6c6-11df-b529-001731fa4d46
Error - 13.10.2010 10:35:01 | Computer Name = Bernd-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version:,
Zeitstempel: 0x4b5102f0 Name des fehlerhaften Moduls: FOXITR~1.OCX, Version:,
Zeitstempel: 0x495057f6 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00002c8e ID des fehlerhaften
Prozesses: 0x850 Startzeit der fehlerhaften Anwendung: 0x01cb6ae2402279bd Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\PROGRA~1\FOXITS~1\FOXITR~1\plugins\FOXITR~1.OCX Berichtskennung: 0f423e93-d6d7-11df-b529-001731fa4d46
Error - 16.10.2010 18:35:24 | Computer Name = Bernd-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 19.10.2010 12:21:25 | Computer Name = Bernd-PC | Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
Geräts. (Die Daten enthalten den Fehlercode.).
Error - 20.10.2010 18:31:45 | Computer Name = Bernd-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 27.10.2010 02:55:53 | Computer Name = Bernd-PC | Source = VSS | ID = 8194
Description =
Error - 02.11.2010 13:14:10 | Computer Name = Bernd-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 17.02.2010 06:12:01 | Computer Name = Bernd-PC | Source = MCUpdate | ID = 0
Description = 11:11:56 - Broadband konnte nicht abgerufen werden (Fehler: Die zugrunde
liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
keine Vertrauensstellung hergestellt werden..)
[ OSession Events ]
Error - 12.12.2009 10:27:11 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 62499
seconds with 180 seconds of active time. This session ended with a crash.
Error - 13.06.2010 04:36:35 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 46969
seconds with 60 seconds of active time. This session ended with a crash.
Error - 05.11.2010 06:11:43 | Computer Name = Bernd-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6539.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 338
seconds with 60 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 09.10.2010 09:50:38 | Computer Name = Bernd-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?10.?2010 um 15:48:48 unerwartet heruntergefahren.
Error - 09.10.2010 09:50:33 | Computer Name = Bernd-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 15.10.2010 11:31:14 | Computer Name = Bernd-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 18.10.2010 03:00:07 | Computer Name = Bernd-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 02.11.2010 08:43:37 | Computer Name = Bernd-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?11.?2010 um 13:42:18 unerwartet heruntergefahren.
Error - 02.11.2010 08:43:26 | Computer Name = Bernd-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.11.2010 09:20:45 | Computer Name = Bernd-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
Error - 04.11.2010 09:49:22 | Computer Name = Bernd-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst lmhosts erreicht.
Error - 04.11.2010 20:19:01 | Computer Name = Bernd-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.
Error - 05.11.2010 06:30:02 | Computer Name = Bernd-PC | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
an den Computerhersteller, um aktualisierte Firmware zu erhalten.
< End of report > | Zitat:
Malwarebytes' Anti-Malware 1.46
Datenbank Version: 5050
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
05.11.2010 12:56:03
mbam-log-2010-11-05 (12-56-03).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 233933
Laufzeit: 34 Minute(n), 20 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\regedit.exe (Security.Hijack) -> No action taken.
Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\taskmgr.exe\debugger (Security.Hijack) -> No action taken.
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
D:\Torrent Download\Mafia2\Phoenix_14beta\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> No action taken.
D:\Torrent Download\Mafia2\Phoenix_14beta\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> No action tak
| |