Spyware bildschrim blau bitte um hilfe

xblaack125 · 20.02.2011, 20:44

Hallo liebe Com.
also ...
seit eben ist mein bildschrim blau ..
da setht warning spyware infected oder so
und es geht gar nichts mehr internet öffnet nicht mehr antivirus geht auch nicht mehr auf oder sonst i-was es geht einfach nichts mehr auser so ein "programm" wo man dann kaufen muss das die spyware entfernt
würd mich freuen kann wenn mir jemand helfen könnte

markusg · 20.02.2011, 21:19

lade von einem andern pc otl. dann kopiere es auf nen stick und starte den infizierten pc neu im abgesichertem modus ohne netzwerk, bei pc start meist mit f8 zu erreichen, dort otl ausführen, logs auf dem stick speichern und über den sauberen pc posten.

Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

xblaack125 · 20.02.2011, 21:31

Ok bin grad dabei
hoffe das es klappt

xblaack125 · 20.02.2011, 22:06

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 20.02.2011 21:37:20 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Gerd\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
766,00 Mb Total Physical Memory | 413,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 87,91 Gb Free Space | 58,98% Space Free | Partition Type: NTFS
 
Computer Name: BASSI | User Name: Gerd | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0733058D-F0D8-4583-A0A7-D87DE080F138}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1002763E-6185-4C0D-ADB9-B11064165932}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{119141C0-3D98-4DB6-A002-13C73FA73AB8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{15B10C99-8010-4903-A202-490066456592}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1DA53D11-6553-4C63-98D7-5891D274AE90}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{2E26DE29-2D37-4FDC-AFEF-2E227FEC179A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{46D0E1DC-B6A4-48DE-8252-AD7CB87E7B10}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{51EADF18-9218-4173-9E8E-2881DB15A1A2}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{5C6D90B9-413E-41F3-BDA2-42902FADE476}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5E67222E-3A67-4B5D-AB36-7B86B74E9DE4}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6AE3021F-F051-40C2-94E2-811CBD14B318}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{700FB949-2DF5-4B85-982E-46B42E892583}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73ABD8D3-117E-4284-97CC-8E14CBD91835}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{7743A5FD-A758-413A-BF4F-BD69243DD763}" = rport=138 | protocol=17 | dir=out | app=system | 
"{786979BD-2EED-4C57-9E94-93229969AF6B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{7C16681F-EFB9-41A7-A52E-200E020A3DBB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7D58D48F-3C51-41A5-BC27-101A893C4586}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{82F08FA8-8476-45DE-B7FE-7252E683AD2F}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{9DB1F6BA-25F6-499E-9044-1272621FB583}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B6785CA7-4D0B-4085-9070-57BA4D422E7C}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C062C805-FB9E-43C0-9511-3BCF35E91D75}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{C6F94A0A-929A-45BA-AC9B-B8D3F7193AD8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CCA16E9D-612B-4D71-8C7E-F37C0763EAD9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CDC6FE8F-4EBB-46F7-824C-4DB0B6F8D8F4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D236EDCB-19EC-4784-989E-F108FEA1A5EE}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DEB7471B-37AE-48AD-9B57-9C0A48F79271}" = lport=137 | protocol=17 | dir=in | app=system | 
"{EE14C428-5E87-4318-BF28-581E34DD261D}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{F400DE8C-3DF0-45FA-9C8F-C92391D89FAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F75CAE90-37EF-4D2D-A480-8167D284CD65}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B0E83E-FBC2-46B3-8264-0CBD02FE31B8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{02C160C1-D3AB-4C15-B005-83F63FBFBBEA}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{035ED512-2D38-4741-87BF-7AC2193D3977}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{03DBD1D5-21AC-4956-9156-4DED4A8DC76C}" = protocol=17 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe | 
"{07A9EDB8-A4EB-4AF0-B552-3942C1470C52}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{0DF7B5BB-8921-44BF-89FE-D39B1DB70773}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{115B74E1-CB22-4A31-92F5-AE407B9345A5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{171DDB72-987E-4FA7-9AC6-E60F8BAD83A1}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{2050DD68-D8A4-4581-AA42-189F88287609}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{277B6801-7689-4ABD-9B29-86105339B4B5}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{29FD0052-1283-4A7C-BA61-040B15C2D7C1}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{32075010-ACB4-4C35-824C-91EC30F8EE7D}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{324F0481-28CC-4EEF-B4FD-B5C2851B9DA7}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{36E0C53E-E3AA-449F-8AA5-64C3865AA78B}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{3B70B498-066E-4690-A601-B81D477C3B4D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{440B5CA1-7CAB-4D26-B4C7-79BB705B8AE2}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{4E23345C-AA32-4D96-9660-100DAC256A35}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe | 
"{52B9E834-DA60-4A9A-B06D-BD4EAE7130A9}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{546C5C7C-ABB2-42FA-B499-ED72C1730855}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{5B5932D2-243D-4695-BDAC-A6BDB8E7A868}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{5F6EAF6C-47EA-452D-BC69-E6CC28B293A9}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{68447752-07FC-41ED-8E42-E9C019929BB2}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{68770F42-3188-47B6-A0FE-38BE57552E0F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{6ED99428-2095-4D4B-9026-B0EF8B00C652}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{7ACB49DE-E091-42BC-B8E2-3B3679DA0803}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{7F3C6410-5324-4272-BD65-72508174E67D}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{94B9A6B8-17ED-4599-A08F-349EB4D5A1D8}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{995B68E8-C87C-4DD0-994C-6D138B69E4BB}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe | 
"{9E3F1172-6CD2-4D39-84B3-6938F33A161E}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A4FA1E08-57D3-4B6C-93B9-53EAEF989B94}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A83D41B0-2AAD-4680-8F0F-382F49ED1CA4}" = protocol=6 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{A86A3DD2-14D6-4F97-BAB9-CD91648911C3}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{A99D9FA5-5B19-4CEC-93CF-43FAB9E23F49}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer.exe | 
"{AC881C0B-FC7F-4D6F-A32C-55E9A2C25F9F}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{AE09F910-7D75-4783-B8C6-D341DB097945}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{AE76C5A8-D7EB-4C0B-8678-1185CDD3B7C5}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{B53A9AE1-FE4A-4107-A8C6-0D6C2C44DA69}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{B59039EB-9B82-4C11-85E5-4324E88C6CC6}" = protocol=6 | dir=in | app=c:\program files\dsl connection manager\o2dslconfiguration.exe | 
"{B64A17F6-495B-4F38-B0FB-6819983F00CE}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{B98C673A-C0FD-4C59-B35C-B1B28C97BB88}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{B9A4EF4F-8CC1-45EF-B1B3-52411BF66248}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{BC7041C7-8E55-474E-9B5F-4DAA2335E949}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{BEA5AF8E-8F02-447A-9757-A2846A0A251F}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{C03EBD6D-3166-4F5C-9871-7AED31CFFDA9}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version6\teamviewer_service.exe | 
"{C66BECED-3496-47D5-BECF-9ADA5904FEFF}" = protocol=17 | dir=in | app=c:\program files\icq7.2\aolload.exe | 
"{C883A10D-6977-4605-BBA2-D56EB6D630D1}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{C9B52900-6883-4419-BDBC-315CFDB36A7D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{D1C66A4C-B271-4BAF-B26C-30D9731518F8}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{D24BB366-A18A-4290-948E-B65A84FAD722}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{D2D716D9-B7F8-469B-9416-B5EFD50368D9}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{DC8D8DE2-D4FD-4718-8303-9C685481ECD6}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{DFEA3240-910C-4C8A-BBFA-EAE21D56C076}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{E4471361-ACFA-4579-8D25-49D6BE4A1131}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{ED06B0EC-7D00-46BD-A41E-7C02C6C66BA4}" = protocol=17 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"{F4698418-7432-4717-AFF4-643EBA1E8D37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{F5B7EAF9-7A07-4A09-9587-A06476A08AD8}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{F72FC77D-C489-4848-BCD5-0B1540B38895}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{FB95F5EA-BE99-49D6-A3F0-AC5511AA9648}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{FD4E51CF-868A-4D40-8CCE-0760FE3BA2C2}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{FDBD55DD-0BA5-42B2-9A9A-F2A8D6367DA5}" = protocol=6 | dir=in | app=c:\program files\icq7.2\icq.exe | 
"TCP Query User{2788E31F-79D9-44A8-A525-D9063FBBC832}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{3E528297-1122-4CED-ADFB-D738681DEC2B}C:\users\gerd\desktop\neuer ordner (2)\perfektionmt2\metin2.exe" = protocol=6 | dir=in | app=c:\users\gerd\desktop\neuer ordner (2)\perfektionmt2\metin2.exe | 
"TCP Query User{68A51E40-7C51-4E64-973E-8F4D8BF5BD71}C:\users\gerd\desktop\neuer ordner (2)\perfektionmt2\mc.exe" = protocol=6 | dir=in | app=c:\users\gerd\desktop\neuer ordner (2)\perfektionmt2\mc.exe | 
"TCP Query User{71D2266F-08C7-485D-B5F6-EFF9C410D4ED}C:\users\gerd\temp\teamviewer\version5\teamviewer.exe" = protocol=6 | dir=in | app=c:\users\gerd\temp\teamviewer\version5\teamviewer.exe | 
"TCP Query User{B0351F8D-C8BD-4498-8548-19FFFEC15A14}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{DCF53520-54D2-4802-B22D-10B9E207283F}I:\legendmt2\metin2.exe" = protocol=6 | dir=in | app=i:\legendmt2\metin2.exe | 
"UDP Query User{17483A24-8F76-49E8-935C-307D54DBB7BC}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{443512B9-99F9-4717-A387-C56162681E93}C:\users\gerd\desktop\neuer ordner (2)\perfektionmt2\metin2.exe" = protocol=17 | dir=in | app=c:\users\gerd\desktop\neuer ordner (2)\perfektionmt2\metin2.exe | 
"UDP Query User{B33C2200-B9C9-4073-9836-E6E3726A98C0}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{B4A85AB6-8489-4246-9614-C09CA35AE60D}C:\users\gerd\temp\teamviewer\version5\teamviewer.exe" = protocol=17 | dir=in | app=c:\users\gerd\temp\teamviewer\version5\teamviewer.exe | 
"UDP Query User{CC6A1464-7777-42FE-B279-F0EC654B1A5A}C:\users\gerd\desktop\neuer ordner (2)\perfektionmt2\mc.exe" = protocol=17 | dir=in | app=c:\users\gerd\desktop\neuer ordner (2)\perfektionmt2\mc.exe | 
"UDP Query User{DF82FD41-6D93-4A88-BC51-B33877F23B18}I:\legendmt2\metin2.exe" = protocol=17 | dir=in | app=i:\legendmt2\metin2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe 
"{15382D89-6EF6-4D21-9484-B500F2B10E46}" = PhotoMail Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22E95014-3038-4909-8708-48AE7FEFBF05}" = DSL Connection Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{323C7763-A048-4E06-A339-729632A3F95E}" = PC ScanAndSweep
"{33ED6288-90A4-42BE-A192-C6812B4B945A}" = AdiCash Toolbar
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C4D7F53C-49BB-408C-8DDE-A5D5FCD6087A}" = PC ScanAndSweep
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE4A3D0F-D1B0-47D1-BF99-3E957C548D12}" = LogMeIn Hamachi
"{CE557ABF-2A29-4AB4-A7EB-29F5FA1BECEA}" = DSL Connection Manager
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"AdiCash Toolbar" = AdiCash Toolbar
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice Software" = Alice Software 4.10.0
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"conduitEngine" = Conduit Engine
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"Eazel-DE Toolbar" = Eazel-DE Toolbar
"facemoods" = facemoods
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Google Updater" = Google Updater
"HyperCam 2" = HyperCam 2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LogMeIn Hamachi" = LogMeIn Hamachi
"magentictb" = Magentic Toolbar (Remove Toolbar Only)
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"PhotoMail" = PhotoMail Maker
"Picasa 3" = Picasa 3
"SearchAnonymizer" = SearchAnonymizer
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities" = TuneUp Utilities
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.01.2011 19:50:27 | Computer Name = Bassi | Source = Application Hang | ID = 1002
Description = Programm PerfektionMt2.exe, Version 0.0.0.0 arbeitet nicht mehr mit
 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 498  Anfangszeit: 01cbbbd9083a0763  Zeitpunkt
 der Beendigung: 1674
 
Error - 27.01.2011 03:18:42 | Computer Name = Bassi | Source = VSS | ID = 8194
Description = 
 
Error - 27.01.2011 03:27:14 | Computer Name = Bassi | Source = Perflib | ID = 1010
Description = 
 
Error - 27.01.2011 03:27:44 | Computer Name = Bassi | Source = VSS | ID = 8194
Description = 
 
Error - 04.02.2011 21:42:40 | Computer Name = Bassi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18311, Zeitstempel
 0x4c8e2d72, fehlerhaftes Modul nvd3dum.dll, Version 7.15.10.9686, Zeitstempel 0x4549bde7,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00129786,  Prozess-ID 0xc1c, Anwendungsstartzeit
 01cbc43435d0be80.
 
Error - 12.02.2011 07:01:15 | Computer Name = Bassi | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19019 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 654  Anfangszeit: 01cbcaa3dfa48685  Zeitpunkt
 der Beendigung: 0
 
Error - 12.02.2011 14:49:13 | Computer Name = Bassi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung svchost.exe_Dnscache, Version 6.0.6001.18000,
 Zeitstempel 0x47918b89, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel
 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x03e43ed5,  Prozess-ID 0x584, 
Anwendungsstartzeit 01cbc952cdec57c1.
 
Error - 18.02.2011 22:46:19 | Computer Name = Bassi | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung o2DSLConnectionManager.exe, Version 2.1.0.18,
 Zeitstempel 0x49de033c, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel
 0x4cb73436, Ausnahmecode 0xc015000f, Fehleroffset 0x00075bf8,  Prozess-ID 0x4„º 4„º$,
 Anwendungsstartzeit 4„º 4„º $.
 
Error - 20.02.2011 16:35:44 | Computer Name = Bassi | Source = EventSystem | ID = 4609
Description = 
 
Error - 20.02.2011 16:38:22 | Computer Name = Bassi | Source = System Restore | ID = 8193
Description = 
 
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

--- --- ---

xblaack125 · 20.02.2011, 22:07

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.02.2011 21:37:20 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Gerd\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
766,00 Mb Total Physical Memory | 413,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 87,91 Gb Free Space | 58,98% Space Free | Partition Type: NTFS
 
Computer Name: BASSI | User Name: Gerd | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gerd\Desktop\OTL.exe (OldTimer Tools)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gerd\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (SearchAnonymizer) -- C:\Users\Gerd\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ICQ.com Suche
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: boredombutton@onoko.com:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
[2010.02.28 19:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions
[2011.02.12 11:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions
[2010.02.28 19:15:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.02.28 19:15:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.17 14:17:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.24 10:23:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.15 22:43:08 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.15 22:43:11 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.02.28 19:15:49 | 000,000,000 | ---D | M] (BoredomButton) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\boredombutton@onoko.com
[2010.05.16 00:20:05 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\ChoiceGuard@Microsoft
[2011.02.12 11:50:58 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\ffxtlbr@Facemoods.com
[2010.02.28 19:15:49 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\smarterwiki@wikiatic.com
[2010.10.07 20:51:33 | 000,001,985 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\bing.xml
[2010.10.07 20:51:33 | 000,001,084 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\conduit.xml
[2010.10.07 20:51:33 | 000,001,042 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\icq-search.xml
[2010.10.07 20:51:33 | 000,001,097 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\icqplugin-1.xml
[2010.10.07 20:51:33 | 000,000,871 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\icqplugin-2.xml
[2010.10.07 20:51:33 | 000,001,180 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\icqplugin.xml
[2010.10.07 20:51:33 | 000,002,071 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\{22FFD110-3F20-421B-8553-97952F491BAF}.xml
[2010.10.07 20:51:33 | 000,002,182 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\{3B100649-F58F-4EEF-A65C-46113C95B851}.xml
[2010.10.07 20:51:33 | 000,001,864 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\{89D02F01-D5A1-4B8E-A5A7-8A30F4BAF46D}.xml
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.09.28 17:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
 
O1 HOSTS File: ([2010.07.05 03:56:12 | 000,001,111 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: ~LegendMT2~ l2testauthd.lineage2.com
O1 - Hosts: ~LegendMT2~ l2authd.lineage2.com
O2 - BHO: (Magentic Toolbar) - {07C92F45-3193-4FD9-AF54-B1925707C872} - C:\Programme\magentictb\magenticdx.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AdiCash Toolbar) - {85223548-4D57-4A3B-896B-145985F681C6} - C:\Programme\AdiCash\Toolbar.dll (AdiCash GmbH)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Security Helper {B3312915-9368-4FE4-8D4E-B60E5B36D0FF}) - {B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - C:\Programme\magentictb\auxi\magenticAu.dll (Visicom Media)
O2 - BHO: (AdiCash Toolbar) - {BB9540F0-94B9-4fe8-A2E1-DE3A506ECD4B} - C:\Programme\AdiCash\Toolbar.dll (AdiCash GmbH)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Magentic Toolbar) - {07C92F45-3193-4FD9-AF54-B1925707C872} - C:\Programme\magentictb\magenticdx.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AdiCash Toolbar) - {6AA99CB6-74AF-4136-A6C6-C64C95333249} - C:\Programme\AdiCash\Toolbar.dll (AdiCash GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Gerd\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PC ScanAndSweep] C:\Program Files\Ascentive\PC ScanAndSweep\PCScanAndSweep.exe (Ascentive LLC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000..\Run: [o2DSLConnectionManager] C:\Program Files\DSL Connection Manager\o2DSLConnectionManager.exe (AccSys GmbH)
O4 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000..\RunOnce: [lBdDiKn06504] C:\ProgramData\lBdDiKn06504\lBdDiKn06504.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} -  File not found
O9 - Extra 'Tools' menuitem : LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58fe7f4d-f5cb-11de-86c7-001bfcdbcc4a}\Shell - "" = AutoRun
O33 - MountPoints2\{58fe7f4d-f5cb-11de-86c7-001bfcdbcc4a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5EFEF029-1539-4AFA-A7CA-498EBF38EE30} - ICQ Toolbar
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A03E0E55-C330-434B-84D2-552BB7F9749F} - ICQ New Tab
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{335AE005-6B01-4812-B2DD-596C159564C6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.20 21:32:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Gerd\Desktop\OTL.exe
[2011.02.20 19:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\lBdDiKn06504
[2011.02.17 23:12:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.12 11:56:55 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\TubeBox!
[2011.02.12 11:56:55 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\TubeBox
[2011.02.12 11:53:55 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeBox!
[2011.02.12 11:50:58 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.02.12 11:50:41 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com
[2011.02.10 08:53:29 | 000,000,000 | R--D | C] -- C:\Users\Gerd\Documents\Notes
[2011.02.09 01:57:51 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.09 01:57:42 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.09 01:57:41 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.09 01:57:29 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.09 01:57:29 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.09 01:57:29 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.02.09 01:57:28 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.09 01:57:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.09 01:57:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.09 01:57:27 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.09 01:57:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.09 01:57:27 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.09 01:57:27 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.09 01:57:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.09 01:57:26 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.09 01:57:25 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.09 01:57:25 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.09 01:57:24 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.09 01:57:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.09 01:57:24 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.09 01:57:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.09 01:57:23 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.09 01:57:22 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.09 01:57:22 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.09 01:57:21 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.09 01:57:17 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.09 01:57:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.09 01:57:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.09 01:56:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.09 01:56:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.09 01:56:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.09 01:56:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.09 01:56:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.09 01:56:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.09 01:56:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.09 01:56:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.09 01:56:27 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.09 01:56:26 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.09 01:56:26 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.09 01:56:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.09 01:56:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.09 01:56:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.09 01:56:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.09 01:56:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.09 01:56:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.09 01:55:57 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.09 01:55:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.08 17:13:13 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011.02.08 17:12:53 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\VirtualDJ
[2011.02.08 17:12:52 | 000,000,000 | ---D | C] -- C:\Programme\VirtualDJ
[2011.01.27 22:58:09 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Desktop\hackexD
[2011.01.27 07:47:14 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine
[2011.01.27 07:46:56 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.20 21:38:26 | 000,665,122 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.20 21:38:26 | 000,626,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.20 21:38:26 | 000,140,768 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.20 21:38:26 | 000,115,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.20 21:35:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.20 21:32:46 | 000,049,152 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.02.20 21:31:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5314C880-D392-455C-A986-BA458D2637CD}.job
[2011.02.20 21:30:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 21:30:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 21:30:09 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.02.20 21:22:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd\Desktop\OTL.exe
[2011.02.20 19:58:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423482131-3111919718-2327723055-1000UA.job
[2011.02.20 06:57:01 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423482131-3111919718-2327723055-1000Core.job
[2011.02.17 23:04:02 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2011.02.12 12:06:18 | 003,113,224 | ---- | M] () -- C:\Users\Gerd\Desktop\Culcha Candela -- Move it.mp3
[2011.02.12 12:02:10 | 003,285,609 | ---- | M] () -- C:\Users\Gerd\Desktop\Kay One-Kenneth alleinZuhaus.mp3
[2011.02.12 05:58:49 | 000,002,037 | ---- | M] () -- C:\Users\Gerd\Desktop\Google Chrome.lnk
[2011.02.10 09:17:40 | 000,000,625 | ---- | M] () -- C:\Users\Gerd\Desktop\Bewerbung.rtf
[2011.02.10 08:55:28 | 000,000,978 | ---- | M] () -- C:\Users\Gerd\Desktop\Lebenslauf.rtf
[2011.02.09 03:27:40 | 000,242,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.08 17:13:13 | 000,000,841 | ---- | M] () -- C:\Users\Gerd\Desktop\Virtual DJ Home.lnk
[2011.02.05 02:41:49 | 000,080,384 | ---- | M] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.05 02:41:06 | 004,551,016 | ---- | M] () -- C:\Users\Gerd\Documents\clip0027.avi
[2011.02.04 07:51:50 | 337,656,104 | ---- | M] () -- C:\Users\Gerd\Documents\clip0026.avi
[2011.02.04 07:49:48 | 000,010,260 | ---- | M] () -- C:\Users\Gerd\Documents\clip0025.avi
[2011.01.28 07:39:46 | 046,118,616 | ---- | M] () -- C:\Users\Gerd\Documents\clip0024.avi
[2011.01.28 04:05:16 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.17 23:04:02 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2011.02.12 12:05:54 | 003,113,224 | ---- | C] () -- C:\Users\Gerd\Desktop\Culcha Candela -- Move it.mp3
[2011.02.12 12:01:58 | 003,285,609 | ---- | C] () -- C:\Users\Gerd\Desktop\Kay One-Kenneth alleinZuhaus.mp3
[2011.02.10 09:16:40 | 000,000,625 | ---- | C] () -- C:\Users\Gerd\Desktop\Bewerbung.rtf
[2011.02.10 08:53:52 | 000,000,978 | ---- | C] () -- C:\Users\Gerd\Desktop\Lebenslauf.rtf
[2011.02.08 17:13:12 | 000,000,841 | ---- | C] () -- C:\Users\Gerd\Desktop\Virtual DJ Home.lnk
[2011.02.05 02:41:03 | 004,551,016 | ---- | C] () -- C:\Users\Gerd\Documents\clip0027.avi
[2011.02.04 07:50:04 | 337,656,104 | ---- | C] () -- C:\Users\Gerd\Documents\clip0026.avi
[2011.02.04 07:49:44 | 000,010,260 | ---- | C] () -- C:\Users\Gerd\Documents\clip0025.avi
[2011.01.28 07:37:42 | 046,118,616 | ---- | C] () -- C:\Users\Gerd\Documents\clip0024.avi
[2011.01.28 04:05:16 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.01.28 04:05:16 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2010.11.17 10:34:15 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.10.22 16:41:01 | 000,022,016 | ---- | C] () -- C:\Windows\System32\mscpx33r.dLL
[2010.08.16 23:20:13 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.08.16 23:20:13 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.14 23:45:42 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.06.14 23:45:40 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.06.05 17:03:08 | 000,001,695 | ---- | C] () -- C:\Users\Gerd\AppData\Local\RT73_{75E5F7A2-A9E1-489E-895F-F9BB50DC2427}_prof
[2010.06.05 16:36:19 | 000,000,908 | ---- | C] () -- C:\Users\Gerd\AppData\Local\RT73_{75E5F7A2-A9E1-489E-895F-F9BB50DC2427}_sta
[2010.06.05 16:34:19 | 000,001,082 | ---- | C] () -- C:\Users\Gerd\AppData\Local\RT73_{75E5F7A2-A9E1-489E-895F-F9BB50DC2427}_wsc
[2010.05.10 12:32:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.04 13:36:34 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010.04.01 20:48:18 | 000,000,552 | ---- | C] () -- C:\Users\Gerd\AppData\Local\d3d8caps.dat
[2010.02.15 22:18:55 | 000,000,928 | ---- | C] () -- C:\ProgramData\winsys.lng
[2010.02.15 13:50:18 | 000,000,680 | ---- | C] () -- C:\Users\Gerd\AppData\Local\d3d9caps.dat
[2010.02.13 02:06:17 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.01.29 14:40:21 | 000,076,407 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Smiley.ico
[2009.12.23 20:24:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.18 09:54:30 | 000,080,384 | ---- | C] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.02.15 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\AdiCash
[2010.06.23 02:20:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Babylon
[2010.07.24 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.17 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GetRightToGo
[2010.06.05 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Hansenet
[2011.02.11 15:42:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ICQ
[2010.09.17 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ICQ-Tools.de
[2011.01.19 12:28:43 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Inbi
[2010.10.07 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OCS
[2010.10.19 02:12:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenCandy
[2010.05.11 23:58:59 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Opera
[2010.05.06 07:27:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Publish Providers
[2011.01.19 11:44:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Riicc
[2010.05.06 07:26:52 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Sony
[2010.01.02 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TeamViewer
[2010.09.20 23:09:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TS3Client
[2011.02.12 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TubeBox
[2009.12.18 03:44:58 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TuneUp Software
[2010.06.14 23:46:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ubisoft
[2010.02.08 02:40:56 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Uniblue
[2010.01.22 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\uTorrent
[2010.02.28 00:59:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WEB.DE
[2011.02.20 21:32:45 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.20 21:31:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5314C880-D392-455C-A986-BA458D2637CD}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.15 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\AdiCash
[2010.01.04 03:16:30 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Adobe
[2010.06.23 02:20:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Babylon
[2010.10.16 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\dvdcss
[2010.07.24 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.17 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GetRightToGo
[2009.12.18 10:32:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Google
[2010.06.05 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Hansenet
[2011.02.11 15:42:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ICQ
[2010.09.17 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ICQ-Tools.de
[2009.12.18 03:09:45 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Identities
[2011.01.19 12:28:43 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Inbi
[2010.11.17 10:31:44 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\InstallShield
[2009.12.18 03:31:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Media Center Programs
[2011.02.17 23:08:38 | 000,000,000 | --SD | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft
[2010.02.28 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Mozilla
[2010.10.07 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OCS
[2010.10.19 02:12:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenCandy
[2010.05.11 23:58:59 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Opera
[2010.05.06 07:27:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Publish Providers
[2011.01.19 11:44:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Riicc
[2011.02.20 19:28:26 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Skype
[2011.02.20 16:09:45 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\skypePM
[2010.05.06 07:26:52 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Sony
[2010.01.02 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TeamViewer
[2010.09.20 23:09:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TS3Client
[2011.02.12 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TubeBox
[2009.12.18 03:44:58 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TuneUp Software
[2010.06.14 23:46:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ubisoft
[2010.02.08 02:40:56 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Uniblue
[2010.01.22 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\uTorrent
[2011.01.06 08:04:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\vlc
[2010.02.28 00:59:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WEB.DE
[2009.12.18 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.07 20:50:58 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Gerd\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.10.07 20:50:59 | 000,040,960 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2010.10.19 02:12:37 | 000,331,304 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\OpenCandy\OpenCandy_670D402AF44049F996AC836FD3C2CC69\DLMgr_3_1.6.44.exe
[2010.03.05 22:42:26 | 004,004,928 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Gerd\AppData\Roaming\OpenCandy\OpenCandy_670D402AF44049F996AC836FD3C2CC69\registrybooster(9).exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.12.18 06:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.12.18 06:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.12.18 06:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.12.18 06:25:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.12.18 06:25:40 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.12.18 06:25:39 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.12.18 07:27:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.12.18 07:27:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.12.18 06:25:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.12.18 05:08:08 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.12.18 05:08:08 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Gerd\Documents\classical-werewolf.horror-xvid.avi:TOC.WMV

< End of report >

--- --- ---

xblaack125 · 20.02.2011, 22:07

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.02.2011 21:37:20 - Run 1
OTL by OldTimer - Version 3.2.20.6     Folder = C:\Users\Gerd\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19019)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
766,00 Mb Total Physical Memory | 413,00 Mb Available Physical Memory | 54,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149,04 Gb Total Space | 87,91 Gb Free Space | 58,98% Space Free | Partition Type: NTFS
 
Computer Name: BASSI | User Name: Gerd | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Gerd\Desktop\OTL.exe (OldTimer Tools)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Gerd\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (TeamViewer6) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (SearchAnonymizer) -- C:\Users\Gerd\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NetTcpPortSharing) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetTcpActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetPipeActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (NetMsmqActivator) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (accvssvc) -- C:\Programme\Common Files\AccSys\accvssvc.exe (AccSys GmbH)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = ${URL_SEARCHPAGE}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=stonicde&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ICQ.com Suche
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Facemoods Search
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.2
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: boredombutton@onoko.com:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.4
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: ChoiceGuard@Microsoft:2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f}:2.5.8.6
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
 
 
[2010.02.28 19:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Extensions
[2011.02.12 11:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions
[2010.02.28 19:15:49 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.02.28 19:15:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.09.17 14:17:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.24 10:23:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.15 22:43:08 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.06.15 22:43:11 | 000,000,000 | ---D | M] (DVDVideoSoft Toolbar) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.02.28 19:15:49 | 000,000,000 | ---D | M] (BoredomButton) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\boredombutton@onoko.com
[2010.05.16 00:20:05 | 000,000,000 | ---D | M] (Microsoft Choice Guard) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\ChoiceGuard@Microsoft
[2011.02.12 11:50:58 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\ffxtlbr@Facemoods.com
[2010.02.28 19:15:49 | 000,000,000 | ---D | M] (FastestFox) -- C:\Users\Gerd\AppData\Roaming\mozilla\Firefox\Profiles\x8zb8i97.default\extensions\smarterwiki@wikiatic.com
[2010.10.07 20:51:33 | 000,001,985 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\bing.xml
[2010.10.07 20:51:33 | 000,001,084 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\conduit.xml
[2010.10.07 20:51:33 | 000,001,042 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\icq-search.xml
[2010.10.07 20:51:33 | 000,001,097 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\icqplugin-1.xml
[2010.10.07 20:51:33 | 000,000,871 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\icqplugin-2.xml
[2010.10.07 20:51:33 | 000,001,180 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\icqplugin.xml
[2010.10.07 20:51:33 | 000,002,071 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\{22FFD110-3F20-421B-8553-97952F491BAF}.xml
[2010.10.07 20:51:33 | 000,002,182 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\{3B100649-F58F-4EEF-A65C-46113C95B851}.xml
[2010.10.07 20:51:33 | 000,001,864 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\Mozilla\Firefox\Profiles\x8zb8i97.default\searchplugins\{89D02F01-D5A1-4B8E-A5A7-8A30F4BAF46D}.xml
File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{AB2CE124-6272-4B12-94A9-7303C7397BD1}
[2010.09.28 17:14:06 | 000,002,040 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrchstonicde.xml
 
O1 HOSTS File: ([2010.07.05 03:56:12 | 000,001,111 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: ~LegendMT2~ l2testauthd.lineage2.com
O1 - Hosts: ~LegendMT2~ l2authd.lineage2.com
O2 - BHO: (Magentic Toolbar) - {07C92F45-3193-4FD9-AF54-B1925707C872} - C:\Programme\magentictb\magenticdx.dll ()
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.3\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AdiCash Toolbar) - {85223548-4D57-4A3B-896B-145985F681C6} - C:\Programme\AdiCash\Toolbar.dll (AdiCash GmbH)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (Security Helper {B3312915-9368-4FE4-8D4E-B60E5B36D0FF}) - {B3312915-9368-4FE4-8D4E-B60E5B36D0FF} - C:\Programme\magentictb\auxi\magenticAu.dll (Visicom Media)
O2 - BHO: (AdiCash Toolbar) - {BB9540F0-94B9-4fe8-A2E1-DE3A506ECD4B} - C:\Programme\AdiCash\Toolbar.dll (AdiCash GmbH)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (no name) - {EEE6C35C-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Magentic Toolbar) - {07C92F45-3193-4FD9-AF54-B1925707C872} - C:\Programme\magentictb\magenticdx.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Eazel-DE Toolbar) - {69b6939f-c70d-45c5-9bbd-e2e2cc3dd8e5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (AdiCash Toolbar) - {6AA99CB6-74AF-4136-A6C6-C64C95333249} - C:\Programme\AdiCash\Toolbar.dll (AdiCash GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.3\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\Toolbar\WebBrowser: (Eazel-DE Toolbar) - {69B6939F-C70D-45C5-9BBD-E2E2CC3DD8E5} - C:\Programme\Eazel-DE\tbEaz1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVD1.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.3\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Gerd\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PC ScanAndSweep] C:\Program Files\Ascentive\PC ScanAndSweep\PCScanAndSweep.exe (Ascentive LLC)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000..\Run: [o2DSLConnectionManager] C:\Program Files\DSL Connection Manager\o2DSLConnectionManager.exe (AccSys GmbH)
O4 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000..\RunOnce: [lBdDiKn06504] C:\ProgramData\lBdDiKn06504\lBdDiKn06504.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} -  File not found
O9 - Extra 'Tools' menuitem : LingoWare Translator... - {87680762-4A83-11B4-885B-0000E8ECA40F} -  File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Gerd\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{58fe7f4d-f5cb-11de-86c7-001bfcdbcc4a}\Shell - "" = AutoRun
O33 - MountPoints2\{58fe7f4d-f5cb-11de-86c7-001bfcdbcc4a}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: Hamachi2Svc - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5EFEF029-1539-4AFA-A7CA-498EBF38EE30} - ICQ Toolbar
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A03E0E55-C330-434B-84D2-552BB7F9749F} - ICQ New Tab
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{335AE005-6B01-4812-B2DD-596C159564C6} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.20 21:32:14 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\Gerd\Desktop\OTL.exe
[2011.02.20 19:21:29 | 000,000,000 | ---D | C] -- C:\ProgramData\lBdDiKn06504
[2011.02.17 23:12:04 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.02.12 11:56:55 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\TubeBox!
[2011.02.12 11:56:55 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\TubeBox
[2011.02.12 11:53:55 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TubeBox!
[2011.02.12 11:50:58 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2011.02.12 11:50:41 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com
[2011.02.10 08:53:29 | 000,000,000 | R--D | C] -- C:\Users\Gerd\Documents\Notes
[2011.02.09 01:57:51 | 002,039,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.02.09 01:57:42 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.02.09 01:57:41 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.02.09 01:57:29 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011.02.09 01:57:29 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.02.09 01:57:29 | 000,797,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\FntCache.dll
[2011.02.09 01:57:28 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011.02.09 01:57:28 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011.02.09 01:57:28 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011.02.09 01:57:27 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011.02.09 01:57:27 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.02.09 01:57:27 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011.02.09 01:57:27 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011.02.09 01:57:26 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011.02.09 01:57:26 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011.02.09 01:57:25 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011.02.09 01:57:25 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011.02.09 01:57:24 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011.02.09 01:57:24 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011.02.09 01:57:24 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011.02.09 01:57:23 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011.02.09 01:57:23 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011.02.09 01:57:22 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011.02.09 01:57:22 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011.02.09 01:57:21 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011.02.09 01:57:17 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011.02.09 01:57:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011.02.09 01:57:16 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011.02.09 01:56:31 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.02.09 01:56:31 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.02.09 01:56:30 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.02.09 01:56:30 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.02.09 01:56:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.02.09 01:56:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.02.09 01:56:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.02.09 01:56:28 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.02.09 01:56:27 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.02.09 01:56:26 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.02.09 01:56:26 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.02.09 01:56:26 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.02.09 01:56:26 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.02.09 01:56:26 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.02.09 01:56:26 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.02.09 01:56:26 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.02.09 01:56:26 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.02.09 01:55:57 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.02.09 01:55:56 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.02.08 17:13:13 | 000,000,000 | ---D | C] -- C:\Users\Gerd\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Virtual DJ
[2011.02.08 17:12:53 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Documents\VirtualDJ
[2011.02.08 17:12:52 | 000,000,000 | ---D | C] -- C:\Programme\VirtualDJ
[2011.01.27 22:58:09 | 000,000,000 | ---D | C] -- C:\Users\Gerd\Desktop\hackexD
[2011.01.27 07:47:14 | 000,000,000 | ---D | C] -- C:\Programme\ConduitEngine
[2011.01.27 07:46:56 | 000,000,000 | ---D | C] -- C:\Programme\softonic-de3
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.20 21:38:26 | 000,665,122 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.20 21:38:26 | 000,626,884 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.20 21:38:26 | 000,140,768 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.20 21:38:26 | 000,115,708 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.20 21:35:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.20 21:32:46 | 000,049,152 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.02.20 21:31:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{5314C880-D392-455C-A986-BA458D2637CD}.job
[2011.02.20 21:30:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 21:30:14 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.20 21:30:09 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.02.20 21:22:46 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\Gerd\Desktop\OTL.exe
[2011.02.20 19:58:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423482131-3111919718-2327723055-1000UA.job
[2011.02.20 06:57:01 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1423482131-3111919718-2327723055-1000Core.job
[2011.02.17 23:04:02 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2011.02.12 12:06:18 | 003,113,224 | ---- | M] () -- C:\Users\Gerd\Desktop\Culcha Candela -- Move it.mp3
[2011.02.12 12:02:10 | 003,285,609 | ---- | M] () -- C:\Users\Gerd\Desktop\Kay One-Kenneth alleinZuhaus.mp3
[2011.02.12 05:58:49 | 000,002,037 | ---- | M] () -- C:\Users\Gerd\Desktop\Google Chrome.lnk
[2011.02.10 09:17:40 | 000,000,625 | ---- | M] () -- C:\Users\Gerd\Desktop\Bewerbung.rtf
[2011.02.10 08:55:28 | 000,000,978 | ---- | M] () -- C:\Users\Gerd\Desktop\Lebenslauf.rtf
[2011.02.09 03:27:40 | 000,242,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.02.08 17:13:13 | 000,000,841 | ---- | M] () -- C:\Users\Gerd\Desktop\Virtual DJ Home.lnk
[2011.02.05 02:41:49 | 000,080,384 | ---- | M] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.05 02:41:06 | 004,551,016 | ---- | M] () -- C:\Users\Gerd\Documents\clip0027.avi
[2011.02.04 07:51:50 | 337,656,104 | ---- | M] () -- C:\Users\Gerd\Documents\clip0026.avi
[2011.02.04 07:49:48 | 000,010,260 | ---- | M] () -- C:\Users\Gerd\Documents\clip0025.avi
[2011.01.28 07:39:46 | 046,118,616 | ---- | M] () -- C:\Users\Gerd\Documents\clip0024.avi
[2011.01.28 04:05:16 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.17 23:04:02 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2011.02.12 12:05:54 | 003,113,224 | ---- | C] () -- C:\Users\Gerd\Desktop\Culcha Candela -- Move it.mp3
[2011.02.12 12:01:58 | 003,285,609 | ---- | C] () -- C:\Users\Gerd\Desktop\Kay One-Kenneth alleinZuhaus.mp3
[2011.02.10 09:16:40 | 000,000,625 | ---- | C] () -- C:\Users\Gerd\Desktop\Bewerbung.rtf
[2011.02.10 08:53:52 | 000,000,978 | ---- | C] () -- C:\Users\Gerd\Desktop\Lebenslauf.rtf
[2011.02.08 17:13:12 | 000,000,841 | ---- | C] () -- C:\Users\Gerd\Desktop\Virtual DJ Home.lnk
[2011.02.05 02:41:03 | 004,551,016 | ---- | C] () -- C:\Users\Gerd\Documents\clip0027.avi
[2011.02.04 07:50:04 | 337,656,104 | ---- | C] () -- C:\Users\Gerd\Documents\clip0026.avi
[2011.02.04 07:49:44 | 000,010,260 | ---- | C] () -- C:\Users\Gerd\Documents\clip0025.avi
[2011.01.28 07:37:42 | 046,118,616 | ---- | C] () -- C:\Users\Gerd\Documents\clip0024.avi
[2011.01.28 04:05:16 | 000,000,967 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.01.28 04:05:16 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 6.lnk
[2010.11.17 10:34:15 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2010.10.22 16:41:01 | 000,022,016 | ---- | C] () -- C:\Windows\System32\mscpx33r.dLL
[2010.08.16 23:20:13 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.08.16 23:20:13 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.06.14 23:45:42 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.06.14 23:45:40 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.06.05 17:03:08 | 000,001,695 | ---- | C] () -- C:\Users\Gerd\AppData\Local\RT73_{75E5F7A2-A9E1-489E-895F-F9BB50DC2427}_prof
[2010.06.05 16:36:19 | 000,000,908 | ---- | C] () -- C:\Users\Gerd\AppData\Local\RT73_{75E5F7A2-A9E1-489E-895F-F9BB50DC2427}_sta
[2010.06.05 16:34:19 | 000,001,082 | ---- | C] () -- C:\Users\Gerd\AppData\Local\RT73_{75E5F7A2-A9E1-489E-895F-F9BB50DC2427}_wsc
[2010.05.10 12:32:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.04 13:36:34 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2010.04.01 20:48:18 | 000,000,552 | ---- | C] () -- C:\Users\Gerd\AppData\Local\d3d8caps.dat
[2010.02.15 22:18:55 | 000,000,928 | ---- | C] () -- C:\ProgramData\winsys.lng
[2010.02.15 13:50:18 | 000,000,680 | ---- | C] () -- C:\Users\Gerd\AppData\Local\d3d9caps.dat
[2010.02.13 02:06:17 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2010.01.29 14:40:21 | 000,076,407 | ---- | C] () -- C:\Users\Gerd\AppData\Roaming\Smiley.ico
[2009.12.23 20:24:27 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.12.18 09:54:30 | 000,080,384 | ---- | C] () -- C:\Users\Gerd\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.25 16:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.02.15 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\AdiCash
[2010.06.23 02:20:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Babylon
[2010.07.24 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.17 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GetRightToGo
[2010.06.05 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Hansenet
[2011.02.11 15:42:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ICQ
[2010.09.17 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ICQ-Tools.de
[2011.01.19 12:28:43 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Inbi
[2010.10.07 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OCS
[2010.10.19 02:12:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenCandy
[2010.05.11 23:58:59 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Opera
[2010.05.06 07:27:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Publish Providers
[2011.01.19 11:44:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Riicc
[2010.05.06 07:26:52 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Sony
[2010.01.02 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TeamViewer
[2010.09.20 23:09:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TS3Client
[2011.02.12 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TubeBox
[2009.12.18 03:44:58 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TuneUp Software
[2010.06.14 23:46:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ubisoft
[2010.02.08 02:40:56 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Uniblue
[2010.01.22 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\uTorrent
[2010.02.28 00:59:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WEB.DE
[2011.02.20 21:32:45 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.02.20 21:31:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{5314C880-D392-455C-A986-BA458D2637CD}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.02.15 22:50:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\AdiCash
[2010.01.04 03:16:30 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Adobe
[2010.06.23 02:20:37 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Babylon
[2010.10.16 19:24:02 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\dvdcss
[2010.07.24 10:23:27 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.17 22:08:50 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\GetRightToGo
[2009.12.18 10:32:51 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Google
[2010.06.05 18:38:18 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Hansenet
[2011.02.11 15:42:29 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ICQ
[2010.09.17 14:24:14 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\ICQ-Tools.de
[2009.12.18 03:09:45 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Identities
[2011.01.19 12:28:43 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Inbi
[2010.11.17 10:31:44 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\InstallShield
[2009.12.18 03:31:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Macromedia
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Media Center Programs
[2011.02.17 23:08:38 | 000,000,000 | --SD | M] -- C:\Users\Gerd\AppData\Roaming\Microsoft
[2010.02.28 19:05:41 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Mozilla
[2010.10.07 20:50:58 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OCS
[2010.10.19 02:12:36 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\OpenCandy
[2010.05.11 23:58:59 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Opera
[2010.05.06 07:27:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Publish Providers
[2011.01.19 11:44:11 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Riicc
[2011.02.20 19:28:26 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Skype
[2011.02.20 16:09:45 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\skypePM
[2010.05.06 07:26:52 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Sony
[2010.01.02 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TeamViewer
[2010.09.20 23:09:03 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TS3Client
[2011.02.12 11:56:55 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TubeBox
[2009.12.18 03:44:58 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\TuneUp Software
[2010.06.14 23:46:09 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Ubisoft
[2010.02.08 02:40:56 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\Uniblue
[2010.01.22 14:43:27 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\uTorrent
[2011.01.06 08:04:46 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\vlc
[2010.02.28 00:59:54 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WEB.DE
[2009.12.18 13:11:25 | 000,000,000 | ---D | M] -- C:\Users\Gerd\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.07 20:50:58 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Gerd\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.10.07 20:50:59 | 000,040,960 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2010.10.19 02:12:37 | 000,331,304 | ---- | M] () -- C:\Users\Gerd\AppData\Roaming\OpenCandy\OpenCandy_670D402AF44049F996AC836FD3C2CC69\DLMgr_3_1.6.44.exe
[2010.03.05 22:42:26 | 004,004,928 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\Gerd\AppData\Roaming\OpenCandy\OpenCandy_670D402AF44049F996AC836FD3C2CC69\registrybooster(9).exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.12.18 06:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2009.12.18 06:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2009.12.18 06:27:27 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.12.18 06:25:41 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.12.18 06:25:40 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.12.18 06:25:39 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.12.18 07:27:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.12.18 07:27:39 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.12.18 06:25:40 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.12.18 05:08:08 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2009.12.18 05:08:08 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Gerd\Documents\classical-werewolf.horror-xvid.avi:TOC.WMV

< End of report >

--- --- ---

markusg · 21.02.2011, 11:05

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
O4 - HKU\S-1-5-21-1423482131-3111919718-2327723055-1000..\RunOnce: [lBdDiKn06504] C:\ProgramData\lBdDiKn06504\lBdDiKn06504.exe ()
:files
C:\ProgramData\lBdDiKn06504
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
der neustart im normalen modus sollte nun klappen.
öffne computer, C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.

lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-a...ner-board.html

machst du onlinebanking /einkäufe?

xblaack125 · 21.02.2011, 14:41

Nein mach kein onlinebänking bzw einkäufe hab so was bei icq gesendet bekommen und bin dann auf den link gekommen auf einemal sind 20 seiten auf gegangen und dann kam das mit der spyware

welches virus Programm würdest du den empfehlen? auser Antivir ?

xblaack125 · 21.02.2011, 15:07

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-1423482131-3111919718-2327723055-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\lBdDiKn06504 deleted successfully.
C:\ProgramData\lBdDiKn06504\lBdDiKn06504.exe moved successfully.
========== FILES ==========
C:\ProgramData\lBdDiKn06504 folder moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Gerd
->Flash cache emptied: 309946 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gerd
->Temp folder emptied: 40514659 bytes
->Temporary Internet Files folder emptied: 149008377 bytes
->Java cache emptied: 2190515 bytes
->FireFox cache emptied: 68591956 bytes
->Google Chrome cache emptied: 410669383 bytes
->Opera cache emptied: 16390731 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1879090 bytes
RecycleBin emptied: 129090550 bytes

Total Files Cleaned = 780,00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02212011_144724

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg · 21.02.2011, 15:22

avira is schon ok.
hast du den link noch? im icq nachichtenverlauf vllt.
falls ja als private nachicht an mich.

xblaack125 · 21.02.2011, 15:26

sry ich hab icq so eingestelt das die verläufe nicht gespeichert werden aber falls ich noch ma so was bekomme kann ich dir ja ne naricht damit schrieben

war das richtig wie ich die movedfile.rar im upload channel hochgeladen hab ?

markusg · 21.02.2011, 15:32

ja, danke.
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

xblaack125 · 22.02.2011, 09:23

ALSO HAB DAS PROGRAMM MAL BENUTZT HAT PAAR ASCHEN ENTFERNT UND I-WAS MIT EINER LOG-DATEI
aber sonst stand da das keien bösartigen datein gefunden wurden

markusg · 22.02.2011, 11:09

wo ist das log.
öffne malwarebytes, logdateien, inhalt des logs kopieren und posten.

Spyware bildschrim blau bitte um hilfe

Plagegeister aller Art und deren Bekämpfung: Spyware bildschrim blau bitte um hilfe