Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows-Delayed Write Failed (https://www.trojaner-board.de/112286-windows-delayed-write-failed.html)

SEF@ 25.03.2012 16:54
Windows-Delayed Write Failed
 
Hallo ,

Als ich heute Morgen mein PC angeschaltet hab ,ist mein Bildschrim schwarz,Start-Menü ist leer und viele von diesen Windows-Delayed Write Failed-Anzeigen sind erschienen.Und das Programm System Check meldet viele Probleme...:wtf:

Was kann ich tun...bitte um hilfe....

MfG

Sefa

markusg 25.03.2012 18:30
hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

SEF@ 25.03.2012 18:48
OTL.Txt:OTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 25.03.2012 19:43:15 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Konto\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,50 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 39,83% Memory free
3,00 Gb Paging File | 1,18 Gb Available in Paging File | 39,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 162,00 Gb Free Space | 69,59% Space Free | Partition Type: NTFS
 
Computer Name: WIN7-PC | User Name: Konto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.25 19:37:59 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Konto\Downloads\OTL.exe
PRC - [2012.03.25 15:02:14 | 000,361,472 | -H-- | M] ( ) -- C:\ProgramData\6NPPFw41Dw0HcK.exe
PRC - [2012.03.25 14:33:31 | 000,450,048 | -H-- | M] ( ) -- C:\ProgramData\XCMsXSJotCWrp.exe
PRC - [2012.02.03 14:34:58 | 000,793,048 | ---- | M] (PC Tools) -- C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2012.02.03 14:34:56 | 000,103,896 | ---- | M] (PC Tools) -- C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe
PRC - [2011.06.07 13:57:09 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.25 09:24:56 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.08.02 16:09:32 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007.12.17 04:00:00 | 000,143,872 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
PRC - [2007.01.11 04:02:00 | 000,113,664 | -H-- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2006.01.24 23:07:00 | 000,061,440 | ---- | M] (Vimicro) -- C:\Windows\VM303_STI.EXE
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.02.16 21:53:45 | 000,047,168 | ---- | M] () [Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\d8b2b57a33138a00.sys -- (d8b2b57a33138a00)
SRV - [2012.02.03 14:34:58 | 000,793,048 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2011.08.28 22:12:00 | 004,621,280 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2011.06.29 15:21:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.07 13:57:09 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.13 15:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.17 04:00:00 | 000,143,872 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007.01.11 04:02:00 | 000,113,664 | -H-- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - [File Corrupted - Detail Data unreadable] [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wmiacpi.sys -- (WmiAcpi)
DRV - [2012.02.16 21:53:45 | 000,047,168 | ---- | M] () [Unknown (-1) | Unknown (-1) | Unknown] -- C:\Windows\System32\drivers\d8b2b57a33138a00.sys -- (d8b2b57a33138a00)
DRV - [2011.07.25 16:28:25 | 000,271,360 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011.07.25 16:28:08 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.06.29 15:21:55 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 15:21:55 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 11:59:20 | 000,132,224 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\DRIVERS\WUDFRd.sys -- (WUDFRd)
DRV - [2010.11.20 11:58:59 | 000,092,672 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WudfPf.sys -- (WudfPf)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.07.14 01:55:02 | 000,016,384 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV - [2009.07.14 00:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.06.10 23:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.06.23 13:45:58 | 000,480,128 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vvftav303.sys -- (vvftav303)
DRV - [2007.05.15 10:14:24 | 001,472,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\usbVM303.sys -- (ZSMC0303)
DRV - [2004.10.07 16:09:22 | 000,115,744 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.10.07 16:05:05 | 000,080,576 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfhlp01.sys -- (sfhlp01)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = SearchCompletion Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=2a42dd63000000000000001d92a2d990&tlver=1.4.19.19&affID=17160
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{1AB0C715-9CE7-45B0-80FB-FCD2FC1E341B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2319825
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 1A 34 29 87 0A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Sefa2\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.25 15:01:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.13 14:38:24 | 000,000,000 | ---D | M]
 
[2012.03.25 15:18:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Konto\AppData\Roaming\mozilla\Extensions
[2012.03.25 15:01:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.13 14:16:06 | 000,002,227 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Mein Gutscheincode Finder zeigt automatisch Shopping-Gutscheine an mit denen Sie beim Online-Einkauf sparen können.) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - C:\Programme\Mein Gutscheincode Finder\Internet Explorer\x86\ConversionOneIE.dll (Conversion One GmbH)
O2 - BHO: (RewardsArcade) - {597A9974-8CB0-4f41-B61F-ED065738A397} - C:\Programme\RewardsArcade\RewardsArcade.dll (215 Apps)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BigDog303] C:\Windows\VM303_STI.EXE (Vimicro)
O4 - HKLM..\Run: [SSDMonitor] C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
O4 - HKLM..\Run: [XCMsXSJotCWrp.exe] C:\ProgramData\XCMsXSJotCWrp.exe ( )
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C94F024-AAFF-4127-9AD6-70641C8C9D55}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.25 19:31:46 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BasketDudes
[2012.03.25 17:36:35 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\TS3Client
[2012.03.25 17:20:07 | 000,000,000 | -H-D | C] -- C:\ERDNT
[2012.03.25 17:20:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.03.25 17:20:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.03.25 17:19:50 | 000,000,000 | -H-D | C] -- C:\!FixIEDef
[2012.03.25 15:24:07 | 000,000,000 | ---D | C] -- C:\Users\Konto\AppData\Local\ElevatedDiagnostics
[2012.03.25 15:06:40 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Avira
[2012.03.25 15:02:57 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Mozilla
[2012.03.25 15:02:57 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Local\Mozilla
[2012.03.25 15:02:41 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.25 14:59:51 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Google
[2012.03.25 14:59:51 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Adobe
[2012.03.25 14:59:49 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Local\Google
[2012.03.25 14:56:45 | 000,000,000 | -H-D | C] -- C:\Users\Konto\Documents\Simply Super Software
[2012.03.25 14:56:40 | 000,000,000 | RH-D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.03.25 14:56:40 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Searches
[2012.03.25 14:56:40 | 000,000,000 | RH-D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.03.25 14:56:35 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Identities
[2012.03.25 14:56:33 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Contacts
[2012.03.25 14:56:27 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Local\VirtualStore
[2012.03.25 14:56:25 | 000,000,000 | RH-D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.03.25 14:56:25 | 000,000,000 | RH-D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Vorlagen
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\AppData\Local\Verlauf
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\AppData\Local\Temporary Internet Files
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Startmenü
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\SendTo
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Recent
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Netzwerkumgebung
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Lokale Einstellungen
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Documents\Eigene Videos
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Documents\Eigene Musik
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Eigene Dateien
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Documents\Eigene Bilder
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Druckumgebung
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Cookies
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\AppData\Local\Anwendungsdaten
[2012.03.25 14:56:25 | 000,000,000 | -HSD | C] -- C:\Users\Konto\Anwendungsdaten
[2012.03.25 14:56:25 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Local\Temp
[2012.03.25 14:56:25 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Local\Microsoft
[2012.03.25 14:56:25 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Media Center Programs
[2012.03.25 14:56:25 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Macromedia
[2012.03.25 14:56:24 | 000,000,000 | --SD | C] -- C:\Users\Konto\AppData\Roaming\Microsoft
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Videos
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Saved Games
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Pictures
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Music
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Links
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Favorites
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Downloads
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Documents
[2012.03.25 14:56:24 | 000,000,000 | RH-D | C] -- C:\Users\Konto\Desktop
[2012.03.25 14:56:24 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData
[2012.03.20 16:37:23 | 000,000,000 | ---D | C] -- C:\Program Files\Galileo Family Quiz - Spezial II
[2012.03.10 19:14:54 | 001,101,824 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox210.ocx
[2012.03.10 19:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Registry Mechanic
[2012.03.10 19:14:53 | 000,880,640 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBox10.ocx
[2012.03.10 19:14:53 | 000,212,992 | ---- | C] (Woodbury Associates Limited) -- C:\Windows\System32\UniBoxVB12.ocx
[2012.03.10 19:14:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.03.10 19:14:49 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Registry Mechanic
[2012.03.06 18:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Football Superstars
[2012.03.06 18:31:31 | 000,000,000 | -H-D | C] -- C:\ProgramData\TEMP
[2012.03.06 18:30:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\Simply Super Software
[2012.03.06 18:17:54 | 000,000,000 | -H-D | C] -- C:\FSDownloader
[2012.03.06 17:53:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.03.06 17:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.06 17:46:56 | 000,000,000 | ---D | C] -- C:\Program Files\GridinSoft Trojan Killer
[2012.03.04 15:09:15 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2012.03.02 15:11:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.03.02 15:11:39 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy Arcade
[2012.02.28 16:03:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Strategy First
[2012.02.28 15:57:29 | 000,000,000 | ---D | C] -- C:\Program Files\Disciples 2
[6 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.25 19:42:18 | 000,000,952 | ---- | M] () -- C:\Users\Konto\Desktop\Football Superstars.lnk
[2012.03.25 19:22:40 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.03.25 19:05:55 | 000,664,396 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.25 19:05:55 | 000,624,578 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.25 19:05:55 | 000,134,564 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.25 19:05:55 | 000,110,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.03.25 19:04:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 19:04:01 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.25 19:00:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.25 19:00:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.25 19:00:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.03.25 18:58:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.25 18:58:41 | 1207,410,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.25 18:52:42 | 000,012,598 | -H-- | M] () -- C:\Users\Konto\Desktop\Computer (2).lnk
[2012.03.25 18:39:00 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1249645105-1131285013-3966343216-1002UA.job
[2012.03.25 18:13:47 | 000,013,744 | -H-- | M] () -- C:\Users\Konto\Desktop\Firefox (2).lnk
[2012.03.25 18:11:37 | 000,302,592 | -H-- | M] () -- C:\Users\Konto\Desktop\f584bbuc.exe
[2012.03.25 18:01:17 | 000,000,000 | -H-- | M] () -- C:\Users\Konto\defogger_reenable
[2012.03.25 17:24:31 | 000,013,744 | -H-- | M] () -- C:\Users\Konto\Desktop\Firefox.lnk
[2012.03.25 15:06:13 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~6NPPFw41Dw0HcK
[2012.03.25 15:06:13 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~6NPPFw41Dw0HcKr
[2012.03.25 15:03:45 | 000,000,448 | -H-- | M] () -- C:\ProgramData\6NPPFw41Dw0HcK
[2012.03.25 15:02:41 | 000,000,653 | -H-- | M] () -- C:\Users\Konto\Desktop\System Check.lnk
[2012.03.25 15:02:14 | 000,361,472 | -H-- | M] ( ) -- C:\ProgramData\6NPPFw41Dw0HcK.exe
[2012.03.25 15:01:50 | 000,000,104 | -H-- | M] () -- C:\Users\Konto\Desktop\Systemsteuerung - Verknüpfung.lnk
[2012.03.25 15:00:53 | 000,000,355 | -H-- | M] () -- C:\Users\Konto\Desktop\Computer.lnk
[2012.03.25 14:56:00 | 000,000,328 | ---- | M] () -- C:\ProgramData\64t3NVPfmKPYTi
[2012.03.25 14:55:49 | 000,361,472 | -H-- | M] ( ) -- C:\ProgramData\64t3NVPfmKPYTi.exe
[2012.03.25 14:47:35 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~kYTPJdlKqYM2u1
[2012.03.25 14:47:35 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~kYTPJdlKqYM2u1r
[2012.03.25 14:47:23 | 000,000,336 | -H-- | M] () -- C:\ProgramData\kYTPJdlKqYM2u1
[2012.03.25 14:40:56 | 000,361,472 | -H-- | M] ( ) -- C:\ProgramData\kYTPJdlKqYM2u1.exe
[2012.03.25 14:33:31 | 000,450,048 | -H-- | M] ( ) -- C:\ProgramData\XCMsXSJotCWrp.exe
[2012.03.24 19:21:02 | 000,000,470 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for WIN 7.job
[2012.03.11 10:39:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1249645105-1131285013-3966343216-1002Core.job
[6 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.25 19:42:18 | 000,000,952 | ---- | C] () -- C:\Users\Konto\Desktop\Football Superstars.lnk
[2012.03.25 19:31:47 | 000,000,896 | ---- | C] () -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BasketDudes.lnk
[2012.03.25 19:22:40 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.03.25 18:52:42 | 000,012,598 | -H-- | C] () -- C:\Users\Konto\Desktop\Computer (2).lnk
[2012.03.25 18:13:47 | 000,013,744 | -H-- | C] () -- C:\Users\Konto\Desktop\Firefox (2).lnk
[2012.03.25 18:11:33 | 000,302,592 | -H-- | C] () -- C:\Users\Konto\Desktop\f584bbuc.exe
[2012.03.25 18:01:17 | 000,000,000 | -H-- | C] () -- C:\Users\Konto\defogger_reenable
[2012.03.25 17:24:31 | 000,013,744 | -H-- | C] () -- C:\Users\Konto\Desktop\Firefox.lnk
[2012.03.25 15:02:42 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~6NPPFw41Dw0HcK
[2012.03.25 15:02:42 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~6NPPFw41Dw0HcKr
[2012.03.25 15:02:41 | 000,000,653 | -H-- | C] () -- C:\Users\Konto\Desktop\System Check.lnk
[2012.03.25 15:02:24 | 000,000,448 | -H-- | C] () -- C:\ProgramData\6NPPFw41Dw0HcK
[2012.03.25 15:02:14 | 000,361,472 | -H-- | C] ( ) -- C:\ProgramData\6NPPFw41Dw0HcK.exe
[2012.03.25 15:01:50 | 000,000,104 | -H-- | C] () -- C:\Users\Konto\Desktop\Systemsteuerung - Verknüpfung.lnk
[2012.03.25 15:00:53 | 000,000,355 | -H-- | C] () -- C:\Users\Konto\Desktop\Computer.lnk
[2012.03.25 14:56:41 | 000,001,413 | -H-- | C] () -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.03.25 14:56:00 | 000,000,328 | ---- | C] () -- C:\ProgramData\64t3NVPfmKPYTi
[2012.03.25 14:55:49 | 000,361,472 | -H-- | C] ( ) -- C:\ProgramData\64t3NVPfmKPYTi.exe
[2012.03.25 14:47:35 | 000,000,264 | -H-- | C] () -- C:\ProgramData\~kYTPJdlKqYM2u1
[2012.03.25 14:47:35 | 000,000,176 | -H-- | C] () -- C:\ProgramData\~kYTPJdlKqYM2u1r
[2012.03.25 14:47:23 | 000,000,336 | -H-- | C] () -- C:\ProgramData\kYTPJdlKqYM2u1
[2012.03.25 14:40:56 | 000,361,472 | -H-- | C] ( ) -- C:\ProgramData\kYTPJdlKqYM2u1.exe
[2012.03.25 14:36:37 | 000,450,048 | -H-- | C] ( ) -- C:\ProgramData\XCMsXSJotCWrp.exe
[2012.03.10 19:15:22 | 000,000,270 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
[2012.03.10 19:14:53 | 000,037,336 | ---- | C] () -- C:\Windows\System32\CleanMFT32.exe
[2012.02.19 16:55:50 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2012.02.16 21:53:45 | 000,047,168 | ---- | C] () -- C:\Windows\System32\drivers\d8b2b57a33138a00.sys
[2012.02.11 14:22:19 | 000,140,232 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.02.11 14:21:43 | 000,283,416 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.02.11 14:21:41 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.01.21 22:12:32 | 000,217,984 | ---- | C] () -- C:\Windows\System32\strmdll.dll
[2012.01.21 22:12:29 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2012.01.21 22:11:51 | 000,000,723 | ---- | C] () -- C:\Windows\disney.ini
[2012.01.19 18:47:38 | 000,369,352 | ---- | C] () -- C:\Windows\System32\drivers\cng.sys
[2012.01.19 18:47:38 | 000,134,000 | ---- | C] () -- C:\Windows\System32\drivers\ksecpkg.sys
[2012.01.19 18:47:38 | 000,067,440 | ---- | C] () -- C:\Windows\System32\drivers\ksecdd.sys
[2011.12.14 15:36:19 | 002,342,912 | ---- | C] () -- C:\Windows\System32\win32k.sys
[2011.12.14 15:36:17 | 000,038,912 | ---- | C] () -- C:\Windows\System32\csrsrv.dll
[2011.12.14 15:36:13 | 003,967,856 | ---- | C] () -- C:\Windows\System32\ntkrnlpa.exe
[2011.11.09 12:53:39 | 001,290,608 | ---- | C] () -- C:\Windows\System32\drivers\tcpip.sys
[2011.08.20 15:32:32 | 000,223,744 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb10.sys
[2011.07.25 16:28:25 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011.07.25 16:28:08 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011.07.17 19:34:55 | 000,000,324 | ---- | C] () -- C:\Windows\game.ini
[2011.07.15 17:51:35 | 000,172,032 | ---- | C] () -- C:\Windows\JAPI2.DLL
[2011.07.15 17:51:35 | 000,106,496 | ---- | C] () -- C:\Windows\JAPI.DLL
[2011.07.15 17:45:42 | 000,480,128 | ---- | C] () -- C:\Windows\System32\drivers\vvftav303.sys
[2011.07.15 17:45:31 | 001,472,768 | ---- | C] () -- C:\Windows\System32\drivers\usbVM303.sys
[2011.07.15 17:45:30 | 000,122,880 | ---- | C] () -- C:\Windows\rm303b.exe
[2011.07.13 13:50:03 | 001,211,264 | ---- | C] () -- C:\Windows\System32\drivers\ntfs.sys
[2011.07.13 13:50:03 | 000,332,160 | ---- | C] () -- C:\Windows\System32\drivers\iaStorV.sys
[2011.07.13 13:50:03 | 000,148,864 | ---- | C] () -- C:\Windows\System32\drivers\storport.sys
[2011.07.13 13:50:03 | 000,143,744 | ---- | C] () -- C:\Windows\System32\drivers\nvstor.sys
[2011.07.13 13:50:03 | 000,117,120 | ---- | C] () -- C:\Windows\System32\drivers\nvraid.sys
[2011.07.13 13:50:03 | 000,080,256 | ---- | C] () -- C:\Windows\System32\drivers\amdsata.sys
[2011.07.13 13:50:03 | 000,022,400 | ---- | C] () -- C:\Windows\System32\drivers\amdxata.sys
[2011.07.13 13:50:02 | 000,076,288 | ---- | C] () -- C:\Windows\System32\drivers\USBSTOR.SYS
[2011.07.13 13:49:49 | 000,043,008 | ---- | C] () -- C:\Windows\System32\drivers\usbehci.sys
[2011.07.13 13:49:48 | 000,284,672 | ---- | C] () -- C:\Windows\System32\drivers\usbport.sys
[2011.07.13 13:49:48 | 000,258,560 | ---- | C] () -- C:\Windows\System32\drivers\usbhub.sys
[2011.07.13 13:49:48 | 000,075,776 | ---- | C] () -- C:\Windows\System32\drivers\usbccgp.sys
[2011.07.13 13:49:48 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\usbuhci.sys
[2011.07.13 13:49:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\usbohci.sys
[2011.07.13 13:49:48 | 000,005,888 | ---- | C] () -- C:\Windows\System32\drivers\usbd.sys
[2011.07.11 19:53:49 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011.06.19 17:39:24 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.16 12:17:20 | 000,311,808 | ---- | C] () -- C:\Windows\System32\drivers\srv.sys
[2011.06.16 12:17:20 | 000,310,272 | ---- | C] () -- C:\Windows\System32\drivers\srv2.sys
[2011.06.16 12:17:20 | 000,114,688 | ---- | C] () -- C:\Windows\System32\drivers\srvnet.sys
[2011.06.16 12:17:17 | 000,338,944 | ---- | C] () -- C:\Windows\System32\drivers\afd.sys
[2011.06.16 12:17:13 | 000,123,904 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb.sys
[2011.06.16 12:17:13 | 000,096,768 | ---- | C] () -- C:\Windows\System32\drivers\mrxsmb20.sys
[2011.06.09 12:40:16 | 000,052,224 | ---- | C] () -- C:\Windows\System32\drivers\TsUsbFlt.sys
[2011.06.09 12:40:11 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.06.09 12:40:03 | 000,520,064 | ---- | C] () -- C:\Windows\System32\mcupdate_GenuineIntel.dll
[2011.06.09 12:40:00 | 000,233,344 | ---- | C] () -- C:\Windows\System32\drivers\msiscsi.sys
[2011.06.09 12:40:00 | 000,014,208 | ---- | C] () -- C:\Windows\System32\drivers\hwpolicy.sys
[2011.06.09 12:39:56 | 000,213,504 | ---- | C] () -- C:\Windows\System32\rdpdd.dll
[2011.06.09 12:39:56 | 000,134,656 | ---- | C] () -- C:\Windows\System32\rdpudd.dll
[2011.06.09 12:39:45 | 000,183,808 | ---- | C] () -- C:\Windows\System32\drivers\rdpwd.sys
[2011.06.09 12:39:43 | 000,388,096 | ---- | C] () -- C:\Windows\System32\drivers\csc.sys
[2011.06.09 12:39:40 | 000,508,904 | ---- | C] () -- C:\Windows\System32\winload.exe
[2011.06.09 12:39:38 | 000,712,576 | ---- | C] () -- C:\Windows\System32\drivers\ndis.sys
[2011.06.09 12:39:38 | 000,245,632 | ---- | C] () -- C:\Windows\System32\drivers\volsnap.sys
[2011.06.09 12:39:37 | 000,240,000 | ---- | C] () -- C:\Windows\System32\drivers\netio.sys
[2011.06.09 12:39:35 | 000,513,536 | ---- | C] () -- C:\Windows\System32\drivers\http.sys
[2011.06.09 12:39:34 | 000,115,712 | ---- | C] () -- C:\Windows\System32\drivers\mrxdav.sys
[2011.06.09 12:39:33 | 000,164,864 | ---- | C] () -- C:\Windows\System32\drivers\1394ohci.sys
[2011.06.09 12:39:31 | 000,194,800 | ---- | C] () -- C:\Windows\System32\drivers\fvevol.sys
[2011.06.09 12:39:30 | 000,242,688 | ---- | C] () -- C:\Windows\System32\drivers\rdbss.sys
[2011.06.09 12:39:30 | 000,116,096 | ---- | C] () -- C:\Windows\System32\drivers\msdsm.sys
[2011.06.09 12:39:29 | 000,690,680 | ---- | C] () -- C:\Windows\System32\ci.dll
[2011.06.09 12:39:28 | 000,175,360 | ---- | C] () -- C:\Windows\System32\drivers\vmbus.sys
[2011.06.09 12:39:28 | 000,153,984 | ---- | C] () -- C:\Windows\System32\drivers\pci.sys
[2011.06.09 12:39:26 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\termdd.sys
[2011.06.09 12:39:25 | 000,133,632 | ---- | C] () -- C:\Windows\System32\drivers\rdpdr.sys
[2011.06.09 12:39:25 | 000,085,376 | ---- | C] () -- C:\Windows\System32\drivers\sbp2port.sys
[2011.06.09 12:39:23 | 000,160,128 | ---- | C] () -- C:\Windows\System32\drivers\vhdmp.sys
[2011.06.09 12:39:23 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\msahci.sys
[2011.06.09 12:39:23 | 000,015,872 | ---- | C] () -- C:\Windows\System32\drivers\rdpvideominiport.sys
[2011.06.09 12:39:20 | 000,274,304 | ---- | C] () -- C:\Windows\System32\drivers\acpi.sys
[2011.06.09 12:39:20 | 000,246,784 | ---- | C] () -- C:\Windows\System32\drivers\udfs.sys
[2011.06.09 12:39:19 | 000,194,432 | ---- | C] () -- C:\Windows\System32\halmacpi.dll
[2011.06.09 12:39:19 | 000,194,432 | ---- | C] () -- C:\Windows\System32\hal.dll
[2011.06.09 12:39:18 | 000,035,968 | ---- | C] () -- C:\Windows\System32\drivers\winusb.sys
[2011.06.09 12:39:17 | 000,053,120 | ---- | C] () -- C:\Windows\System32\drivers\volmgr.sys
[2011.06.09 12:39:16 | 000,187,904 | ---- | C] () -- C:\Windows\System32\drivers\netbt.sys
[2011.06.09 12:39:16 | 000,056,192 | ---- | C] () -- C:\Windows\System32\drivers\partmgr.sys
[2011.06.09 12:39:15 | 000,132,992 | ---- | C] () -- C:\Windows\System32\drivers\ataport.sys
[2011.06.09 12:39:13 | 000,187,776 | ---- | C] () -- C:\Windows\System32\drivers\FWPKCLNT.SYS
[2011.06.09 12:39:12 | 000,130,432 | ---- | C] () -- C:\Windows\System32\drivers\mpio.sys
[2011.06.09 12:39:12 | 000,078,208 | ---- | C] () -- C:\Windows\System32\drivers\mountmgr.sys
[2011.06.09 12:39:11 | 000,140,160 | ---- | C] () -- C:\Windows\System32\drivers\scsiport.sys
[2011.06.09 12:39:11 | 000,043,392 | ---- | C] () -- C:\Windows\System32\drivers\winhv.sys
[2011.06.09 12:39:10 | 000,040,704 | ---- | C] () -- C:\Windows\System32\drivers\vmstorfl.sys
[2011.06.09 12:39:09 | 000,028,032 | ---- | C] () -- C:\Windows\System32\drivers\storvsc.sys
[2011.06.09 12:39:07 | 000,173,440 | ---- | C] () -- C:\Windows\System32\drivers\rdyboost.sys
[2011.06.09 12:39:03 | 000,190,976 | ---- | C] () -- C:\Windows\System32\drivers\ks.sys
[2011.06.09 12:39:00 | 000,055,808 | ---- | C] () -- C:\Windows\System32\drivers\hidclass.sys
[2011.06.09 12:38:59 | 000,137,088 | ---- | C] () -- C:\Windows\System32\halacpi.dll
[2011.06.09 12:38:56 | 000,074,752 | ---- | C] () -- C:\Windows\System32\drivers\tdx.sys
[2011.06.09 12:38:55 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\tssecsrv.sys
[2011.06.09 12:38:53 | 000,048,640 | ---- | C] () -- C:\Windows\System32\drivers\ndproxy.sys
[2011.06.09 12:38:46 | 000,117,760 | ---- | C] () -- C:\Windows\System32\drivers\rmcast.sys
[2011.06.09 12:38:40 | 000,046,080 | ---- | C] () -- C:\Windows\System32\drivers\ndisuio.sys
[2011.06.09 12:38:40 | 000,035,328 | ---- | C] () -- C:\Windows\System32\drivers\tcpipreg.sys
[2011.06.09 12:38:37 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.06.09 12:38:35 | 000,021,504 | ---- | C] () -- C:\Windows\System32\drivers\tdi.sys
[2011.06.09 12:38:34 | 000,031,232 | ---- | C] () -- C:\Windows\System32\drivers\CompositeBus.sys
[2011.06.09 12:38:33 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys
[2011.06.09 12:38:31 | 000,121,856 | ---- | C] () -- C:\Windows\System32\RDPENCDD.dll
[2011.06.09 12:38:31 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\tunnel.sys
[2011.06.09 12:38:31 | 000,078,336 | ---- | C] () -- C:\Windows\System32\drivers\dfsc.sys
[2011.06.09 12:38:30 | 000,010,240 | ---- | C] () -- C:\Windows\System32\drivers\acpipmi.sys
[2011.06.09 12:38:29 | 000,118,784 | ---- | C] () -- C:\Windows\System32\drivers\ndiswan.sys
[2011.06.09 12:38:28 | 000,132,224 | ---- | C] () -- C:\Windows\System32\drivers\WUDFRd.sys
[2011.06.09 12:38:28 | 000,050,176 | ---- | C] () -- C:\Windows\System32\drivers\appid.sys
[2011.06.09 12:38:28 | 000,024,064 | ---- | C] () -- C:\Windows\System32\drivers\hidusb.sys
[2011.06.09 12:38:28 | 000,017,920 | ---- | C] () -- C:\Windows\System32\drivers\VMBusHID.sys
[2011.06.09 12:38:27 | 000,065,536 | ---- | C] () -- C:\Windows\System32\drivers\IPMIDrv.sys
[2011.06.09 12:38:27 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\kbdhid.sys
[2011.06.09 12:38:26 | 000,304,128 | ---- | C] () -- C:\Windows\System32\drivers\HdAudio.sys
[2011.06.09 12:38:26 | 000,108,544 | ---- | C] () -- C:\Windows\System32\drivers\hdaudbus.sys
[2011.06.09 12:38:26 | 000,092,672 | ---- | C] () -- C:\Windows\System32\drivers\WUDFPf.sys
[2011.06.09 12:38:26 | 000,063,488 | ---- | C] () -- C:\Windows\System32\drivers\wanarp.sys
[2011.06.09 12:38:26 | 000,039,936 | ---- | C] () -- C:\Windows\System32\drivers\umbus.sys
[2011.06.09 12:38:26 | 000,026,624 | ---- | C] () -- C:\Windows\System32\drivers\scfilter.sys
[2011.06.09 12:38:26 | 000,026,624 | ---- | C] () -- C:\Windows\System32\RDPREFDD.dll
[2011.06.09 12:38:26 | 000,024,576 | ---- | C] () -- C:\Windows\System32\drivers\tdtcp.sys
[2011.06.09 12:38:26 | 000,018,432 | ---- | C] () -- C:\Windows\System32\drivers\tdpipe.sys
[2011.06.09 12:38:26 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\sffp_sd.sys
[2011.06.09 12:38:26 | 000,006,656 | ---- | C] () -- C:\Windows\System32\drivers\RDPCDD.sys
[2011.06.09 12:38:24 | 000,007,168 | ---- | C] () -- C:\Windows\System32\kbdlk41a.dll
[2011.06.09 12:38:24 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDSF.DLL
[2011.06.09 12:38:24 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDNEPR.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDUS.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDUGHR1.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDTURME.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDTAJIK.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDMON.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDMAORI.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDLT1.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINTEL.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINORI.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINKAN.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBULG.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBLR.DLL
[2011.06.09 12:38:24 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDBASH.DLL
[2011.06.09 12:38:24 | 000,005,632 | ---- | C] () -- C:\Windows\System32\KBDGEO.DLL
[2011.06.09 12:38:23 | 000,007,168 | ---- | C] () -- C:\Windows\System32\KBDSG.DLL
[2011.06.09 12:38:23 | 000,007,168 | ---- | C] () -- C:\Windows\System32\KBDCZ1.DLL
[2011.06.09 12:38:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDTUQ.DLL
[2011.06.09 12:38:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDTUF.DLL
[2011.06.09 12:38:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDPO.DLL
[2011.06.09 12:38:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDINBEN.DLL
[2011.06.09 12:38:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDGR1.DLL
[2011.06.09 12:38:23 | 000,006,656 | ---- | C] () -- C:\Windows\System32\KBDGKL.DLL
[2011.06.09 12:38:23 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINTAM.DLL
[2011.06.09 12:38:23 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINMAR.DLL
[2011.06.09 12:38:23 | 000,006,144 | ---- | C] () -- C:\Windows\System32\KBDINHIN.DLL
[2011.06.09 12:38:23 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\vms3cap.sys
[2011.06.02 20:57:19 | 000,039,272 | ---- | C] () -- C:\Windows\System32\drivers\fssfltr.sys
[2011.05.29 17:42:32 | 000,294,912 | ---- | C] () -- C:\Windows\System32\atmfd.dll
[2011.05.29 17:35:40 | 000,069,632 | ---- | C] () -- C:\Windows\System32\drivers\bowser.sys
[2011.05.29 17:33:01 | 000,027,008 | ---- | C] () -- C:\Windows\System32\drivers\Diskdump.sys
[2011.05.29 17:32:20 | 000,728,448 | ---- | C] () -- C:\Windows\System32\drivers\dxgkrnl.sys
[2011.05.29 17:32:20 | 000,219,008 | ---- | C] () -- C:\Windows\System32\drivers\dxgmms1.sys
[2011.05.29 17:32:20 | 000,107,520 | ---- | C] () -- C:\Windows\System32\cdd.dll
[2011.05.29 17:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.29 17:14:15 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011.03.21 13:22:06 | 000,362,600 | ---- | C] () -- C:\Windows\System32\drivers\Rt86win7.sys
[2011.03.21 13:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
 
========== LOP Check ==========
 
[2012.03.25 18:17:01 | 000,000,000 | -H-D | M] -- C:\Users\Konto\AppData\Roaming\TS3Client
[2012.03.11 10:39:00 | 000,000,902 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1249645105-1131285013-3966343216-1002Core.job
[2012.03.25 18:39:00 | 000,000,924 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1249645105-1131285013-3966343216-1002UA.job
[2012.03.25 19:00:00 | 000,000,270 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2012.03.25 15:12:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9

< End of report >
--- --- ---

--- --- ---


Extras.Txt :

OTL Extras logfile created on: 25.03.2012 19:43:15 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Konto\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,50 Gb Total Physical Memory | 0,60 Gb Available Physical Memory | 39,83% Memory free
3,00 Gb Paging File | 1,18 Gb Available in Paging File | 39,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,79 Gb Total Space | 162,00 Gb Free Space | 69,59% Space Free | Partition Type: NTFS

Computer Name: WIN7-PC | User Name: Konto | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{07672102-EB66-4BA5-B628-ABB0F341158D}" = Hitman Blood Money Demo
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E892FBB-0060-44C9-9E8C-017855956193}" = DBO_CT_TW
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1E05CF2E-BF5F-4A43-9147-2CCBBE57BC3C}_is1" = Mein Gutscheincode Finder 1.0.0.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{520B1077-6B1F-4B9B-B7BC-8CD2F04982C3}" = FEAR SP Demo
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7D71FCA2-DB4A-497D-AF6F-B0D88DA92F88}" = FEAR SP Demo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92AF2F5A-4407-4A03-A80A-5A2582264746}" = Crysis(R) SP Demo
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"American Conquest" = American Conquest
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DATA BECKER America Gold Edition" = DATA BECKER America Gold Edition
"Disciples 2" = Disciples 2
"Disciples 2 - Gallean's Return" = Disciples 2 - Gallean's Return
"Disciples 2 - Rise of the Elves" = Disciples 2 - Rise of the Elves
"Disciples II - Dark Prophecy Undead Demo" = Disciples II - Dark Prophecy Undead Demo
"EPSON BX300F Series" = Druckerdeinstallation für EPSON BX300F Series
"Football Superstars_is1" = Football Superstars
"Fraps" = Fraps
"Free YouTube Download_is1" = Free YouTube Download version 3.0.19.1206
"FUSSBALL MANAGER 11 DEMO" = FUSSBALL MANAGER 11 DEMO
"Galileo Family Quiz - Spezial II" = Galileo Family Quiz - Spezial II
"GameSpy Arcade" = GameSpy Arcade
"Google Chrome" = Google Chrome
"Halo Zero Final V1.8.3" = Halo Zero Final V1.8.3
"InfernalGameDemo" = Infernal Demo
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NSS" = Norton Security Scan
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver

markusg 25.03.2012 19:22
hi

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
PRC - [2012.03.25 15:02:14 | 000,361,472 | -H-- | M] ( ) -- C:\ProgramData\6NPPFw41Dw0HcK.exe
PRC - [2012.03.25 14:33:31 | 000,450,048 | -H-- | M] ( ) -- C:\ProgramData\XCMsXSJotCWrp.exe
O4 - HKLM..\Run: [XCMsXSJotCWrp.exe] C:\ProgramData\XCMsXSJotCWrp.exe ( )
[2012.03.25 15:02:41 | 000,000,000 | -H-D | C] -- C:\Users\Konto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.03.25 15:06:13 | 000,000,264 | -H-- | M] () -- C:\ProgramData\~6NPPFw41Dw0HcK
[2012.03.25 15:06:13 | 000,000,176 | -H-- | M] () -- C:\ProgramData\~6NPPFw41Dw0HcKr
[2012.03.25 15:03:45 | 000,000,448 | -H-- | M] () -- C:\ProgramData\6NPPFw41Dw0HcK
[2012.03.25 15:02:41 | 000,000,653 | -H-- | M] () -- C:\Users\Konto\Desktop\System Check.lnk
[2012.03.25 15:02:14 | 000,361,472 | -H-- | M] ( ) -- C:\ProgramData\6NPPFw41Dw0HcK.exe
 :Files
C:\ProgramData\6NPPFw41Dw0HcK.exe
C:\ProgramData\XCMsXSJotCWrp.exe
:Commands
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:47 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131