Trojaner-Board - explorer.exe stürzt ständig ab

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - explorer.exe stürzt ständig ab (https://www.trojaner-board.de/90831-explorer-exe-stuerzt-staendig-ab.html)

explorer.exe stürzt ständig ab

Hallo

Weiß nicht ob Ich jetzt ein Virus habe oder ob es an den 64 Bit Tücken liegt^^. Denn bei mir stürzt ständig der explorer ab. G-data und Malwarbytes finden nichts. Habe mal Hijackscan drüber laufen lassen dazu hier mal der logfile.

Code:

 Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:00:54, on 15.09.2010

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.18943)

Boot mode: Normal
 

Running processes:

C:\Program Files (x86)\MagicTune Premium\GammaTray.exe

C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe

C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe

C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe

C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe

C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Users\****\Downloads\Neuer Ordner\HiJackThis.exe
 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.msn.de/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

F2 - REG:system.ini: UserInit=userinit.exe

O1 - Hosts: ::1 localhost

O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: ZoneAlarm Toolbar Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - (no file)

O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - (no file)

O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll

O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe

O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe

O4 - HKLM\..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe --background

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe

O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')

O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')

O4 - Global Startup: GammaTray.exe.lnk = ?

O4 - Global Startup: NCProTray.lnk = ?

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe

O13 - Gopher Prefix: 

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - h**p://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: G DATA AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe

O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe

O23 - Service: G Data Dateisystem Wächter (AVKWCtl) - G Data Software AG - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe

O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)

O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe

O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: InstallShield Licensing Service - Macrovision                                                     - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MagicTuneEngine - Unknown owner - (no file)

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 

--

End of file - 8836 bytes

Hi,

wann stürzt der Explorer ab, wenn Du in ein Verzeichnis mit Mediendateien reingehst?

Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe

Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output

Unter Extra Registry, wähle bitte Use SafeList

Klicke nun auf Run Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)

Poste die Logfiles hier in den Thread

chris

Hallo

Danke schon mal in voraus für deine Hilfe. Am meisten stürzt der explorer ab wenn ich im Internet bin.

Habe hier erst mal den OTL logfile bin gestern nicht mehr dazu gekommen den hoch zu laden den scann von Drweb reiche ich noch nach sobald ich den durch habe

OTL EXTRAS Logfile:

Code:

OTL logfile created on: 15.09.2010 23:14:33 - Run 1

OTL by OldTimer - Version 3.2.12.1     Folder = C:\Users\******\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 724,78 Gb Total Space | 360,33 Gb Free Space | 49,72% Space Free | Partition Type: NTFS

Drive D: | 206,73 Gb Total Space | 198,97 Gb Free Space | 96,25% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ********

Current User Name: ******

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision                                                    )

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe ()

PRC - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung)

PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\******\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)

SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)

SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)

SRV - (InstallShield Licensing Service) -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision                                                    )

SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found

DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found

DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found

DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)

DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\DRIVERS\gdwfpcd64.sys (G DATA Software AG)

DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)

DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG)

DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)

DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys ()

DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://***.msn.de/

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h**p://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B AB 64 58 A7 AA CA 01  [binary data]

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "***.web.de"

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.15 00:47:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.09 12:52:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.09 12:00:52 | 000,000,000 | ---D | M]

 

[2009.09.11 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions

[2010.09.15 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions

[2010.04.27 10:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.12 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\personas@christopher.beard

[2010.09.15 22:47:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.06.06 18:27:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2010.04.20 01:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.17 12:32:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010.03.12 17:54:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.02.12 14:45:03 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2010.03.12 17:54:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.03.12 17:54:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.03.12 17:54:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.03.12 17:54:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)

O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O3 - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe ()

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.09.15 22:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010.09.15 22:31:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010.09.15 22:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010.09.15 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\MFTools

[2010.09.15 22:10:53 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MP4SDECD.DLL

[2010.09.15 22:10:53 | 000,295,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MP4SDECD.DLL

[2010.09.15 22:10:39 | 000,621,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll

[2010.09.13 22:57:54 | 000,000,000 | ---D | C] -- C:\b0a675dbe8de819280

[2010.09.13 22:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell

[2010.09.13 22:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell

[2010.09.13 22:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll

[2010.09.13 22:55:15 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll

[2010.09.13 22:55:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll

[2010.09.13 22:55:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll

[2010.09.13 22:55:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll

[2010.09.13 22:55:13 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll

[2010.09.13 22:55:10 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll

[2010.09.13 22:55:10 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll

[2010.09.13 22:55:09 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe

[2010.09.13 22:55:09 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe

[2010.09.13 22:55:08 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe

[2010.09.13 22:55:05 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll

[2010.09.13 22:55:05 | 000,113,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe

[2010.09.13 22:55:05 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll

[2010.09.13 22:55:05 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll

[2010.09.13 22:55:05 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe

[2010.09.13 22:55:05 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll

[2010.09.13 22:55:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll

[2010.09.13 22:55:05 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll

[2010.09.13 22:55:05 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe

[2010.09.13 22:55:05 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe

[2010.09.13 22:55:05 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe

[2010.09.13 22:54:59 | 000,310,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll

[2010.09.13 22:54:59 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll

[2010.09.13 22:54:59 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe

[2010.09.13 22:54:59 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll

[2010.09.13 22:54:59 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll

[2010.09.13 22:54:59 | 000,180,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll

[2010.09.13 22:54:59 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll

[2010.09.13 22:54:58 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll

[2010.09.13 22:54:58 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll

[2010.09.13 22:54:58 | 000,348,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe

[2010.08.17 12:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010.08.17 12:32:22 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2010.08.17 12:32:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2010.08.17 12:32:22 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.09.15 23:25:21 | 003,670,016 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT

[2010.09.15 22:46:26 | 000,000,846 | ---- | M] () -- C:\Users\****\Desktop\CCleaner.lnk

[2010.09.15 22:42:57 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010.09.15 22:42:57 | 000,633,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2010.09.15 22:42:57 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010.09.15 22:42:57 | 000,128,784 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2010.09.15 22:42:57 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010.09.15 22:36:51 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010.09.15 22:36:50 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010.09.15 22:36:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.09.15 22:36:33 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.09.15 22:36:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.09.15 22:36:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.09.15 22:35:27 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010.09.15 22:35:27 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010.09.15 22:35:14 | 003,721,260 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db

[2010.09.15 22:31:48 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.14 02:47:19 | 000,097,280 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.13 23:03:40 | 001,476,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.09.01 12:46:17 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010.08.24 23:57:32 | 000,000,000 | -H-- | M] () -- C:\Users\******\Documents\Default.rdp

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.09.15 22:46:26 | 000,000,846 | ---- | C] () -- C:\Users\*****\Desktop\CCleaner.lnk

[2010.09.15 22:31:48 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.13 23:03:40 | 001,476,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs

[2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs

[2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml

[2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml

[2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl

[2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl

[2010.08.24 23:57:32 | 000,000,000 | -H-- | C] () -- C:\Users\*****\Documents\Default.rdp

[2010.06.06 18:30:24 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll

[2010.04.28 22:13:06 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010.04.28 22:12:09 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010.04.15 21:32:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.04.15 01:16:56 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2010.02.27 16:13:06 | 000,437,258 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI059F.txt

[2010.02.27 16:13:06 | 000,011,458 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI059F.txt

[2010.01.05 17:49:28 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.12.21 01:35:39 | 000,000,680 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps.dat

[2009.12.03 12:16:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009.12.03 12:15:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.09.10 15:19:37 | 000,097,280 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.10 13:33:15 | 000,521,458 | ---- | C] () -- C:\Users\****\AppData\Local\dd_ATL80SP1_KB973923MSI28A8.txt

[2009.09.10 13:33:14 | 000,012,532 | ---- | C] () -- C:\Users\****\AppData\Local\dd_ATL80SP1_KB973923UI28A8.txt

[2009.09.10 13:18:09 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys

[2009.09.10 10:27:27 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

 
 ========== LOP Check ==========

 

[2010.03.03 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\autobingooo

[2010.05.25 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CheckPoint

[2010.04.23 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\digital publishing

[2010.06.06 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor

[2010.01.31 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\FlightSimTools.com

[2010.07.18 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2009.11.28 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JavaEditor

[2010.04.23 11:19:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDisc

[2010.06.06 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\TS3Client

[2010.09.15 22:35:18 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

< End of report >

--- --- ---

und hier der zweite

OTL EXTRAS Logfile:

Code:

OTL Extras logfile created on: 15.09.2010 23:14:33 - Run 1

OTL by OldTimer - Version 3.2.12.1     Folder = C:\Users\***\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 73,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 724,78 Gb Total Space | 360,33 Gb Free Space | 49,72% Space Free | Partition Type: NTFS

Drive D: | 206,73 Gb Total Space | 198,97 Gb Free Space | 96,25% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ***

Current User Name: ***

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_USERS\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = 0D 47 15 09 05 74 CA 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 0

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{21B1222F-78BE-4A10-8278-F162B5943C5C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{D240B2D9-F1A3-4F89-AB22-E675ADFA18FC}" = lport=2869 | protocol=6 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{096AFD61-4C71-4A64-A0A9-96ED0CE0A420}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 

"{15C2CD0E-7526-46C8-A71F-573182C35AFC}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 

"{15E4FE9B-807E-4DB7-B7C5-6D4B9FC832EA}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | 

"{1B3FFE10-5F99-4C1E-AB30-567940F31DB6}" = dir=in | app=c:\program files (x86)\homecinema\powerdirector\pdr.exe | 

"{27755509-1A84-489E-BBD8-813103324356}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{3C48E1C9-1A24-4DB9-8662-6B740FDF79AA}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\aogame.exe | 

"{7545D561-B4DA-4F5F-A7FB-EF48195ADB50}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 

"{7840D3F5-79F8-4B2B-A42E-797BCB26787A}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 

"{7C8682A8-BC37-4D64-8FD1-CE51EB0BE07D}" = protocol=17 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe | 

"{9675EA91-5277-42BA-A701-99E6281C72D8}" = protocol=6 | dir=in | app=c:\program files\bohemia interactive\arma 2\arma2oa.exe | 

"{967B40E4-10A4-4414-8CE2-F3FDAD2EACEF}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 

"{FEA88F10-27A5-4C24-950B-11989AE48880}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 

"TCP Query User{07313A72-2058-4E66-94FC-1658F44707EA}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | 

"TCP Query User{632666DE-6C49-4118-8B89-31037170233E}C:\program files (x86)\magictune premium\magictune.exe" = protocol=6 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | 

"UDP Query User{2950F5E8-8DF9-4ACC-871A-471E607E03C6}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | 

"UDP Query User{D5EDCEA8-68C8-4577-9F07-E302D513D5B6}C:\program files (x86)\magictune premium\magictune.exe" = protocol=17 | dir=in | app=c:\program files (x86)\magictune premium\magictune.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP5300" = Canon iP5300

"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll

"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007

"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID-Anmelde-Assistent

"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Display Control Panel" = NVIDIA Display Control Panel

"NVIDIA Drivers" = NVIDIA Drivers

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"WinRAR archiver" = WinRAR

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2184E36F-BE0B-45C5-BA9B-63B8A2EAE106}" = Microsoft Flight Simulator X

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 21

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{42F1C44A-1BCE-4373-B134-3B1E172EA393}" = Microsoft Flight Simulator X

"{45A3EACA-F0CA-4533-A560-7D4E89635B82}" = Boeing Stratoliner for FSX

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4DBF727E-DADA-4AA3-A527-F21D035666B4}" = Vickers Vernon II for FSX

"{55A83A82-54E6-4E73-A9BE-534C188A6754}" = Armstrong Whitworth Ensign for FSX

"{5A347920-4AFC-11D5-9FB0-800649886934}" = SDFormatter

"{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}" = Suite

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{619289AF-D736-4292-A4BD-E406E302CE1C}" = Addon Converter X

"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK

"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79E9C7C5-4FCC-4DFF-B79E-17319E9522F3}" = MagicTunePremium

"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{94015C3E-CF62-478F-ABC2-CCF29D4A5D4D}" = Douglas C-124 Globemaster II for FSX

"{A023A62C-D0A6-40D7-87EB-4C24255C28C8}" = Vickers Vimy Commercial  for FSX

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A6E92CAB-9E63-46DC-8ABF-0CAFF7B7CD02}" = eXPert PDF 4

"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{BB2158B2-6A0A-4159-B373-4D8768C80170}" = Microsoft Flight Simulator X

"{C2C601B7-F00A-4C29-AE97-9B6254B548BA}" = Microsoft Flight Simulator X

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{D729E05E-B2B9-4DC4-AF57-47310576EDE0}" = G Data InternetSecurity

"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FBAA269E-A2B3-474D-B889-308EAA9AF33B}" = Douglas DC-6 for FSX

"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro

"{FD523531-7EA3-4F11-948C-C5F4B734FDB2}" = FSX Bonus Multiplayer Racing Missions

"{FE7160F6-45DC-44E0-BC90-ED37FD16D494}" = Bristol Britannia for FSX

"7-Zip" = 7-Zip 9.07 beta

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"ARMA 2 Operation Arrowhead" = ARMA 2 Operation Arrowhead Uninstall

"ArmA2" = ArmA2 Uninstall

"AstrumNival Allods" = Allods Online 1700

"CCleaner" = CCleaner

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"DivX Setup.divx.com" = DivX-Setup

"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint

"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration

"FLV Player" = FLV Player 2.0 (build 25)

"Guild Wars" = GUILD WARS

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"MediaNavigation.CDLabelPrint" = CD-LabelPrint

"Mozilla Firefox (3.6.9)" = Mozilla Firefox (3.6.9)

"PokerStars.net" = PokerStars.net

"RealPlayer 12.0" = RealPlayer

"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X

"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"VLC media player" = VLC media player 1.0.1

"WinGimp-2.0_is1" = GIMP 2.6.10

"WinLiveSuite_Wave3" = Windows Live Essentials

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"DLR Airbus A320-232" = DLR Airbus A320-232

"Move Media Player" = Move Media Player

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 14.09.2010 07:33:20 | Computer Name = ***** | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei

 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 

im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente

 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition:

 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie

 das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

Error - 14.09.2010 07:33:20 | Computer Name = ***** | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei

 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 

im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente

 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition:

 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie

 das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

Error - 14.09.2010 07:34:37 | Computer Name = ******* | Source = WinMgmt | ID = 10

Description = 

 

Error - 14.09.2010 13:22:30 | Computer Name = ********* | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.09.2010 04:04:03 | Computer Name = ********* | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.09.2010 16:02:51 | Computer Name = ****** | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.09.2010 16:24:40 | Computer Name = ***** | Source = WinMgmt | ID = 10

Description = 

 

Error - 15.09.2010 16:36:46 | Computer Name = **** | Source = SideBySide | ID = 16842830

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Nero\Nero8\Nero Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei

 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt

 mit einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten

 sind:  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_1509f8bef40ee4da.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0.manifest.

 

Error - 15.09.2010 16:36:47 | Computer Name = ****** | Source = SideBySide | ID = 16842787

Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files

 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei

 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 

im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente

 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".

Definition:

 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie

 das Programm "sxstrace.exe" für eine detaillierte Diagnose.

 

Error - 15.09.2010 16:37:57 | Computer Name = ***** | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 15.09.2010 04:04:03 | Computer Name = ***** | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 15.09.2010 16:01:17 | Computer Name = ***** | Source = Microsoft-Windows-ResourcePublication | ID = 1002

Description = 

 

Error - 15.09.2010 16:02:51 | Computer Name = **** | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 15.09.2010 16:11:53 | Computer Name = **** | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 15.09.2010 16:11:53 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 15.09.2010 16:11:54 | Computer Name = ***** | Source = DCOM | ID = 10005

Description = 

 

Error - 15.09.2010 16:11:54 | Computer Name = *** | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 15.09.2010 16:11:54 | Computer Name = *** | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 15.09.2010 16:24:40 | Computer Name = **** | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 15.09.2010 16:37:58 | Computer Name = **** | Source = Service Control Manager | ID = 7026

Description = 

 

 

< End of report >

--- --- ---

Hi,

ins Auge fällt mir erstmal nichts...
Poste noch das Log von Cureit...

Einige CLS-Ids...
Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
und suche folgende Datei/Dateien:

Code:

C:\Windows\explorer.exe

C:\Windows\SysWow64\explorer.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.

Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:



:OTL

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (no name) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.

O3 - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
 

:Commands

[emptytemp]

[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Tiefer graben mit OTL:

Starte bitte die OTL.exe

Vista/Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt in die Textbox

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

mv61xx.sys

/md5stop

c:\windows\system32\drivers\*.sys /lockedfiles

c:\windows\system32\*.dll /lockedfiles

%systemroot%\*. /mp /s

%PROGRAMFILES%\*.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Quick Scan Button

Klick auf OK

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

chris

Hi,

So habe mal Dr.web drüber laufen lassen einmal die kurze Fassung und einmal die lange. Was Infiziertes hat er nicht gefunden allerdings hat er die Hosts-Datei in die Quarantäne verschoben weil die modifiziert wurde weiß nicht ob dies was zu sagen hat. Die logfile ist 17 mb groß daher werde ich sie nicht hochladen.

dann als nächstes die beiden explorer Dateien

C:\Windows\SysWow64\explorer.exe (Sorry für die unschöne Zusammenstellung^^)

Code:

Antivirus          Version          Last Update          Result

AhnLab-V3        2010.09.17.00        2010.09.16        -

AntiVir        8.2.4.52        2010.09.16        -

Antiy-AVL        2.0.3.7        2010.09.16        -

Authentium        5.2.0.5        2010.09.16        -

Avast        4.8.1351.0        2010.09.16        -

Avast5        5.0.594.0        2010.09.16        -

AVG        9.0.0.851        2010.09.16        -

BitDefender        7.2        2010.09.16        -

CAT-QuickHeal        11.00        2010.09.16        -

ClamAV        0.96.2.0-git        2010.09.16        -

Comodo        6101        2010.09.16        -

DrWeb        5.0.2.03300        2010.09.16        -

Emsisoft        5.0.0.37        2010.09.16        -

eSafe        7.0.17.0        2010.09.15        -

eTrust-Vet        36.1.7860        2010.09.16        -

F-Prot        4.6.1.107        2010.09.16        -

F-Secure        9.0.15370.0        2010.09.16        -

Fortinet        4.1.143.0        2010.09.16        -

GData        21        2010.09.16        -

Ikarus        T3.1.1.88.0        2010.09.16        -

Jiangmin        13.0.900        2010.09.16        -

K7AntiVirus        9.63.2533        2010.09.16        -

Kaspersky        7.0.0.125        2010.09.16        -

McAfee        5.400.0.1158        2010.09.16        -

McAfee-GW-Edition        2010.1C        2010.09.16        -

Microsoft        1.6103        2010.09.16        -

NOD32        5456        2010.09.16        -

Norman        6.06.06        2010.09.16        -

nProtect        2010-09-16.02        2010.09.16        -

Panda        10.0.2.7        2010.09.16        -

PCTools        7.0.3.5        2010.09.16        -

Prevx        3.0        2010.09.16        -

Rising        22.65.03.04        2010.09.16        -

Sophos        4.57.0        2010.09.16        -

Sunbelt        6884        2010.09.16        -

SUPERAntiSpyware        4.40.0.1006        2010.09.16        -

Symantec        20101.1.1.7        2010.09.16        -

TheHacker        6.7.0.0.020        2010.09.16        -

TrendMicro        9.120.0.1004        2010.09.16        -

TrendMicro-HouseCall        9.120.0.1004        2010.09.16        -

VBA32        3.12.14.0        2010.09.16        -

ViRobot        2010.8.25.4006        2010.09.16        -

VirusBuster        12.65.10.0        2010.09.16        -
 

 

MD5   : d07d4c3038f3578ffce1c0237f2a1253 

SHA1  : 4b3bd605b63749ff255e048ca6f27aff95aec24a 

SHA256:135dd05678c8997b45982d77298dbdd98061c9d4fe43d77866846012eb061a04 

ssdeep: 24576:5d8uxOc/QpDk5pGYCW5uXSA7jTeFadRsxFb/g/J/ulZl:TOcLC8A7/eFwY3l/ 
 

File size : 2926592 bytes 

First seen: 2009-05-24 18:27:11 

Last seen : 2010-09-16 21:23:01 
 

TrID: 

Win32 Executable Generic (42.3%)

Win32 Dynamic Link Library (generic) (37.6%)

Generic Win/DOS Executable (9.9%)

DOS Executable Generic (9.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) 
 

sigcheck: 

publisher....: Microsoft Corporation

copyright....: (c) Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Windows Explorer

original name: EXPLORER.EXE

internal name: explorer

file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

C:\Windows\explorer.exe (Selbe Resultat wie oben deshalb lass ich sie mal weg und hänge nur den unteren Teil dran)

Code:



MD5   : 6b08e54a451b3f95e4109dba7e594270

SHA1  : 4a4ffbeb8c559f25b2ff7fdaa63c021610f8fa52

SHA256: 0419e4100c3b4ad1831fbf9249173cf32c8209c71b7101674b239a0a47c30e42

ssdeep: 24576:J7uIrM5dLy0oH2N1JwBpGYCW5uXSA7jTeFadRsxFb/g/J/ulZ:JuIrMTLyVw1JwrLC8A7

/eFwY3l
 

File size : 3079168 bytes

First seen: 2009-05-10 20:06:31

Last seen : 2010-09-16 21:52:37
 

TrID:

Win64 Executable Generic (95.5%)

Generic Win/DOS Executable (2.2%)

DOS Executable Generic (2.2%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
 

sigcheck:

publisher....: Microsoft Corporation

copyright....: (c) Microsoft Corporation. All rights reserved.

product......: Microsoft_ Windows_ Operating System

description..: Windows Explorer

original name: EXPLORER.EXE

internal name: explorer

file version.: 6.0.6002.18005 (lh_sp2rtm.090410-1830)

comments.....: n/a

signers......: -

signing date.: -

verified.....: Unsigned

So dann als nächstes den OTL Fix und den erweiterten ORL scann allerdings weiß ich nicht ob der so geklappt hat wie er soll dar er diesmal nur eine Datei erstellt hat.

Code:



All processes killed

========== OTL ==========

::1 localhost removed from HOSTS file successfully

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

Registry value HKEY_USERS\S-1-5-21-3710354763-2675476858-1227895641-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: ****

->Temp folder emptied: 530313 bytes

->Temporary Internet Files folder emptied: 338461 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 42864604 bytes

->Flash cache emptied: 3193 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 525536 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 42,00 mb

 

 

OTL by OldTimer - Version 3.2.12.1 log created on 09162010_212624
 

Files\Folders moved on Reboot...

File\Folder C:\Windows\temp\TMP0000004949C6F9BA9F373F7D not found!
 

Registry entries deleted on Reboot...

OTL Logfile:

Code:

OTL logfile created on: 16.09.2010 21:37:35 - Run 2

OTL by OldTimer - Version 3.2.12.1     Folder = C:\Users\****\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 724,78 Gb Total Space | 389,64 Gb Free Space | 53,76% Space Free | Partition Type: NTFS

Drive D: | 206,73 Gb Total Space | 198,97 Gb Free Space | 96,25% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ****

Current User Name: ****

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\****\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision                                                    )

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe ()

PRC - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung)

PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\****\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)

SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)

SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)

SRV - (InstallShield Licensing Service) -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision                                                    )

SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found

DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found

DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found

DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)

DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\DRIVERS\gdwfpcd64.sys (G DATA Software AG)

DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)

DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG)

DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)

DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys ()

DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h***p://www.msn.de/

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = h***p://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B AB 64 58 A7 AA CA 01  [binary data]

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "h**p://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "w**.web.de"

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.15 00:47:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.09 12:52:45 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.09 12:00:52 | 000,000,000 | ---D | M]

 

[2009.09.11 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Extensions

[2010.09.15 22:47:10 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions

[2010.04.27 10:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.12 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\personas@christopher.beard

[2010.09.15 22:47:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.06.06 18:27:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2010.04.20 01:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.17 12:32:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010.03.12 17:54:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.02.12 14:45:03 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2010.03.12 17:54:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.03.12 17:54:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.03.12 17:54:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.03.12 17:54:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.09.16 21:26:25 | 000,001,446 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)

O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe ()

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme (x86)\Microsoft Office\Office12\ONENOTEM.EXE - File not found

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: ISW - hkey= - key= - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found

MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

MsConfig:64bit - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vsmon - Service

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vsmon - Service

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {32782297-F0C6-D5D1-DE7E-77985353E7DD} - Java (Sun)

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010.09.16 21:26:24 | 000,000,000 | ---D | C] -- C:\_OTL

[2010.09.16 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\DoctorWeb

[2010.09.15 22:46:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010.09.15 22:31:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010.09.15 22:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010.09.15 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools

[2010.09.13 22:57:54 | 000,000,000 | ---D | C] -- C:\b0a675dbe8de819280

[2010.09.13 22:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell

[2010.09.13 22:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell

[2010.08.17 12:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010.08.01 00:59:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ArmA 2 OA

[2010.07.31 23:18:39 | 000,000,000 | ---D | C] -- C:\Programme\Bohemia Interactive

[2010.07.18 15:50:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2010.07.18 15:50:48 | 000,000,000 | ---D | C] -- C:\Users\***\.thumbnails

[2010.07.18 15:49:34 | 000,000,000 | ---D | C] -- C:\Users\Rene1988\.gimp-2.6

[2010.07.18 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0

[2010.07.09 18:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic

[2010.06.29 12:13:48 | 000,000,000 | ---D | C] -- C:\coolspot AG

[2010.06.26 14:56:25 | 000,000,000 | ---D | C] -- C:\2697e6b62259a8878c2045e8ce808a

[2010.06.24 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 90 Days ==========

 

[2010.09.16 21:50:22 | 003,670,016 | -HS- | M] () -- C:\Users\****\NTUSER.DAT

[2010.09.16 21:32:29 | 000,633,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2010.09.16 21:32:29 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010.09.16 21:32:29 | 000,128,784 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2010.09.16 21:32:29 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010.09.16 21:32:28 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010.09.16 21:28:01 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010.09.16 21:28:00 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010.09.16 21:27:41 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.09.16 21:27:40 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.09.16 21:27:38 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.09.16 21:27:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.09.16 21:26:48 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010.09.16 21:26:48 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010.09.16 21:26:41 | 001,947,723 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db

[2010.09.16 21:00:56 | 000,001,460 | ---- | M] () -- C:\Users\*\AppData\Local\d3d9caps64.dat

[2010.09.16 01:03:08 | 000,100,864 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.15 22:46:26 | 000,000,846 | ---- | M] () -- C:\Users\**\Desktop\CCleaner.lnk

[2010.09.15 22:31:48 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.13 23:03:40 | 001,476,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.09.01 12:46:17 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010.08.24 23:57:32 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp

[2010.08.12 12:17:32 | 000,282,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010.08.04 22:57:45 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys

[2010.08.01 00:51:21 | 000,000,995 | ---- | M] () -- C:\Users\**\Desktop\ARMA 2 Combined Operations.lnk

[2010.07.31 23:55:07 | 000,000,961 | ---- | M] () -- C:\Users\***\Desktop\ARMA II starten.lnk

[2010.07.18 19:14:43 | 000,002,126 | ---- | M] () -- C:\Users\**\.recently-used.xbel

[2010.07.18 15:49:18 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2010.07.11 10:53:32 | 000,001,421 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk

[2010.07.11 10:53:12 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010.07.09 22:28:06 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010.07.09 18:24:04 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk

[2010.07.06 21:41:53 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\Allods Online.lnk

[2010.06.28 01:49:46 | 000,001,007 | ---- | M] () -- C:\Users\***\Desktop\Content.IE5 - Verknüpfung.lnk

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.09.15 22:46:26 | 000,000,846 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk

[2010.09.15 22:31:48 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.13 23:03:40 | 001,476,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs

[2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs

[2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml

[2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml

[2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl

[2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl

[2010.08.24 23:57:32 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp

[2010.08.01 00:51:21 | 000,000,995 | ---- | C] () -- C:\Users\***\Desktop\ARMA 2 Combined Operations.lnk

[2010.07.31 23:55:07 | 000,000,961 | ---- | C] () -- C:\Users\***\Desktop\ARMA II starten.lnk

[2010.07.18 19:14:43 | 000,002,126 | ---- | C] () -- C:\Users\**\.recently-used.xbel

[2010.07.18 15:49:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2010.07.09 18:24:04 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk

[2010.07.06 21:41:53 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Allods Online.lnk

[2010.06.28 01:49:46 | 000,001,007 | ---- | C] () -- C:\Users\****\Desktop\Content.IE5 - Verknüpfung.lnk

[2010.06.06 18:30:24 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll

[2010.04.28 22:13:06 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010.04.28 22:12:09 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010.04.15 21:32:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.04.15 01:16:56 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2010.02.27 16:13:06 | 000,437,258 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI059F.txt

[2010.02.27 16:13:06 | 000,011,458 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistUI059F.txt

[2010.01.05 17:49:28 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.12.21 01:35:39 | 000,000,680 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps.dat

[2009.12.03 12:16:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009.12.03 12:15:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.09.10 15:19:37 | 000,100,864 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.10 13:33:15 | 000,521,458 | ---- | C] () -- C:\Users\***\AppData\Local\dd_ATL80SP1_KB973923MSI28A8.txt

[2009.09.10 13:33:14 | 000,012,532 | ---- | C] () -- C:\Users\***\AppData\Local\dd_ATL80SP1_KB973923UI28A8.txt

[2009.09.10 13:18:09 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys

[2009.09.10 10:27:27 | 000,001,460 | ---- | C] () -- C:\Users\****\AppData\Local\d3d9caps64.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

 
 ========== LOP Check ==========

 

[2010.03.03 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\autobingooo

[2010.05.25 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\CheckPoint

[2010.04.23 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\digital publishing

[2010.06.06 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\eXPert PDF Editor

[2010.01.31 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FlightSimTools.com

[2010.07.18 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2009.11.28 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JavaEditor

[2010.04.23 11:19:53 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\ProtectDisc

[2010.06.06 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client

[2010.09.16 21:26:44 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\HomeCinema\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

 
 < c:\windows\system32\drivers\*.sys /lockedfiles >

 
 < c:\windows\system32\*.dll /lockedfiles >

 
 < %systemroot%\*. /mp /s >

 
 < %PROGRAMFILES%\*. >

[2009.10.14 00:37:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip

[2010.01.19 13:14:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe

[2009.09.10 11:38:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies

[2009.09.10 14:37:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon

[2010.09.15 22:46:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner

[2009.09.10 14:33:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CD-LabelPrint

[2010.08.17 12:32:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files

[2009.09.10 14:52:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink

[2010.07.11 10:53:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX

[2009.09.10 20:12:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FLV Player

[2010.06.06 18:13:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\G DATA

[2010.07.18 15:48:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0

[2010.05.19 21:28:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUILD WARS

[2009.09.10 14:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HomeCinema

[2010.07.09 18:24:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information

[2009.09.10 11:35:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel

[2010.08.12 03:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer

[2010.08.17 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java

[2009.09.10 12:45:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MagicTune Premium

[2010.09.15 22:31:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010.05.27 03:02:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft

[2010.08.31 22:56:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games

[2009.09.10 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office

[2010.09.08 14:48:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight

[2009.09.10 14:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2009.09.10 14:02:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works

[2010.09.13 23:31:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET

[2010.09.09 12:00:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox

[2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild

[2010.01.06 10:56:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0

[2010.01.05 17:46:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero

[2010.07.09 18:24:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Panasonic

[2009.11.07 13:14:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.NET

[2010.04.15 00:46:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real

[2009.09.10 11:55:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek

[2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies

[2009.09.10 13:17:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SEC

[2009.09.10 14:55:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Teamspeak2_RC2

[2009.09.10 12:00:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp

[2006.11.02 17:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information

[2009.09.10 20:19:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN

[2010.06.06 18:30:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Visagesoft

[2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar

[2008.01.21 05:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration

[2008.01.21 05:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender

[2009.09.10 14:00:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live

[2009.09.10 13:59:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive

[2010.09.15 22:18:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail

[2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player

[2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT

[2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery

[2009.12.04 16:04:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices

[2009.12.03 12:35:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

--- --- ---

[/code]

Hi,

Hmm, meines Wissens sollte das nicht unter 64-Bit laufen (kann daher auch ein "Fehlalarm" sein)...
Rootkit/Wurm->IPINIP.SYS, Prevx
Dort findest Du auch die beiden anderen Filenamen...
Der Fix stoppt die Treiber, deregistriert sie und versucht die Files zu löschen
(wenn er sie findet)...

Fix für OTL:

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

http://oldtimer.geekstogo.com/OTL/OTL_Main_Tutorial.gif

Code:



:OTL

DRV:64bit: - (NwlnkFwd) -- C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found

DRV:64bit: - (NwlnkFlt) -- C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found

DRV:64bit: - (IpInIp) -- C:\Windows\SysNative\DRIVERS\ipinip.sys File not found
 

:Commands

[emptytemp]

[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Windows 7:
1.Die Befehlszeile aufrufen über Start -> Im Suchfeld „cmd“ eingeben
Nun nicht Enter drücken sondern folgende Tastenkombination:
[Strg]+[Umschalten/Shift]+[Return/Eingabe]
Damit wird die Console als Administrator gestartet, was unerlässlich für die Reperatur ist. Alternativ über Rechtsklick auf den Desktop, Neu-Verknüpfung erstellen, Ziel:
C:\Windows\System32\cmd.exe Name eingeben, Fertig.
Dann Rechtsklick auf die neu erstellte Verknüpfung und "Ausführen als
Administrator" auswählen.

chris

Hi,

So habe das Programm drüber laufen lassen hat aber nichts gefunden. Was soll ich mit der Datei in der Quarantäne machen kann die weg oder war das was Wichtiges?

Aber erst mal der OTL Fix

Code:

 

All processes killed

========== OTL ==========

Service NwlnkFwd stopped successfully!

Service NwlnkFwd deleted successfully!

File  C:\Windows\SysNative\DRIVERS\nwlnkfwd.sys File not found not found.

Service NwlnkFlt stopped successfully!

Service NwlnkFlt deleted successfully!

File  C:\Windows\SysNative\DRIVERS\nwlnkflt.sys File not found not found.

Service IpInIp stopped successfully!

Service IpInIp deleted successfully!

File  C:\Windows\SysNative\DRIVERS\ipinip.sys File not found not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: ****

->Temp folder emptied: 14749690 bytes

->Temporary Internet Files folder emptied: 25662637 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 43176749 bytes

->Flash cache emptied: 3980 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1248 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32768 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 80,00 mb

 

 

OTL by OldTimer - Version 3.2.12.1 log created on 09172010_100420
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Hi,

noch mal den Customscan mit OTL um zu prüfen ob die Treiber weg sind, oder sich das Teil neu registriert hat....

Starte bitte die OTL.exe

Vista/Win7-User mit Rechtsklick "als Administrator starten"

Kopiere nun den Inhalt in die Textbox

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%SYSTEMDRIVE%\*.exe

/md5start

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

sceclt.dll

ntelogon.dll

logevent.dll

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

mv61xx.sys

/md5stop

c:\windows\system32\drivers\*.sys /lockedfiles

c:\windows\system32\*.dll /lockedfiles

%systemroot%\*. /mp /s

%PROGRAMFILES%\*.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)

Klicke nun bitte auf den Quick Scan Button

Klick auf OK

Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Danach mach ein Update von Cureit und lasse ihn nochmal laufen und poste das Log (nur die Zeilen die "infiziert" enthalten)...

Wie verhält sich der Rechner?

chris

Hi,

So habe DR.Web nochmals rüber laufen lassen was Infiziertes hat er nicht gefunden allerdings hat er wieder diese hosts Datei in die Quarantäne verschieben wollen weil die irgendwie manipuliert ist.

C:\Windows\system32\drivers\etc\hosts - Verschieben nicht möglich

OTL habe ich auch drüber laufen lassen dazu hier der log.

OTL Logfile:

Code:

OTL logfile created on: 18.09.2010 20:48:08 - Run 3

OTL by OldTimer - Version 3.2.12.1     Folder = C:\Users\****\Downloads

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18943)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free

8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 724,78 Gb Total Space | 437,15 Gb Free Space | 60,31% Space Free | Partition Type: NTFS

Drive D: | 206,73 Gb Total Space | 198,97 Gb Free Space | 96,25% Space Free | Partition Type: NTFS

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: ****

Current User Name: *****

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: All users

Include 64bit Scans

Company Name Whitelist: On

Skip Microsoft Files: On

File Age = 90 Days

Output = Minimal

Quick Scan

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Rene1988\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)

PRC - C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision                                                    )

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

PRC - C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)

PRC - C:\Program Files (x86)\MagicTune Premium\GammaTray.exe ()

PRC - C:\Program Files (x86)\SEC\Natural Color Pro\NCProTray.exe (Samsung)

PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\*****\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (AVKProxy) -- C:\Program Files (x86)\Common Files\G DATA\AVKProxy\AVKProxy.exe (G Data Software AG)

SRV - (GDScan) -- C:\Program Files (x86)\Common Files\G DATA\GDScan\GDScan.exe (G Data Software AG)

SRV - (AVKWCtl) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKWCtlX64.exe (G Data Software AG)

SRV - (GDFwSvc) -- C:\Program Files (x86)\G DATA\InternetSecurity\Firewall\GDFwSvcx64.exe (G Data Software AG)

SRV - (InstallShield Licensing Service) -- C:\Program Files (x86)\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe (Macrovision                                                    )

SRV - (AVKService) -- C:\Program Files (x86)\G DATA\InternetSecurity\AVK\AVKService.exe (G Data Software AG)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (GRD) -- C:\Windows\SysNative\drivers\GRD.sys (G Data Software)

DRV:64bit: - (gdwfpcd) -- C:\Windows\SysNative\DRIVERS\gdwfpcd64.sys (G DATA Software AG)

DRV:64bit: - (GDBehave) -- C:\Windows\SysNative\drivers\GDBehave.sys (G Data Software AG)

DRV:64bit: - (HookCentre) -- C:\Windows\SysNative\drivers\HookCentre.sys (G Data Software AG)

DRV:64bit: - (GDPkIcpt) -- C:\Windows\SysNative\drivers\PktIcpt.sys (G DATA Software AG)

DRV:64bit: - (GDMnIcpt) -- C:\Windows\SysNative\drivers\MiniIcpt.sys (G Data Software AG)

DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (e1express) Intel(R) -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys (Intel Corporation)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()

DRV - (NCPro) -- C:\Windows\system32\drivers\MTictwl.sys ()

DRV - (MagicTune) -- C:\Windows\system32\drivers\MTiCtwl.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B AB 64 58 A7 AA CA 01  [binary data]

IE - HKU\S-1-5-21-3710354763-2675476858-1227895641-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"

FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - prefs.js..browser.startup.homepage: "www.web.de"

FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.04.15 00:47:15 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.17 12:47:03 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.17 00:23:37 | 000,000,000 | ---D | M]

 

[2009.09.11 16:40:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2010.09.18 08:10:14 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions

[2010.04.27 10:35:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.09.12 00:20:56 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\i106x57t.default\extensions\personas@christopher.beard

[2010.09.18 08:10:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions

[2010.06.06 18:27:21 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}

[2010.04.20 01:51:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.08.17 12:32:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2010.03.12 17:54:18 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.02.12 14:45:03 | 000,002,191 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml

[2010.03.12 17:54:18 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2010.03.12 17:54:18 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.03.12 17:54:18 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.03.12 17:54:18 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.09.16 21:26:25 | 000,001,446 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)

O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG)

O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIE.dll (G Data Software AG)

O4:64bit: - HKLM..\Run: [MagicTuneEngine] C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe (Samsung Electronics Co. Ltd.)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)

O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G DATA Software AG)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF\vspdfprsrv.exe ()

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

 

MsConfig:64bit - StartUpFolder: C:^Users^****^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Programme (x86)\Microsoft Office\Office12\ONENOTEM.EXE - File not found

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

MsConfig:64bit - StartUpReg: ISW - hkey= - key= - C:\Program Files\CheckPoint\ZAForceField\ForceField.exe File not found

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Java\jre6\bin\jusched.exe File not found

MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

MsConfig:64bit - StartUpReg: UpdatePDRShortCut - hkey= - key= - C:\Program Files (x86)\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vsmon - Service

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vsmon - Service

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {32782297-F0C6-D5D1-DE7E-77985353E7DD} - Java (Sun)

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 90 Days ==========

 

[2010.09.17 10:06:35 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Temp

[2010.09.16 21:26:24 | 000,000,000 | ---D | C] -- C:\_OTL

[2010.09.16 16:38:33 | 000,000,000 | ---D | C] -- C:\Users\****\DoctorWeb

[2010.09.15 22:31:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010.09.15 22:31:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010.09.15 22:27:54 | 000,000,000 | ---D | C] -- C:\Users\****\Desktop\MFTools

[2010.09.13 22:57:54 | 000,000,000 | ---D | C] -- C:\b0a675dbe8de819280

[2010.09.13 22:57:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\WindowsPowerShell

[2010.09.13 22:57:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\WindowsPowerShell

[2010.08.17 12:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2010.08.01 00:59:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\ArmA 2 OA

[2010.07.31 23:18:39 | 000,000,000 | ---D | C] -- C:\Programme\Bohemia Interactive

[2010.07.18 15:50:49 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\gtk-2.0

[2010.07.18 15:50:48 | 000,000,000 | ---D | C] -- C:\Users\****\.thumbnails

[2010.07.18 15:49:34 | 000,000,000 | ---D | C] -- C:\Users\****\.gimp-2.6

[2010.07.18 15:48:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIMP-2.0

[2010.07.09 18:24:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panasonic

[2010.06.29 12:13:48 | 000,000,000 | ---D | C] -- C:\coolspot AG

[2010.06.26 14:56:25 | 000,000,000 | ---D | C] -- C:\2697e6b62259a8878c2045e8ce808a

[2010.06.24 23:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files - Modified Within 90 Days ==========

 

[2010.09.18 21:03:19 | 003,670,016 | -HS- | M] () -- C:\Users\****\NTUSER.DAT

[2010.09.18 19:17:36 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.09.18 19:17:36 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.09.18 15:22:40 | 001,458,986 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010.09.18 15:22:40 | 000,633,342 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2010.09.18 15:22:40 | 000,599,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010.09.18 15:22:40 | 000,128,784 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2010.09.18 15:22:40 | 000,105,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010.09.18 15:19:46 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2010.09.18 15:19:46 | 000,035,189 | ---- | M] () -- C:\ProgramData\nvModes.001

[2010.09.18 15:17:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2010.09.18 15:17:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.09.18 14:50:12 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TMContainer00000000000000000001.regtrans-ms

[2010.09.18 14:50:12 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{c328fef1-6a85-11db-9fbd-cf3689cba3de}.TM.blf

[2010.09.18 00:10:55 | 003,148,125 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db

[2010.09.17 22:40:56 | 000,106,496 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.09.17 09:50:54 | 000,000,053 | ---- | M] () -- C:\Windows\wininit.ini

[2010.09.16 21:00:56 | 000,001,460 | ---- | M] () -- C:\Users\****\AppData\Local\d3d9caps64.dat

[2010.09.15 22:31:48 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.13 23:03:40 | 001,476,166 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.09.01 12:46:17 | 000,001,917 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010.08.24 23:57:32 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp

[2010.08.12 12:17:32 | 000,282,904 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010.08.04 22:57:45 | 000,106,224 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys

[2010.08.01 00:51:21 | 000,000,995 | ---- | M] () -- C:\Users\***\Desktop\ARMA 2 Combined Operations.lnk

[2010.07.31 23:55:07 | 000,000,961 | ---- | M] () -- C:\Users\***\Desktop\ARMA II starten.lnk

[2010.07.18 19:14:43 | 000,002,126 | ---- | M] () -- C:\Users\**\.recently-used.xbel

[2010.07.18 15:49:18 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2010.07.11 10:53:32 | 000,001,421 | ---- | M] () -- C:\Users\***\Desktop\DivX Movies.lnk

[2010.07.11 10:53:12 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2010.07.09 22:28:06 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010.07.09 18:24:04 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk

[2010.07.06 21:41:53 | 000,001,700 | ---- | M] () -- C:\Users\Public\Desktop\Allods Online.lnk

[2010.06.28 01:49:46 | 000,001,007 | ---- | M] () -- C:\Users\***\Desktop\Content.IE5 - Verknüpfung.lnk

[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.09.17 09:50:46 | 000,000,053 | ---- | C] () -- C:\Windows\wininit.ini

[2010.09.15 22:31:48 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.09.13 23:03:40 | 001,476,166 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs

[2010.09.13 22:55:00 | 000,201,184 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs

[2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml

[2010.09.13 22:55:00 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml

[2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\WsmTxt.xsl

[2010.09.13 22:55:00 | 000,002,426 | ---- | C] () -- C:\Windows\SysNative\WsmTxt.xsl

[2010.08.24 23:57:32 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp

[2010.08.01 00:51:21 | 000,000,995 | ---- | C] () -- C:\Users\***\Desktop\ARMA 2 Combined Operations.lnk

[2010.07.31 23:55:07 | 000,000,961 | ---- | C] () -- C:\Users\**\Desktop\ARMA II starten.lnk

[2010.07.18 19:14:43 | 000,002,126 | ---- | C] () -- C:\Users\**\.recently-used.xbel

[2010.07.18 15:49:18 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk

[2010.07.09 18:24:04 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\SDFormatter V2.0.lnk

[2010.07.06 21:41:53 | 000,001,700 | ---- | C] () -- C:\Users\Public\Desktop\Allods Online.lnk

[2010.06.28 01:49:46 | 000,001,007 | ---- | C] () -- C:\Users\***\Desktop\Content.IE5 - Verknüpfung.lnk

[2010.06.06 18:30:24 | 000,014,336 | ---- | C] () -- C:\Windows\SysWow64\vsmon1.dll

[2010.04.28 22:13:06 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.001

[2010.04.28 22:12:09 | 000,035,189 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2010.04.15 21:32:21 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2010.04.15 01:16:56 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2010.02.27 16:13:06 | 000,437,258 | ---- | C] () -- C:\Users\***\AppData\Local\dd_vcredistMSI059F.txt

[2010.02.27 16:13:06 | 000,011,458 | ---- | C] () -- C:\Users\**\AppData\Local\dd_vcredistUI059F.txt

[2010.01.05 17:49:28 | 000,002,623 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.12.21 01:35:39 | 000,000,680 | ---- | C] () -- C:\Users\**\AppData\Local\d3d9caps.dat

[2009.12.03 12:16:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2009.12.03 12:15:39 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.09.10 15:19:37 | 000,106,496 | ---- | C] () -- C:\Users\**\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.09.10 13:33:15 | 000,521,458 | ---- | C] () -- C:\Users\***\AppData\Local\dd_ATL80SP1_KB973923MSI28A8.txt

[2009.09.10 13:33:14 | 000,012,532 | ---- | C] () -- C:\Users\****\AppData\Local\dd_ATL80SP1_KB973923UI28A8.txt

[2009.09.10 13:18:09 | 000,013,312 | ---- | C] () -- C:\Windows\SysWow64\drivers\MTictwl.sys

[2009.09.10 10:27:27 | 000,001,460 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps64.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

 
 ========== LOP Check ==========

 

[2010.03.03 15:33:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\autobingooo

[2010.05.25 15:14:45 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\CheckPoint

[2010.04.23 11:31:02 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\digital publishing

[2010.06.06 18:34:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\eXPert PDF Editor

[2010.01.31 23:25:54 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\FlightSimTools.com

[2010.07.18 19:14:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0

[2009.11.28 13:36:51 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\JavaEditor

[2010.04.23 11:19:53 | 000,000,000 | ---D | M] -- C:\Users\******\AppData\Roaming\ProtectDisc

[2010.06.06 19:57:25 | 000,000,000 | ---D | M] -- C:\Users\**\AppData\Roaming\TS3Client

[2010.09.18 14:50:08 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*.exe >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008.01.21 04:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 04:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009.04.11 09:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 13:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\HomeCinema\PowerDirector\EventLog.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 04:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009.04.11 09:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008.01.21 04:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2008.01.21 04:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008.01.21 04:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009.04.11 09:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

 
 < c:\windows\system32\drivers\*.sys /lockedfiles >

 
 < c:\windows\system32\*.dll /lockedfiles >

 
 < %systemroot%\*. /mp /s >

 
 < %PROGRAMFILES%\*. >

[2009.10.14 00:37:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\7-Zip

[2010.01.19 13:14:57 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe

[2009.09.10 11:38:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AGEIA Technologies

[2009.09.10 14:37:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Canon

[2009.09.10 14:33:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CD-LabelPrint

[2010.08.17 12:32:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files

[2009.09.10 14:52:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Cyberlink

[2010.07.11 10:53:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX

[2009.09.10 20:12:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FLV Player

[2010.06.06 18:13:09 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\G DATA

[2010.07.18 15:48:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GIMP-2.0

[2010.05.19 21:28:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\GUILD WARS

[2009.09.10 14:49:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\HomeCinema

[2010.07.09 18:24:04 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information

[2009.09.10 11:35:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Intel

[2010.08.12 03:10:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer

[2010.08.17 12:32:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java

[2009.09.10 12:45:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MagicTune Premium

[2010.09.15 22:31:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010.05.27 03:02:58 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft

[2010.08.31 22:56:01 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Games

[2009.09.10 13:25:55 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office

[2010.09.08 14:48:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight

[2009.09.10 14:00:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2009.09.10 14:02:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works

[2010.09.13 23:31:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET

[2010.09.17 00:23:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox

[2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild

[2010.01.06 10:56:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0

[2010.01.05 17:46:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero

[2010.07.09 18:24:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Panasonic

[2009.11.07 13:14:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\PokerStars.NET

[2010.04.15 00:46:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Real

[2009.09.10 11:55:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Realtek

[2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies

[2009.09.10 13:17:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\SEC

[2009.09.10 14:55:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Teamspeak2_RC2

[2009.09.10 12:00:37 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Temp

[2006.11.02 17:36:07 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information

[2009.09.10 20:19:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN

[2010.06.06 18:30:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Visagesoft

[2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Calendar

[2008.01.21 05:09:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Collaboration

[2008.01.21 05:09:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender

[2009.09.10 14:00:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live

[2009.09.10 13:59:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Live SkyDrive

[2010.09.15 22:18:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail

[2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player

[2006.11.02 17:07:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT

[2009.12.03 12:35:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Gallery

[2009.12.04 16:04:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices

[2009.12.03 12:35:48 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

--- --- ---

[/code]

Hi,

sieht eigentlich gut aus, allerdings stimmt mit der hosts-Datei wirklich was nicht...

O1 HOSTS File: ([2010.09.16 21:26:25 | 000,001,446 | RH-- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

Über 1kB und dann nur ein Eintrag (mit ca. 30 Bytes) drin?
O1 - Hosts: 127.0.0.1 localhost

Poste die Datei hier mal hoch:
Fileuplod:
File-Upload.net - Ihr kostenloser File Hoster!, hochladen und den Link (mit Löschlink) als "PrivateMail" an mich...

Ggf. lasse wir sie von OTL zurücksetzen...

chris

Hi,

habe sie dir geschickt

Hi,

hosts-file ist ok, damit wären wir erstmal durch, wenn der Rechner keine Mucken mehr macht...

chris

Hi,

ob der Rechner läuft werde ich erst nächste Woche rausfinden dar ich so lange nicht an den Rechner rankomme^^. aber wenn noch was ist kann man aber glaub ich einen Virus ausschließen und eher an die 64bit Tücken denken.

Aber auf jeden Fall vielen Dank für deine Hilfe.