Windows blockiert (Bundestrojaner) - Wie soll ich OTL installieren, da kein Zugriff!

bonerin · 16.12.2011, 20:51

Hallo, ich hab das grad umgehende Problem,
der Bildschirm wurde schwarz und angezeigt bekam ich die Meldung mein Rechner sei blockiert, bis ich 50€ zahle.

Jetzt würde ich gerne logfiles etc. präsentieren, ich kann jedoch nichts runterladen, da sofort nach einem Start der Bildschirm schwarz wird (und o.g. Anzeige blinkt).

Ich habe eine 32 Bit System und Windows Vista.

Im Abgesicherten Modus lässt es sich starten,
ich würde auch den Rechner neu aufsetzen so lange ich noch ein paar dateien retten kann. Bzw ich habe das eh vor, nachdem ich den Trojaner oberflächlich entfernt habe.

Ich nutze einen Zweitrechner für diesen Post, dies ist ein Mac.

Es wäre toll, wenn ich hier Hilfe bekommen könnte, ich bin grad recht verzweifelt (versuche aber Ruhe zu bewahren)

m

markusg · 17.12.2011, 14:28

hi
starte mal in den abgeesicherten modus mit netzwerk, falls der läuft:
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die
OTL.exe
.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die
Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere
nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

bonerin · 18.12.2011, 19:16

Hallo,
ich bin langsam doch mehr am verzweifeln.

hier der text.

OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.12.2011 18:58:09 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Max\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,74% Memory free
6,19 Gb Paging File | 5,82 Gb Available in Paging File | 94,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,00 Gb Total Space | 8,98 Gb Free Space | 15,22% Space Free | Partition Type: NTFS
Drive E: | 230,59 Gb Total Space | 34,19 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
 
Computer Name: WORKSTATION | User Name: Max | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.18 18:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL(2).exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.05 20:48:17 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.09 22:14:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.04.21 03:30:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.03.18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.12.08 00:25:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.09 22:14:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.27 22:42:40 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.06.10 06:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.10 06:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.02 21:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.26 19:32:04 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2008.03.21 20:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.05.24 01:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = CINEMA 3D - 3D TV der nächsten Generation - Pentouch TV - PZ850 Plasma TV - LG Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = CINEMA 3D - 3D TV der nächsten Generation - Pentouch TV - PZ850 Plasma TV - LG Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = CINEMA 3D - 3D TV der nächsten Generation - Pentouch TV - PZ850 Plasma TV - LG Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Max\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.02 01:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.16 01:38:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.17 22:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.12.16 01:38:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Max\Program Files\DNA [2011.03.03 12:56:09 | 000,000,000 | ---D | M]
 
[2009.04.05 19:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.12.11 00:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions
[2010.06.07 20:14:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.03 11:17:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.12.10 00:49:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.06.05 11:42:12 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010.10.09 14:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.09 14:33:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.03 12:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\MAX\PROGRAM FILES\DNA
[2011.12.02 01:18:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.02 01:18:36 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.02 01:18:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.02 01:18:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.02 01:18:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.27 15:00:57 | 000,001,211 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 Registration wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com Adobe wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [firefox.exe] C:\Users\Max\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [Windows Update] C:\Windows\system32\Updater.exe File not found
O4 - Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3960A564-9B05-4F4B-BCCE-E563DE3B891F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2593e44b-2297-11de-b0b0-00238b2f8477}\Shell - "" = AutoRun
O33 - MountPoints2\{2593e44b-2297-11de-b0b0-00238b2f8477}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c7de5027-e042-11de-9cb4-00238b2f8477}\Shell\AutoRun\command - "" = F:\pbudsara.exe
O33 - MountPoints2\{c7de5027-e042-11de-9cb4-00238b2f8477}\Shell\open\Command - "" = F:\pbudsara.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {31A2711E-2325-FD01-999B-4F22E46E92C0} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9383C1A5-09C1-F801-CDF7-128C2378B1FA} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6B6BEAC-D0C5-8850-0404-B609225ED60E} - 
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= -  File not found
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\Max\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: LG Magnifier - hkey= - key= -  File not found
MsConfig - StartUpReg: MsUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.18 18:57:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL(2).exe
[2011.12.18 18:50:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2011.12.16 02:00:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe Premiere Pro CS4
[2011.12.16 01:37:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2011.12.14 00:45:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe Premiere Pro CS5.5
[2011.12.11 13:47:42 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Echo & The Bunnymen-evergreen
[2011.12.10 15:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.12.10 12:31:57 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Hotel
[2011.12.10 12:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011.12.10 12:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
[2011.12.10 12:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.12.10 01:08:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.10 01:07:27 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Dropbox
[2011.12.10 01:07:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Nadja
[2011.12.05 08:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2011.12.05 08:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2011.11.28 08:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinpkFilter
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.18 18:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL(2).exe
[2011.12.18 18:55:05 | 006,426,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.18 18:55:05 | 002,391,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.18 18:55:05 | 002,030,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.18 18:55:05 | 001,834,204 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.18 18:50:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2011.12.18 18:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.16 19:39:34 | 000,117,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.16 19:39:22 | 000,117,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.16 19:39:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 19:39:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 18:01:11 | 006,340,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.16 01:38:16 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2011.12.16 01:38:16 | 000,001,806 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011.12.16 01:24:36 | 000,107,008 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.16 01:19:34 | 000,032,183 | ---- | M] () -- C:\Users\Max\Desktop\berger 4.jpg
[2011.12.16 01:19:30 | 000,022,888 | ---- | M] () -- C:\Users\Max\Desktop\berger 3.jpg
[2011.12.16 01:19:22 | 000,029,971 | ---- | M] () -- C:\Users\Max\Desktop\berger 2.jpg
[2011.12.16 01:19:16 | 000,041,379 | ---- | M] () -- C:\Users\Max\Desktop\berger 1.jpg
[2011.12.16 01:19:01 | 000,037,086 | ---- | M] () -- C:\Users\Max\Desktop\167438_125415930858108_100001691055508_152813_710911_n.jpg
[2011.12.16 00:47:23 | 062,272,700 | ---- | M] () -- C:\Users\Max\Desktop\Be A Manwolf Today.mp4
[2011.12.16 00:45:38 | 000,070,399 | ---- | M] () -- C:\Users\Max\Desktop\mode portrait.jpg
[2011.12.13 22:28:05 | 000,382,840 | ---- | M] () -- C:\Users\Max\Desktop\johnwesley_music4books2.png
[2011.12.13 21:18:04 | 000,030,664 | ---- | M] () -- C:\Users\Max\Desktop\Kontoumsaetze_700_529812000_20111213_211803.pdf
[2011.12.13 21:17:43 | 000,015,720 | ---- | M] () -- C:\Users\Max\Desktop\Kontoumsaetze_700_529812000_20111213_211742.pdf
[2011.12.13 21:04:38 | 000,475,252 | ---- | M] () -- C:\Users\Max\Desktop\Müller+Milch_1.pdf
[2011.12.13 00:51:34 | 000,022,112 | ---- | M] () -- C:\Users\Max\Desktop\likebutton3.jpg
[2011.12.12 22:18:31 | 012,035,770 | ---- | M] () -- C:\Users\Max\Desktop\El Guincho - Bombay.flv
[2011.12.11 00:12:20 | 000,045,903 | ---- | M] () -- C:\Users\Max\Desktop\krissey.jpg
[2011.12.11 00:11:37 | 000,052,660 | ---- | M] () -- C:\Users\Max\Desktop\elvis gisi.jpg
[2011.12.10 12:55:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.10 11:56:20 | 000,000,928 | ---- | M] () -- C:\Users\Max\Desktop\CyberLink YouCam.lnk
[2011.12.10 01:08:28 | 000,000,919 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.09 21:32:41 | 002,977,896 | ---- | M] () -- C:\Users\Max\Desktop\Swing Kids - Intro To Photography.mp3
 
========== Files Created - No Company Name ==========
 
[2011.12.16 01:38:16 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2011.12.16 01:38:16 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2011.12.16 01:38:16 | 000,001,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011.12.16 01:38:16 | 000,001,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2011.12.16 01:19:34 | 000,032,183 | ---- | C] () -- C:\Users\Max\Desktop\berger 4.jpg
[2011.12.16 01:19:29 | 000,022,888 | ---- | C] () -- C:\Users\Max\Desktop\berger 3.jpg
[2011.12.16 01:19:22 | 000,029,971 | ---- | C] () -- C:\Users\Max\Desktop\berger 2.jpg
[2011.12.16 01:19:16 | 000,041,379 | ---- | C] () -- C:\Users\Max\Desktop\berger 1.jpg
[2011.12.16 01:19:01 | 000,037,086 | ---- | C] () -- C:\Users\Max\Desktop\167438_125415930858108_100001691055508_152813_710911_n.jpg
[2011.12.16 00:46:29 | 062,272,700 | ---- | C] () -- C:\Users\Max\Desktop\Be A Manwolf Today.mp4
[2011.12.16 00:45:37 | 000,070,399 | ---- | C] () -- C:\Users\Max\Desktop\mode portrait.jpg
[2011.12.13 22:27:58 | 000,382,840 | ---- | C] () -- C:\Users\Max\Desktop\johnwesley_music4books2.png
[2011.12.13 21:18:04 | 000,030,664 | ---- | C] () -- C:\Users\Max\Desktop\Kontoumsaetze_700_529812000_20111213_211803.pdf
[2011.12.13 21:17:43 | 000,015,720 | ---- | C] () -- C:\Users\Max\Desktop\Kontoumsaetze_700_529812000_20111213_211742.pdf
[2011.12.13 21:04:10 | 000,475,252 | ---- | C] () -- C:\Users\Max\Desktop\Müller+Milch_1.pdf
[2011.12.13 00:51:28 | 000,022,112 | ---- | C] () -- C:\Users\Max\Desktop\likebutton3.jpg
[2011.12.12 22:15:59 | 012,035,770 | ---- | C] () -- C:\Users\Max\Desktop\El Guincho - Bombay.flv
[2011.12.11 00:12:20 | 000,045,903 | ---- | C] () -- C:\Users\Max\Desktop\krissey.jpg
[2011.12.11 00:11:36 | 000,052,660 | ---- | C] () -- C:\Users\Max\Desktop\elvis gisi.jpg
[2011.12.10 12:15:29 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2011.12.10 12:09:51 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.12.10 11:56:20 | 000,000,928 | ---- | C] () -- C:\Users\Max\Desktop\CyberLink YouCam.lnk
[2011.12.10 01:11:46 | 002,977,896 | ---- | C] () -- C:\Users\Max\Desktop\Swing Kids - Intro To Photography.mp3
[2011.12.10 01:08:28 | 000,000,919 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.28 08:24:24 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinpkFilter API Reference.lnk
[2011.11.28 08:24:24 | 000,000,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall WinpkFilter Runtime Libraries.lnk
[2011.08.22 00:29:15 | 000,000,680 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.10.09 14:34:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.20 17:36:41 | 000,001,099 | ---- | C] () -- C:\Users\Max\AppData\Roaming\ShiftN.ini
[2009.11.06 10:03:57 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.09.24 13:00:53 | 000,000,571 | ---- | C] () -- C:\Windows\eReg.dat
[2009.04.07 21:23:46 | 000,107,008 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.06 14:13:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.06 11:49:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.11.20 20:06:45 | 000,117,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.20 20:06:45 | 000,117,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.24 01:04:30 | 000,000,000 | ---- | C] () -- C:\Windows\lgcenter.ini
[2008.06.24 00:33:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.24 00:23:59 | 000,000,212 | ---- | C] () -- C:\Windows\lgps.ini
[2008.06.24 00:07:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.23 07:54:15 | 006,426,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.06.23 07:54:15 | 002,030,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.06.23 07:54:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.06.23 07:54:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 006,340,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 002,391,748 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,834,204 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
========== LOP Check ==========
 
[2009.08.11 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ableton
[2011.10.05 21:32:47 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity
[2011.12.16 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\BitTorrent
[2011.05.08 12:06:47 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Canon
[2009.12.22 22:21:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Cycling '74
[2011.03.12 01:45:40 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DNA
[2011.12.16 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Dropbox
[2011.10.16 00:38:42 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\FileZilla
[2010.03.30 12:43:13 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Imagenomic
[2010.02.08 12:42:52 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\inkscape
[2011.06.20 18:56:02 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\LolClient
[2009.04.05 22:41:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Mp3tag
[2009.05.18 20:48:05 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TheLastRipper
[2011.10.17 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Thunderbird
[2011.12.10 12:55:25 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.04.05 18:39:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.06.23 07:55:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.05.08 11:20:37 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.06.24 00:47:35 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.10 11:54:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2010.07.05 19:09:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.12.10 15:26:03 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.16 16:32:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.04.05 22:23:47 | 000,000,000 | ---D | M] -- C:\Temp
[2009.04.05 18:33:51 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.16 20:03:44 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.21 03:29:56 | 000,394,776 | ---- | M] (Intel Corporation) MD5=8BD53925C5675BC9A5EFE12E2A42BE31 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.21 03:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.21 03:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.21 03:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_18bd4575\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010.02.08 12:49:51 | 000,000,734 | ---- | M] () -- C:\Users\Max\.recently-used.xbel
[2011.12.18 18:59:04 | 002,883,584 | -HS- | M] () -- C:\Users\Max\NTUSER.DAT
[2011.12.18 18:59:03 | 000,262,144 | -H-- | M] () -- C:\Users\Max\ntuser.dat.LOG1
[2009.04.05 18:33:52 | 000,000,000 | -H-- | M] () -- C:\Users\Max\ntuser.dat.LOG2
[2011.12.16 21:31:22 | 000,065,536 | -HS- | M] () -- C:\Users\Max\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.12.16 21:31:22 | 000,524,288 | -HS- | M] () -- C:\Users\Max\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.04.05 18:40:08 | 000,524,288 | -HS- | M] () -- C:\Users\Max\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.04.05 18:33:52 | 000,000,020 | -HS- | M] () -- C:\Users\Max\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

EXTRASOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.12.2011 18:58:09 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Max\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,74% Memory free
6,19 Gb Paging File | 5,82 Gb Available in Paging File | 94,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,00 Gb Total Space | 8,98 Gb Free Space | 15,22% Space Free | Partition Type: NTFS
Drive E: | 230,59 Gb Total Space | 34,19 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
 
Computer Name: WORKSTATION | User Name: Max | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BB415A-17C3-4932-B556-A114CAC2861B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12FD588C-C02B-4437-BA60-507EC22AE273}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{1E120A34-F981-4D06-AB17-72BFBCBFDE00}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2221B248-B040-4A16-B452-33460977825E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{23A4EA30-1F11-4EE6-BC71-2D77BE27EFEB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{26EC19D7-D016-4252-AD13-994DC842950A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{413B4FD7-B7D9-4F4C-AAF2-63AB1498EF2D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{6C7EFEF3-5ED4-43F7-9523-7C7EA9846F2D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F707F2F-76CD-467A-ACC3-753F5A7D8FA9}" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"{84CD7AD9-9E60-4688-B6BD-BEDC784F64A8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8539C574-46EC-456F-BA2D-2B95C5EC9935}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AE91F43E-E809-425F-BD40-156F45D3EAA1}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{AEBE41E0-4D80-459D-8F1C-7BAB799A982A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0BD9342-31E9-452E-9EE5-635E24C4A611}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B8E10016-82BE-4A78-885A-1F1ECBC2CBA3}" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CB97BF84-9CB5-40A1-95ED-FC9F7ED08800}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{E13D926F-B6F1-4299-8B10-DBB484FB6C52}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E51F8028-0058-4F68-A2EE-C49E63FCDC1A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{0FC4CC35-B08F-42AC-8D66-F3152232D757}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{4668EF57-FBB5-4EAE-8315-F941091CF097}C:\users\max\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\max\program files\dna\btdna.exe | 
"TCP Query User{46E24645-7998-412E-99E2-38590E4F839E}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{69A9A7D5-0022-4B35-A706-BDE542A2E217}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{96873F44-7322-474F-A73B-02E3500B4D12}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9E2CFE79-EB8D-4E1D-A812-44FCBE5E2804}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"TCP Query User{BF36DF19-94D2-4DEA-8F97-FF115809AF8C}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"TCP Query User{EEB4355B-8E4B-4EF4-B42D-37525F0570DD}C:\users\max\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\max\program files\dna\btdna.exe | 
"UDP Query User{04A78CEF-84B6-4FA9-BE28-DB09A88ACD73}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{123A65FB-0C39-448A-B7B0-8E09F2511EB6}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"UDP Query User{3C40D761-F27E-4DF1-8EB4-89407B508E18}C:\users\max\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\max\program files\dna\btdna.exe | 
"UDP Query User{5D4F0244-BFF9-4052-87CC-F17FADF6FB83}C:\users\max\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\max\program files\dna\btdna.exe | 
"UDP Query User{A0EE4047-00DA-4EA3-A009-1C781B963F35}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A6B2AAF8-2209-434D-8A23-2D8A7DB3D8B6}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{C83EBAC3-98E7-462B-9E4A-659C6B80F30C}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{E3100F71-2E20-4930-B3F1-52A2B8573C59}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12001D97-ED15-4D04-B4A6-32D16A71844C}" = Adobe Photoshop Lightroom 2.6.1
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"FileZilla Client" = FileZilla Client 3.5.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"ImagenomicNoisewareProPlugin" = Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.1 Plug-in (build 2105)
"ImagenomicRealGrainPlugin" = Imagenomic RealGrain 1.1 Plug-in (build 1103)
"Inkscape" = Inkscape 0.47
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LGFanModeTile" = LG Fan Mode Tile for Windows Mobility Center
"LGTouchPadTile" = LG TouchPad Tile for Windows Mobility Center
"Live 8.0.4" = Live 8.0.4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Mp3tag" = Mp3tag v2.43
"NVIDIA Drivers" = NVIDIA Drivers
"ShiftN_is1" = ShiftN 3.5
"Soulseek2" = SoulSeek 157 NS 13e
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.9
"WinpkFilter Runtime Libraries" = WinpkFilter Runtime Libraries
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.12.2011 03:12:30 | Computer Name = Workstation | Source = LoadPerf | ID = 3011
Description = 
 
Error - 01.12.2011 20:17:36 | Computer Name = Workstation | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3888 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: ba0  Anfangszeit: 01ccad9dae8b8680  Zeitpunkt der Beendigung:
 477
 
Error - 01.12.2011 20:17:37 | Computer Name = Workstation | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3888, Zeitstempel
 0x4c7451ef, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047ae2,  Prozess-ID 0x69c, Anwendungsstartzeit
 01ccad9ddef3e3d0.
 
Error - 03.12.2011 17:48:44 | Computer Name = Workstation | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4324, Zeitstempel
 0x4eb2a578, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047ae2,  Prozess-ID 0xac4, Anwendungsstartzeit
 01ccb088e127bb20.
 
Error - 04.12.2011 19:25:23 | Computer Name = Workstation | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.12.2011 19:25:23 | Computer Name = Workstation | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.12.2011 19:25:23 | Computer Name = Workstation | Source = LoadPerf | ID = 3011
Description = 
 
Error - 04.12.2011 20:31:00 | Computer Name = Workstation | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.12.2011 20:31:00 | Computer Name = Workstation | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.12.2011 20:31:00 | Computer Name = Workstation | Source = LoadPerf | ID = 3011
Description = 
 
[ System Events ]
Error - 16.12.2011 15:05:34 | Computer Name = Workstation | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.12.2011 15:05:34 | Computer Name = Workstation | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.12.2011 13:48:37 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:48:39 | Computer Name = Workstation | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.7 für die Netzwerkkarte mit der Netzwerkadresse
 00216B03A51E wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 18.12.2011 13:48:44 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:48:48 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:48:55 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:49:03 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:50:02 | Computer Name = Workstation | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 18.12.2011 13:50:02 | Computer Name = Workstation | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

DANKE DANKE DANKE!

bonerin · 18.12.2011, 19:18

Hallo,
ich bin langsam doch mehr am verzweifeln.

hier der text.

OTLOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.12.2011 18:58:09 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Max\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,74% Memory free
6,19 Gb Paging File | 5,82 Gb Available in Paging File | 94,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,00 Gb Total Space | 8,98 Gb Free Space | 15,22% Space Free | Partition Type: NTFS
Drive E: | 230,59 Gb Total Space | 34,19 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
 
Computer Name: WORKSTATION | User Name: Max | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.18 18:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL(2).exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.05 20:48:17 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.06.09 22:14:40 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.04.21 03:30:20 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2008.03.18 20:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2009.12.08 00:25:26 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.09 22:14:40 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.27 22:42:40 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 10:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.17 06:40:22 | 003,668,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)
DRV - [2008.06.10 06:23:00 | 007,522,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.06.10 06:23:00 | 000,043,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008.05.02 21:59:40 | 000,122,368 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008.03.26 19:32:04 | 000,081,192 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSVD.sys -- (WSVD)
DRV - [2008.03.21 20:13:00 | 001,203,776 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2007.05.24 01:33:58 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2005.02.11 11:19:20 | 000,055,216 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\k750bus.sys -- (k750bus) Sony Ericsson 750 driver (WDM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = CINEMA 3D - 3D TV der nächsten Generation - Pentouch TV - PZ850 Plasma TV - LG Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = CINEMA 3D - 3D TV der nächsten Generation - Pentouch TV - PZ850 Plasma TV - LG Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = CINEMA 3D - 3D TV der nächsten Generation - Pentouch TV - PZ850 Plasma TV - LG Deutschland
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}:1.0.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.10
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.8
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Users\Max\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.02 01:18:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.24\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.16 01:38:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.10.17 22:58:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011.12.16 01:38:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{d5bc46d8-67c7-11dc-8c1d-0097498c2b7a}: C:\Users\Max\Program Files\DNA [2011.03.03 12:56:09 | 000,000,000 | ---D | M]
 
[2009.04.05 19:17:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.12.11 00:13:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions
[2010.06.07 20:14:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.10.03 11:17:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2011.12.10 00:49:44 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2011.06.05 11:42:12 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\01legc20.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2010.10.09 14:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.10.09 14:33:54 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.03.03 12:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\USERS\MAX\PROGRAM FILES\DNA
[2011.12.02 01:18:36 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.02 01:18:36 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.02 01:18:36 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.02 01:18:36 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.02 01:18:36 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.01.27 15:00:57 | 000,001,211 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
O1 - Hosts: 127.0.0.1 Registration wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
O1 - Hosts: 127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com Adobe wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [firefox.exe] C:\Users\Max\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
O4 - HKCU..\Run: [Windows Update] C:\Windows\system32\Updater.exe File not found
O4 - Startup: C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html File not found
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3960A564-9B05-4F4B-BCCE-E563DE3B891F}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2593e44b-2297-11de-b0b0-00238b2f8477}\Shell - "" = AutoRun
O33 - MountPoints2\{2593e44b-2297-11de-b0b0-00238b2f8477}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{c7de5027-e042-11de-9cb4-00238b2f8477}\Shell\AutoRun\command - "" = F:\pbudsara.exe
O33 - MountPoints2\{c7de5027-e042-11de-9cb4-00238b2f8477}\Shell\open\Command - "" = F:\pbudsara.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {31A2711E-2325-FD01-999B-4F22E46E92C0} - Internet Explorer
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9383C1A5-09C1-F801-CDF7-128C2378B1FA} - 
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E6B6BEAC-D0C5-8850-0404-B609225ED60E} - 
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Adobe Acrobat Speed Launcher - hkey= - key= -  File not found
MsConfig - StartUpReg: AdobeCS4ServiceManager - hkey= - key= -  File not found
MsConfig - StartUpReg: BitTorrent DNA - hkey= - key= - C:\Users\Max\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
MsConfig - StartUpReg: LG Magnifier - hkey= - key= -  File not found
MsConfig - StartUpReg: MsUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.18 18:57:07 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL(2).exe
[2011.12.18 18:50:50 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2011.12.16 02:00:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe Premiere Pro CS4
[2011.12.16 01:37:01 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2011.12.14 00:45:37 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe Premiere Pro CS5.5
[2011.12.11 13:47:42 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Echo & The Bunnymen-evergreen
[2011.12.10 15:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2011.12.10 12:31:57 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Hotel
[2011.12.10 12:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2011.12.10 12:10:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS5.5
[2011.12.10 12:09:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2011.12.10 01:08:10 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2011.12.10 01:07:27 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Dropbox
[2011.12.10 01:07:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Nadja
[2011.12.05 08:04:00 | 000,000,000 | ---D | C] -- C:\ProgramData\YouTube Downloader
[2011.12.05 08:03:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YouTube Downloader
[2011.11.28 08:24:07 | 000,000,000 | ---D | C] -- C:\Program Files\WinpkFilter
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.18 18:57:07 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL(2).exe
[2011.12.18 18:55:05 | 006,426,582 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.18 18:55:05 | 002,391,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.18 18:55:05 | 002,030,218 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.18 18:55:05 | 001,834,204 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.18 18:50:51 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2011.12.18 18:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.16 19:39:34 | 000,117,821 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.12.16 19:39:22 | 000,117,821 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.12.16 19:39:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 19:39:22 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.16 18:01:11 | 006,340,288 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.16 01:38:16 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2011.12.16 01:38:16 | 000,001,806 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011.12.16 01:24:36 | 000,107,008 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.16 01:19:34 | 000,032,183 | ---- | M] () -- C:\Users\Max\Desktop\berger 4.jpg
[2011.12.16 01:19:30 | 000,022,888 | ---- | M] () -- C:\Users\Max\Desktop\berger 3.jpg
[2011.12.16 01:19:22 | 000,029,971 | ---- | M] () -- C:\Users\Max\Desktop\berger 2.jpg
[2011.12.16 01:19:16 | 000,041,379 | ---- | M] () -- C:\Users\Max\Desktop\berger 1.jpg
[2011.12.16 01:19:01 | 000,037,086 | ---- | M] () -- C:\Users\Max\Desktop\167438_125415930858108_100001691055508_152813_710911_n.jpg
[2011.12.16 00:47:23 | 062,272,700 | ---- | M] () -- C:\Users\Max\Desktop\Be A Manwolf Today.mp4
[2011.12.16 00:45:38 | 000,070,399 | ---- | M] () -- C:\Users\Max\Desktop\mode portrait.jpg
[2011.12.13 22:28:05 | 000,382,840 | ---- | M] () -- C:\Users\Max\Desktop\johnwesley_music4books2.png
[2011.12.13 21:18:04 | 000,030,664 | ---- | M] () -- C:\Users\Max\Desktop\Kontoumsaetze_700_529812000_20111213_211803.pdf
[2011.12.13 21:17:43 | 000,015,720 | ---- | M] () -- C:\Users\Max\Desktop\Kontoumsaetze_700_529812000_20111213_211742.pdf
[2011.12.13 21:04:38 | 000,475,252 | ---- | M] () -- C:\Users\Max\Desktop\Müller+Milch_1.pdf
[2011.12.13 00:51:34 | 000,022,112 | ---- | M] () -- C:\Users\Max\Desktop\likebutton3.jpg
[2011.12.12 22:18:31 | 012,035,770 | ---- | M] () -- C:\Users\Max\Desktop\El Guincho - Bombay.flv
[2011.12.11 00:12:20 | 000,045,903 | ---- | M] () -- C:\Users\Max\Desktop\krissey.jpg
[2011.12.11 00:11:37 | 000,052,660 | ---- | M] () -- C:\Users\Max\Desktop\elvis gisi.jpg
[2011.12.10 12:55:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.12.10 11:56:20 | 000,000,928 | ---- | M] () -- C:\Users\Max\Desktop\CyberLink YouCam.lnk
[2011.12.10 01:08:28 | 000,000,919 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.12.09 21:32:41 | 002,977,896 | ---- | M] () -- C:\Users\Max\Desktop\Swing Kids - Intro To Photography.mp3
 
========== Files Created - No Company Name ==========
 
[2011.12.16 01:38:16 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 7.0 Professional.lnk
[2011.12.16 01:38:16 | 000,001,810 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk
[2011.12.16 01:38:16 | 000,001,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
[2011.12.16 01:38:16 | 000,001,806 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk
[2011.12.16 01:19:34 | 000,032,183 | ---- | C] () -- C:\Users\Max\Desktop\berger 4.jpg
[2011.12.16 01:19:29 | 000,022,888 | ---- | C] () -- C:\Users\Max\Desktop\berger 3.jpg
[2011.12.16 01:19:22 | 000,029,971 | ---- | C] () -- C:\Users\Max\Desktop\berger 2.jpg
[2011.12.16 01:19:16 | 000,041,379 | ---- | C] () -- C:\Users\Max\Desktop\berger 1.jpg
[2011.12.16 01:19:01 | 000,037,086 | ---- | C] () -- C:\Users\Max\Desktop\167438_125415930858108_100001691055508_152813_710911_n.jpg
[2011.12.16 00:46:29 | 062,272,700 | ---- | C] () -- C:\Users\Max\Desktop\Be A Manwolf Today.mp4
[2011.12.16 00:45:37 | 000,070,399 | ---- | C] () -- C:\Users\Max\Desktop\mode portrait.jpg
[2011.12.13 22:27:58 | 000,382,840 | ---- | C] () -- C:\Users\Max\Desktop\johnwesley_music4books2.png
[2011.12.13 21:18:04 | 000,030,664 | ---- | C] () -- C:\Users\Max\Desktop\Kontoumsaetze_700_529812000_20111213_211803.pdf
[2011.12.13 21:17:43 | 000,015,720 | ---- | C] () -- C:\Users\Max\Desktop\Kontoumsaetze_700_529812000_20111213_211742.pdf
[2011.12.13 21:04:10 | 000,475,252 | ---- | C] () -- C:\Users\Max\Desktop\Müller+Milch_1.pdf
[2011.12.13 00:51:28 | 000,022,112 | ---- | C] () -- C:\Users\Max\Desktop\likebutton3.jpg
[2011.12.12 22:15:59 | 012,035,770 | ---- | C] () -- C:\Users\Max\Desktop\El Guincho - Bombay.flv
[2011.12.11 00:12:20 | 000,045,903 | ---- | C] () -- C:\Users\Max\Desktop\krissey.jpg
[2011.12.11 00:11:36 | 000,052,660 | ---- | C] () -- C:\Users\Max\Desktop\elvis gisi.jpg
[2011.12.10 12:15:29 | 000,000,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Content Viewer.lnk
[2011.12.10 12:09:51 | 000,000,874 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2011.12.10 11:56:20 | 000,000,928 | ---- | C] () -- C:\Users\Max\Desktop\CyberLink YouCam.lnk
[2011.12.10 01:11:46 | 002,977,896 | ---- | C] () -- C:\Users\Max\Desktop\Swing Kids - Intro To Photography.mp3
[2011.12.10 01:08:28 | 000,000,919 | ---- | C] () -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2011.11.28 08:24:24 | 000,001,013 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinpkFilter API Reference.lnk
[2011.11.28 08:24:24 | 000,000,918 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall WinpkFilter Runtime Libraries.lnk
[2011.08.22 00:29:15 | 000,000,680 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.10.09 14:34:48 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.20 17:36:41 | 000,001,099 | ---- | C] () -- C:\Users\Max\AppData\Roaming\ShiftN.ini
[2009.11.06 10:03:57 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2009.09.24 13:00:53 | 000,000,571 | ---- | C] () -- C:\Windows\eReg.dat
[2009.04.07 21:23:46 | 000,107,008 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.06 14:13:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.06 11:49:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.11.20 20:06:45 | 000,117,821 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.11.20 20:06:45 | 000,117,821 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.24 01:04:30 | 000,000,000 | ---- | C] () -- C:\Windows\lgcenter.ini
[2008.06.24 00:33:11 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.06.24 00:23:59 | 000,000,212 | ---- | C] () -- C:\Windows\lgps.ini
[2008.06.24 00:07:24 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.06.23 07:54:15 | 006,426,582 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.06.23 07:54:15 | 002,030,218 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.06.23 07:54:15 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.06.23 07:54:15 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.01.21 03:24:14 | 000,100,043 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 006,340,288 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 002,391,748 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,834,204 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.11.02 08:22:43 | 000,018,271 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
 
========== LOP Check ==========
 
[2009.08.11 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ableton
[2011.10.05 21:32:47 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Audacity
[2011.12.16 17:55:45 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\BitTorrent
[2011.05.08 12:06:47 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Canon
[2009.12.22 22:21:43 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Cycling '74
[2011.03.12 01:45:40 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DNA
[2011.12.16 19:40:36 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Dropbox
[2011.10.16 00:38:42 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\FileZilla
[2010.03.30 12:43:13 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Imagenomic
[2010.02.08 12:42:52 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\inkscape
[2011.06.20 18:56:02 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\LolClient
[2009.04.05 22:41:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Mp3tag
[2009.05.18 20:48:05 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TheLastRipper
[2011.10.17 22:58:53 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Thunderbird
[2011.12.10 12:55:25 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2009.04.05 18:39:21 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008.06.23 07:55:58 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.05.08 11:20:37 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2008.06.24 00:47:35 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 03:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.10 11:54:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2010.07.05 19:09:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.12.10 15:26:03 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.16 16:32:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2009.04.05 22:23:47 | 000,000,000 | ---D | M] -- C:\Temp
[2009.04.05 18:33:51 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.16 20:03:44 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.04.21 03:29:56 | 000,394,776 | ---- | M] (Intel Corporation) MD5=8BD53925C5675BC9A5EFE12E2A42BE31 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2008.04.21 03:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.04.21 03:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\drivers\iaStor.sys
[2008.04.21 03:29:38 | 000,317,464 | ---- | M] (Intel Corporation) MD5=9F1220113A3A7F4F08042C699324D073 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_18bd4575\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\System32\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2010.02.08 12:49:51 | 000,000,734 | ---- | M] () -- C:\Users\Max\.recently-used.xbel
[2011.12.18 18:59:04 | 002,883,584 | -HS- | M] () -- C:\Users\Max\NTUSER.DAT
[2011.12.18 18:59:03 | 000,262,144 | -H-- | M] () -- C:\Users\Max\ntuser.dat.LOG1
[2009.04.05 18:33:52 | 000,000,000 | -H-- | M] () -- C:\Users\Max\ntuser.dat.LOG2
[2011.12.16 21:31:22 | 000,065,536 | -HS- | M] () -- C:\Users\Max\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2011.12.16 21:31:22 | 000,524,288 | -HS- | M] () -- C:\Users\Max\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.04.05 18:40:08 | 000,524,288 | -HS- | M] () -- C:\Users\Max\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.04.05 18:33:52 | 000,000,020 | -HS- | M] () -- C:\Users\Max\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

< End of report >

--- --- ---

EXTRASOTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.12.2011 18:58:09 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Max\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,45 Gb Available Physical Memory | 81,74% Memory free
6,19 Gb Paging File | 5,82 Gb Available in Paging File | 94,09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 59,00 Gb Total Space | 8,98 Gb Free Space | 15,22% Space Free | Partition Type: NTFS
Drive E: | 230,59 Gb Total Space | 34,19 Gb Free Space | 14,83% Space Free | Partition Type: NTFS
 
Computer Name: WORKSTATION | User Name: Max | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08BB415A-17C3-4932-B556-A114CAC2861B}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12FD588C-C02B-4437-BA60-507EC22AE273}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{1E120A34-F981-4D06-AB17-72BFBCBFDE00}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{2221B248-B040-4A16-B452-33460977825E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{23A4EA30-1F11-4EE6-BC71-2D77BE27EFEB}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{26EC19D7-D016-4252-AD13-994DC842950A}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{413B4FD7-B7D9-4F4C-AAF2-63AB1498EF2D}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 
"{6C7EFEF3-5ED4-43F7-9523-7C7EA9846F2D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{7F707F2F-76CD-467A-ACC3-753F5A7D8FA9}" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"{84CD7AD9-9E60-4688-B6BD-BEDC784F64A8}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{8539C574-46EC-456F-BA2D-2B95C5EC9935}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{AE91F43E-E809-425F-BD40-156F45D3EAA1}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 
"{AEBE41E0-4D80-459D-8F1C-7BAB799A982A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{B0BD9342-31E9-452E-9EE5-635E24C4A611}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B8E10016-82BE-4A78-885A-1F1ECBC2CBA3}" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"{CB97BF84-9CB5-40A1-95ED-FC9F7ED08800}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{E13D926F-B6F1-4299-8B10-DBB484FB6C52}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{E51F8028-0058-4F68-A2EE-C49E63FCDC1A}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"TCP Query User{0FC4CC35-B08F-42AC-8D66-F3152232D757}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{4668EF57-FBB5-4EAE-8315-F941091CF097}C:\users\max\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\max\program files\dna\btdna.exe | 
"TCP Query User{46E24645-7998-412E-99E2-38590E4F839E}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{69A9A7D5-0022-4B35-A706-BDE542A2E217}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"TCP Query User{96873F44-7322-474F-A73B-02E3500B4D12}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{9E2CFE79-EB8D-4E1D-A812-44FCBE5E2804}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"TCP Query User{BF36DF19-94D2-4DEA-8F97-FF115809AF8C}C:\program files\soulseekns\slsk.exe" = protocol=6 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"TCP Query User{EEB4355B-8E4B-4EF4-B42D-37525F0570DD}C:\users\max\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\max\program files\dna\btdna.exe | 
"UDP Query User{04A78CEF-84B6-4FA9-BE28-DB09A88ACD73}C:\users\max\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{123A65FB-0C39-448A-B7B0-8E09F2511EB6}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
"UDP Query User{3C40D761-F27E-4DF1-8EB4-89407B508E18}C:\users\max\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\max\program files\dna\btdna.exe | 
"UDP Query User{5D4F0244-BFF9-4052-87CC-F17FADF6FB83}C:\users\max\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\max\program files\dna\btdna.exe | 
"UDP Query User{A0EE4047-00DA-4EA3-A009-1C781B963F35}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{A6B2AAF8-2209-434D-8A23-2D8A7DB3D8B6}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{C83EBAC3-98E7-462B-9E4A-659C6B80F30C}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe | 
"UDP Query User{E3100F71-2E20-4930-B3F1-52A2B8573C59}C:\program files\soulseekns\slsk.exe" = protocol=17 | dir=in | app=c:\program files\soulseekns\slsk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12001D97-ED15-4D04-B4A6-32D16A71844C}" = Adobe Photoshop Lightroom 2.6.1
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 3.4
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{52A4E146-A102-4ED0-970F-6B1715EB3C86}" = Quake Live Mozilla Plugin
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73B5D990-04EA-4751-B10F-5534770B91F2}" = Adobe Color EU Recommended Settings
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C542173-96F0-435D-A95C-468CAAC75EA0}" = Adobe Flash Player 10 Plugin
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-1033-0000-7760-000000000002}" = Adobe Acrobat 7.0 Professional
"{B001064C-D061-4BAE-9031-416A838D5536}" = Adobe Flash Player 10 ActiveX
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C73CA646-73B3-4AEF-A136-C37505745174}" = iTunes
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}" = Adobe Setup
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}" = Adobe Color NA Extra Settings
"Adobe Acrobat 7.0 Professional" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe_5f143314a5d434c8511097393d17397" = Adobe Photoshop CS3
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.8 (Unicode)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.12.5" = Biet-O-Matic v2.12.5
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"FileZilla Client" = FileZilla Client 3.5.1
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"ImagenomicNoisewareProPlugin" = Imagenomic Noiseware 4.2 Professional Plug-in (build 4205)
"ImagenomicPortraiturePlugin" = Imagenomic Portraiture 2.1 Plug-in (build 2105)
"ImagenomicRealGrainPlugin" = Imagenomic RealGrain 1.1 Plug-in (build 1103)
"Inkscape" = Inkscape 0.47
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LGFanModeTile" = LG Fan Mode Tile for Windows Mobility Center
"LGTouchPadTile" = LG TouchPad Tile for Windows Mobility Center
"Live 8.0.4" = Live 8.0.4
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.24)" = Mozilla Firefox (3.6.24)
"Mozilla Thunderbird (7.0.1)" = Mozilla Thunderbird (7.0.1)
"Mp3tag" = Mp3tag v2.43
"NVIDIA Drivers" = NVIDIA Drivers
"ShiftN_is1" = ShiftN 3.5
"Soulseek2" = SoulSeek 157 NS 13e
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 0.9.9
"WinpkFilter Runtime Libraries" = WinpkFilter Runtime Libraries
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 01.12.2011 03:12:30 | Computer Name = Workstation | Source = LoadPerf | ID = 3011
Description = 
 
Error - 01.12.2011 20:17:36 | Computer Name = Workstation | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3888 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: ba0  Anfangszeit: 01ccad9dae8b8680  Zeitpunkt der Beendigung:
 477
 
Error - 01.12.2011 20:17:37 | Computer Name = Workstation | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.3888, Zeitstempel
 0x4c7451ef, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047ae2,  Prozess-ID 0x69c, Anwendungsstartzeit
 01ccad9ddef3e3d0.
 
Error - 03.12.2011 17:48:44 | Computer Name = Workstation | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4324, Zeitstempel
 0x4eb2a578, fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18538, Zeitstempel 0x4cb733dc,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00047ae2,  Prozess-ID 0xac4, Anwendungsstartzeit
 01ccb088e127bb20.
 
Error - 04.12.2011 19:25:23 | Computer Name = Workstation | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.12.2011 19:25:23 | Computer Name = Workstation | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.12.2011 19:25:23 | Computer Name = Workstation | Source = LoadPerf | ID = 3011
Description = 
 
Error - 04.12.2011 20:31:00 | Computer Name = Workstation | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.12.2011 20:31:00 | Computer Name = Workstation | Source = LoadPerf | ID = 3012
Description = 
 
Error - 04.12.2011 20:31:00 | Computer Name = Workstation | Source = LoadPerf | ID = 3011
Description = 
 
[ System Events ]
Error - 16.12.2011 15:05:34 | Computer Name = Workstation | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 16.12.2011 15:05:34 | Computer Name = Workstation | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 18.12.2011 13:48:37 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:48:39 | Computer Name = Workstation | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.0.7 für die Netzwerkkarte mit der Netzwerkadresse
 00216B03A51E wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 18.12.2011 13:48:44 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:48:48 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:48:55 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:49:03 | Computer Name = Workstation | Source = DCOM | ID = 10005
Description = 
 
Error - 18.12.2011 13:50:02 | Computer Name = Workstation | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 18.12.2011 13:50:02 | Computer Name = Workstation | Source = Service Control Manager | ID = 7026
Description = 
 
 
< End of report >

--- --- ---

DANKE DANKE DANKE!

markusg · 18.12.2011, 19:45

hi

achtung!

dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.

• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKCU..\Run: [firefox.exe] C:\Users\Max\AppData\Roaming\Mozilla\Firefox\firefox.exe ()
:Files
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

bonerin · 18.12.2011, 20:06

brauchst du zusätzlich die moved files?
oder reicht dies hier?

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\firefox.exe deleted successfully.
C:\Users\Max\AppData\Roaming\Mozilla\Firefox\firefox.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\Max\AppData\Roaming\Mozilla\Firefox\firefox.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56502 bytes

User: Default User

User: Max
->Flash cache emptied: 603569 bytes

User: Public

Total Flash Files Cleaned = 1,00 mb

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User

User: Max
->Temp folder emptied: 2908891697 bytes
->Temporary Internet Files folder emptied: 116462945 bytes
->FireFox cache emptied: 58719179 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 20902901 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.961,00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 12182011_195852

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

markusg · 18.12.2011, 20:14

ja die brauche ich.

bonerin · 18.12.2011, 20:23

habe ich gemacht.
danke für die echtzeitbetreuung.

markusg · 18.12.2011, 20:44

danke

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

bonerin · 18.12.2011, 21:09

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-12-18.01 - Max 18.12.2011  20:59:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6001.1.1252.49.1031.18.3068.1939 [GMT 1:00]
ausgeführt von:: c:\users\Max\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\lgcenter.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-18 bis 2011-12-18  ))))))))))))))))))))))))))))))
.
.
2011-12-18 20:05 . 2011-12-18 20:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-12-18 19:01 . 2011-12-18 19:01	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{68BAE2CE-55BD-402B-B295-E865463B19A3}\offreg.dll
2011-12-18 18:58 . 2011-12-18 19:19	--------	d-----w-	C:\_OTL
2011-12-16 15:22 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{68BAE2CE-55BD-402B-B295-E865463B19A3}\mpengine.dll
2011-12-16 01:00 . 2010-01-21 19:32	--------	d-----w-	c:\windows\system32\Adobe Premiere Pro CS4
2011-12-13 23:45 . 2011-04-27 04:19	--------	d-----w-	c:\windows\system32\Adobe Premiere Pro CS5.5
2011-12-10 14:26 . 2011-12-10 14:26	--------	d-----w-	c:\programdata\regid.1986-12.com.adobe
2011-12-10 11:17 . 2011-12-10 11:17	--------	d-----w-	c:\programdata\ALM
2011-12-10 11:09 . 2011-12-10 11:09	--------	d-----w-	c:\program files\Common Files\Adobe AIR
2011-12-10 00:07 . 2011-12-18 19:03	--------	d-----w-	c:\users\Max\AppData\Roaming\Dropbox
2011-12-05 07:04 . 2011-12-12 21:15	--------	d-----w-	c:\programdata\YouTube Downloader
2011-11-28 07:24 . 2011-11-28 07:24	--------	d-----w-	c:\program files\WinpkFilter
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17	94208	----a-w-	c:\users\Max\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1029416]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-10 13543968]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-10 92704]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-21 178712]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-09-14 222504]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-07-19 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
.
c:\users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Max\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-12-5 24242056]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2011-12-16 25214]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
2009-11-12 20:41	323392	----a-w-	c:\users\Max\Program Files\DNA\btdna.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23	1008184	----a-w-	c:\program files\Windows Defender\MSASCui.exe
.
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2008-03-26 81192]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]
S3 NETw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw5v32.sys [2008-11-17 3668480]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-06-10 43040]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ   	BthServ
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.lge.com
uInternet Settings,ProxyOverride = *.local
IE: add to &BOM - c:\\PROGRA~1\\BIET-O~1\\\\AddToBOM.hta
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\01legc20.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MSConfigStartUp-AdobeCS4ServiceManager - c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MSConfigStartUp-LG Magnifier - c:\program files\LG Software\LG Magnifier\MagnifyingGlass.exe
MSConfigStartUp-MsUpdate - C:\MsUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-12-18 21:05
Windows 6.0.6001 Service Pack 1 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Zeit der Fertigstellung: 2011-12-18  21:07:14
ComboFix-quarantined-files.txt  2011-12-18 20:06
.
Vor Suchlauf: 9 Verzeichnis(se), 12.483.719.168 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 13.273.079.808 Bytes frei
.
- - End Of File - - FA232E458174B4C52BB3A3E25091F89F

--- --- ---

markusg · 18.12.2011, 21:14

malwarebytes:
Downloade Dir bitte Malwarebytes

Installiere
das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche
nach Aktualisierung
Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet
ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste
das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

bonerin · 18.12.2011, 23:17

Malwarebytes' Anti-Malware 1.51.2.1300
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: 8393

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

18.12.2011 23:17:16
mbam-log-2011-12-18 (23-17-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|)
Durchsuchte Objekte: 395750
Laufzeit: 1 Stunde(n), 38 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\_OTL\movedfiles\12182011_195852\C_Users\Max\AppData\Roaming\Mozilla\Firefox\firefox.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

markusg · 19.12.2011, 12:28

hi, jetzt räumen wir noch auf und machen dringenst benötigte updates.

lade den CCleaner standard:
CCleaner Download - CCleaner 3.13.1600
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

bonerin · 19.12.2011, 16:49

Hallo,
Hier ist die Liste.
Ich frage mich, ob ich meinen Rechner eh neu aufsetzen soll - oder wird alles soweit erstmal in Ordnung sein (nach all den Schritten?)

Und kann ich schon Dateien sichern (ohne die Angst, dass diese auch befallen sind?)

Und als letztes, damit mir soetwas nicht nochmal passiert würde ich gerne meine Festplatte einmal pro Monat spiegeln und wo anders lagern, kannst du ein Programm empfehlen?

Danke vielmals.

Adobe Acrobat 7.0 Professional Adobe Systems 15.12.2011 243MB 7.0.0 NOTWENDIG
Adobe AIR Adobe Systems Inc. 09.12.2011 20,8MB 2.5.1.17730 UNNÖTIG
Adobe Community Help Adobe Systems Incorporated. 09.12.2011 5,70MB 3.4.980 UNNÖTIG
Adobe Content Viewer Adobe Systems Incorporated 09.12.2011 1,82MB 1.4.0 UNNÖTIG
Adobe Creative Suite 5.5 Master Collection Adobe Systems Incorporated 09.12.2011 4.164MB 5.5 NOTWENDIG
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 09.12.2011 2,72MB 10.2.153.1 NOTWENDIG
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 09.12.2011 2,68MB 10.2.153.1 NOTWENDIG
Adobe Photoshop CS3 Adobe Systems Incorporated 07.04.2009 1.284MB 10.0 UNNÖTIG
Adobe Photoshop Lightroom 2.6.1 Adobe 18.02.2010 130,5MB 2.6.2 NOTWENDIG
Agere Systems HDA Modem Agere Systems 19.11.2008 UNBEKANNT
Apple Application Support Apple Inc. 15.08.2011 51,0MB 1.5.2 UNNÖTIG
Apple Mobile Device Support Apple Inc. 15.08.2011 22,1MB 3.4.1.2 UNNÖTIG
Apple Software Update Apple Inc. 15.08.2011 2,38MB 2.1.3.127 UNNÖTIG
Audacity 1.3.8 (Unicode) Audacity Team 25.08.2009 29,5MB UNNÖTIG
Avira AntiVir Personal - Free Antivirus Avira GmbH 04.04.2009 65,2MB NOTWENDIG
Biet-O-Matic v2.12.5 BOM Development Team 05.11.2009 4,05MB Biet-O-Matic v2.12.5 UNNÖTIG
BitTorrent BitTorrent, Inc 04.04.2009 0,98MB NOTWENDIG
Bonjour Apple Inc. 15.08.2011 0,91MB 3.0.0.2 UNNÖTIG
Canon ScanGear Starter 07.05.2011 0,82MB NOTWENDIG
CanoScan Toolbox Ver4.9 07.05.2011 0,94MB UNNÖTIG
CCleaner Piriform 18.12.2011 4,20MB 3.13 BRAUCHE ICH DAS NOCH?
CyberLink YouCam CyberLink Corp. 19.11.2008 39,5MB 1.0.1622 UNNÖTIG
DNA BitTorrent Inc. 11.11.2009 0,41MB 2.2.4 (16502) NOTWENDIG
Dropbox Dropbox, Inc. 09.12.2011 24,2MB 1.2.49 NOTWENDIG
FileZilla Client 3.5.1 FileZilla Project 14.10.2011 9,02MB 3.5.1 NOTWENDIG
Free WMA to MP3 Converter 1.16 Jodix Technologies Ltd. 03.10.2009 2,84MB UNNÖTIG
Imagenomic Noiseware 4.2 Professional Plug-in (build 4205) 29.03.2010 3,56MB UNNÖTIG
Imagenomic Portraiture 2.1 Plug-in (build 2105) 29.03.2010 6,70MB UNNÖTIG
Imagenomic RealGrain 1.1 Plug-in (build 1103) 29.03.2010 3,18MB UNNÖTIG
Inkscape 0.47 07.02.2010 197,6MB 0.47 UNNÖTIG
Intel® Matrix Storage Manager Intel Corporation 19.11.2008 9,01MB UNBEKANNT
iTunes Apple Inc. 15.08.2011 141,9MB 10.4.0.80 UNNÖTIG
LAME v3.98.2 for Audacity 25.08.2009 1,18MB UNNÖTIG
LG Fan Mode Tile for Windows Mobility Center LG Electronics Inc. 19.11.2008 0,19MB UNBEKANNT
LG TouchPad Tile for Windows Mobility Center LG Electronics Inc. 19.11.2008 0,18MB UNBEKANNT (funktionieren der Lüfter und das Touchpad auch ohne?)
Live 8.0.4 10.08.2009 716MB UNNÖTIG
Malwarebytes' Anti-Malware Version 1.51.2.1300 Malwarebytes Corporation 17.12.2011 6,76MB 1.51.2.1300 NOTWENDIG
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 09.08.2009 27,8MB UNBEKANNT
Microsoft Office Professional Edition 2003 Microsoft Corporation 05.04.2009 259MB 11.0.6361.0 UNBEKANNT
Microsoft Office Suite Activation Assistant Microsoft Corporation 22.06.2008 8,37MB 2.7 UNBEKANNT
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.06.2008 0,41MB 8.0.56336 UNBEKANNT
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.04.2009 0,58MB 9.0.30729 UNBEKANNT
Mozilla Firefox (3.6.24) Mozilla 01.12.2011 28,5MB 3.6.24 (de) NOTWENDIG
Mozilla Thunderbird (7.0.1) Mozilla 16.10.2011 38,1MB 7.0.1 (de) NOTWENDIG
Mp3tag v2.43 Florian Heidenreich 04.04.2009 5,50MB v2.43 UNNÖTIG
NVIDIA Drivers 19.11.2008 NOTWENDIG
Pando Media Booster Pando Networks Inc. 19.06.2011 7,17MB 2.3.6.0 UNBEKANNT
Quake Live Mozilla Plugin id Software 16.06.2011 1,16MB 1.0.433 UNNÖTIG
QuickTime Apple Inc. 15.08.2011 73,7MB 7.69.80.9 UNNÖTIG
Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek 22.06.2008 1,54MB 1.00.0000 NOTWENDIG
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 22.06.2008 21,4MB 6.0.1.5605 NOTWENDIG
Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 22.06.2008 4,00MB NOTWENDIG
ShiftN 3.5 Marcus Hebel 19.01.2010 10,7MB 3.5 UNNÖTIG
Skype Toolbars Skype Technologies S.A. 08.10.2010 6,12MB 1.0.4051 UNNÖTIG
Skype™ 4.2 Skype Technologies S.A. 08.10.2010 19,5MB 4.2.187 UNNÖTIG
SoulSeek 157 NS 13e 01.09.2009 3,60MB UNNÖTIG
Synaptics Pointing Device Driver Synaptics 23.06.2008 13,6MB 10.1.8.0 UNBEKANNT
VLC media player 0.9.9 VideoLAN Team 09.04.2009 63,1MB 0.9.9 NOTWENDIG
Windows Media Player Firefox Plugin Microsoft Corp 04.05.2009 0,29MB 1.0.0.8 NOTWENDIG
WinpkFilter Runtime Libraries NT Kernel Resources 27.11.2011 2,78MB 3.0.7 UNBEKANNT
WinRAR 04.04.2009 3,72MB NOTWENDIG
YouTube Downloader 3.4 BienneSoft 04.12.2011 9,51MB NOTWENDIG

bonerin · 19.12.2011, 16:50

Oh die Frage nach dem CCleaner war natürlich recht kurz gedacht. Entschuldigung.

18.12.2011, 20:14	#7
markusg /// Malware-holic	Windows blockiert (Bundestrojaner) - Wie soll ich OTL installieren, da kein Zugriff! ja die brauche ich. __________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet

Windows blockiert (Bundestrojaner) - Wie soll ich OTL installieren, da kein Zugriff!

Log-Analyse und Auswertung: Windows blockiert (Bundestrojaner) - Wie soll ich OTL installieren, da kein Zugriff!