Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windowssystem gesperrt, Malwarebytes ausgeführt

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 20.03.2012, 15:04   #1
Madame
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Hallo Ihr Lieben,

bei der aktuellen Welle des (ehemaligen) BKA-Virus hat es mich gestern auch erwischt.
Im Autostart habe ich - wie viele andere, wie ich über die Google-Suche weiß - die SkypePM.exe gefunden, sie deaktiviert und konnte so wieder auf Windows zugreifen.
Ich habe dann das Programm Malwarebytes ausgeführt und die entsprechenden Funde gelöscht bzw. in Quarantäne geschoben.

Jetzt wüsste ich gerne, ob das nun ausreicht und falls nein, was die nächsten Schritte wären.
Hier das OTL- und das Extra-Protokoll:

Code:
ATTFilter
OTL logfile created on: 20.03.2012 15:26:10 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Administrator\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 64,76% Memory free
7,21 Gb Paging File | 5,54 Gb Available in Paging File | 76,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 42,06 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,97 Gb Free Space | 93,02% Space Free | Partition Type: NTFS
 
Computer Name: SARA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.20 15:25:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Downloads\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.27 12:40:21 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010.12.05 02:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.01.19 11:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2009.10.29 06:10:26 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
PRC - [2009.10.29 06:10:24 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.16 14:08:21 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.16 14:08:06 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.16 14:07:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 14:07:15 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.16 14:07:11 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.12.08 04:10:02 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.02.27 12:40:20 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.10.29 06:10:26 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
MOD - [2009.10.29 06:10:24 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
MOD - [2009.07.23 14:49:06 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
MOD - [2009.07.23 14:48:30 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
MOD - [2009.05.14 08:46:42 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
MOD - [2009.02.11 12:50:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll
MOD - [2009.02.11 12:50:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll
MOD - [2009.02.11 12:49:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007.11.22 03:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007.10.02 09:51:10 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007.05.29 02:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
MOD - [2007.03.26 02:39:36 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.26 05:00:14 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.25 23:48:06 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.04.28 08:58:54 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV:64bit: - [2007.11.28 10:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.23 14:34:00 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.28 08:58:54 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007.11.28 10:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdncoms.exe -- (lxdn_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.18 04:45:32 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2012.02.15 19:15:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.25 00:36:49 | 000,017,280 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys -- (usbUDisc)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.20 23:35:11 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.27 13:01:22 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011.02.27 13:01:11 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.02.27 12:58:31 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011.02.27 12:58:31 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011.01.26 06:51:00 | 008,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.26 04:23:18 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.10 20:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010.12.05 02:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.02 06:26:44 | 001,566,848 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.11.29 09:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.24 12:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.30 09:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.09.21 23:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010.09.03 06:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.06.25 03:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={795488AD-125A-4134-AB67-012AAA5BECD9}&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&lang=en&ds=ins13&pr=sa&d=2012-03-03 23:54:35&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B18eece22-d3c7-4b46-ac9a-3345226809a0%7D&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&ds=ins13&v=10.0.0.7&lang=en&pr=sa&d=2012-03-03%2023%3A54%3A35&sap=ku&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 19:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.17 08:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.07 09:02:43 | 000,000,000 | ---D | M]
 
[2011.10.16 01:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.03.07 02:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions
[2012.01.27 12:27:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.04 00:15:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.07 02:39:01 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\anttoolbar@ant.com
[2011.12.14 20:26:44 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\toolbar@stumbleupon.com
[2012.03.17 08:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.23 19:32:58 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2012.01.12 19:24:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.17 08:09:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.28 17:15:00 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.12 03:52:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.03 23:54:29 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.12 03:52:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 03:52:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 03:52:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 03:52:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 03:52:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: StumbleUpon = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\
CHR - Extension: Google Mail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53407ECF-6E90-4F31-92E4-DCC56ED2B80F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A209DAB-3A96-4BF2-B0DD-4B7197065907}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\Shell - "" = AutoRun
O33 - MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: SkypePM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.20 03:43:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.03.20 03:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 03:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.20 03:42:52 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.03.20 03:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.20 02:03:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Skype
[2012.03.16 19:09:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Egypt Documents
[2012.03.15 02:55:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\The Secret of Monkey Island
[2012.03.14 19:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RenPy
[2012.03.11 00:42:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Ein.Tick.anders.German.2011.AC3.DVDRiP.XviD-GMA- D
[2012.03.09 03:04:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Supreme Documents
[2012.03.09 02:53:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Hawaii Documents
[2012.03.09 02:52:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slingo Quest Hawaii
[2012.03.09 02:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Hawaii
[2012.03.09 02:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Egypt Beta
[2012.03.09 02:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Supreme
[2012.03.09 02:38:18 | 000,000,000 | ---D | C] -- C:\windows\Slingo Supreme
[2012.03.09 02:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Supreme
[2012.03.09 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Amazon Documents
[2012.03.09 02:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Quest Amazon [UPDATE]
[2012.03.09 02:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Amazon [UPDATE]
[2012.03.07 02:32:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Hausarbeit Sachenrecht
[2012.03.07 00:46:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Documents
[2012.03.07 00:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron
[2012.03.05 22:37:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\funkitron
[2012.03.05 22:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Deluxe
[2012.03.05 20:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.03.05 20:26:38 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioInfos.dll
[2012.03.05 20:26:38 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioVisu.dll
[2012.03.05 20:26:38 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudPlayer.dll
[2012.03.05 20:26:38 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioRecord.dll
[2012.03.05 20:26:38 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\WMAFile.dll
[2012.03.05 20:26:37 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudDesign.dll
[2012.03.05 20:26:37 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudFile.dll
[2012.03.05 20:26:37 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudDisplay.dll
[2012.03.05 20:26:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack
[2012.03.05 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter
[2012.03.04 00:06:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Iggels
[2012.03.04 00:00:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.junique
[2012.03.04 00:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VMLoad
[2012.03.03 23:54:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.03.03 23:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2012.03.03 23:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pflanzen gegen Zombies
[2012.03.02 18:37:07 | 000,000,000 | ---D | C] -- C:\windows\solcache
[2012.03.02 18:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.03.02 18:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra On-Line
[2012.03.02 18:36:27 | 000,000,000 | ---D | C] -- C:\SIERRA
[2012.03.02 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spawn
[2012.03.02 18:33:45 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\windows\DiabUnin.exe
[2012.03.02 18:33:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo
[2012.03.02 18:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
[2012.03.02 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo
[2012.03.01 20:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpecialBit Games
[2012.03.01 20:48:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel
[2012.03.01 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Hotel
[2012.03.01 20:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Big Fish
[2012.03.01 20:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2012.03.01 20:46:22 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2012.02.29 23:01:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.gimp-2.6
[2012.02.29 23:01:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\gegl-0.0
[2012.02.28 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.02.28 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012.02.28 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.26 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KV Software
[2012.02.26 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Pictures
[2012.02.26 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\InterBA
[2012.02.26 19:56:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\InterBA
[2012.02.26 19:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ophelia's Bingo World
[2012.02.26 19:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\InterBA
[2012.02.26 19:55:35 | 000,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\windows\UnDeployV.exe
[2012.02.24 02:09:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Unwritten Tales - Viehchroniken
[2012.02.24 01:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vieh Chroniken
[2012.02.21 23:28:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Unwritten Tales
[2012.02.21 20:24:34 | 000,466,456 | ---- | C] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2012.02.21 20:24:34 | 000,444,952 | ---- | C] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
[2012.02.21 20:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.02.21 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unwritten Tales
[2012.02.19 19:14:42 | 000,000,000 | ---D | C] -- C:\ProgramData\MythPeople
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.20 15:27:56 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 15:27:56 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.20 15:27:08 | 001,613,412 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.03.20 15:27:08 | 000,697,098 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.03.20 15:27:08 | 000,652,376 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.03.20 15:27:08 | 000,148,362 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.03.20 15:27:08 | 000,121,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.03.20 15:26:01 | 000,001,152 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500UA.job
[2012.03.20 15:20:46 | 000,113,055 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.03.20 15:20:06 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.03.20 15:20:02 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.20 03:42:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.19 17:26:00 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500Core.job
[2012.03.14 20:28:00 | 000,301,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.03.14 17:48:40 | 001,591,306 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.03.12 18:12:51 | 000,010,458 | ---- | M] () -- C:\Users\Administrator\Desktop\Zombatar_2.jpg
[2012.03.11 20:28:24 | 000,002,436 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2012.03.09 02:53:10 | 000,001,104 | ---- | M] () -- C:\Users\Administrator\Desktop\Slingo Quest 2 - Hawaii.lnk
[2012.03.09 02:40:15 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Slingo Quest Egypt.lnk
[2012.03.09 02:38:26 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Play Slingo Supreme.lnk
[2012.03.09 02:29:31 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Slingo Quest 3 - Amazon.lnk
[2012.03.09 01:52:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.07 00:44:26 | 000,000,850 | ---- | M] () -- C:\Users\Administrator\Desktop\Slingo Quest - Deutsch.lnk
[2012.03.06 16:14:23 | 107,006,626 | ---- | M] () -- C:\Users\Administrator\Desktop\Wallis Bird - Encore.mp4
[2012.03.05 20:26:47 | 000,001,296 | ---- | M] () -- C:\Users\Administrator\Desktop\Free Mp3 Wma Converter.lnk
[2012.03.05 19:44:56 | 000,004,096 | ---- | M] () -- C:\windows\d3dx.dat
[2012.03.02 19:28:38 | 000,014,605 | ---- | M] () -- C:\windows\DiabUnin.dat
[2012.03.02 18:37:25 | 000,000,412 | ---- | M] () -- C:\windows\SIERRA.INI
[2012.03.02 18:34:54 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\windows\DiabUnin.exe
[2012.03.02 18:34:54 | 000,002,829 | ---- | M] () -- C:\windows\DiabUnin.pif
[2012.02.24 01:58:15 | 000,466,456 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2012.02.24 01:58:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
 
========== Files Created - No Company Name ==========
 
[2012.03.20 03:42:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 18:12:51 | 000,010,458 | ---- | C] () -- C:\Users\Administrator\Desktop\Zombatar_2.jpg
[2012.03.09 02:52:45 | 000,001,104 | ---- | C] () -- C:\Users\Administrator\Desktop\Slingo Quest 2 - Hawaii.lnk
[2012.03.09 02:40:15 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Slingo Quest Egypt.lnk
[2012.03.09 02:38:26 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Play Slingo Supreme.lnk
[2012.03.09 02:29:31 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Slingo Quest 3 - Amazon.lnk
[2012.03.07 13:33:51 | 000,000,850 | ---- | C] () -- C:\Users\Administrator\Desktop\Slingo Quest - Deutsch.lnk
[2012.03.06 15:56:06 | 107,006,626 | ---- | C] () -- C:\Users\Administrator\Desktop\Wallis Bird - Encore.mp4
[2012.03.05 22:32:22 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012.03.05 22:32:22 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk
[2012.03.05 20:26:47 | 000,001,296 | ---- | C] () -- C:\Users\Administrator\Desktop\Free Mp3 Wma Converter.lnk
[2012.03.05 20:26:38 | 000,116,296 | ---- | C] () -- C:\windows\SysWow64\NCTWMAProfiles.prx
[2012.03.05 20:26:36 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2012.03.05 19:44:56 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2012.03.02 18:35:10 | 000,000,412 | ---- | C] () -- C:\windows\SIERRA.INI
[2012.03.02 18:33:45 | 000,002,829 | ---- | C] () -- C:\windows\DiabUnin.pif
[2012.03.02 18:33:42 | 000,014,605 | ---- | C] () -- C:\windows\DiabUnin.dat
[2012.02.28 17:24:55 | 000,002,436 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2012.02.28 17:21:16 | 000,001,152 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500UA.job
[2012.02.28 17:21:14 | 000,001,100 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500Core.job
[2012.02.18 04:45:21 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\acedrv07.dll
[2011.12.05 19:12:44 | 001,591,306 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.11.22 09:37:19 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
[2011.11.22 09:25:24 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
[2011.04.03 02:56:19 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxdninpa.dll
[2011.04.03 02:56:19 | 000,348,160 | ---- | C] () -- C:\windows\SysWow64\LXDNinst.dll
[2011.04.03 02:56:19 | 000,339,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdniesc.dll
[2011.04.03 02:56:19 | 000,335,872 | ---- | C] () -- C:\windows\SysWow64\lxdncomx.dll
[2011.04.03 02:56:18 | 001,101,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnserv.dll
[2011.04.03 02:56:18 | 000,843,776 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnusb1.dll
[2011.04.03 02:56:18 | 000,663,552 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnhbn3.dll
[2011.04.03 02:56:18 | 000,647,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnpmui.dll
[2011.04.03 02:56:18 | 000,589,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncoms.exe
[2011.04.03 02:56:18 | 000,569,344 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnlmpm.dll
[2011.04.03 02:56:18 | 000,315,392 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnih.exe
[2011.04.03 02:56:18 | 000,053,248 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnprox.dll
[2011.04.03 02:56:17 | 000,851,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncomc.dll
[2011.04.03 02:56:17 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncomm.dll
[2011.04.03 02:56:17 | 000,360,448 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncfg.exe
[2011.03.20 19:50:44 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.02.27 13:07:27 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011.02.27 13:07:27 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011.02.27 12:40:30 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.02.27 12:40:30 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.02.27 12:40:29 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.02.27 12:40:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.02.27 12:40:14 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.02.27 12:27:05 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011.02.27 12:27:05 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011.02.27 12:14:30 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.02.27 12:10:49 | 000,002,888 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.01.11 02:34:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012.01.07 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon
[2011.12.10 00:12:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Big Fish Games
[2011.12.27 09:13:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\calibre
[2011.11.02 04:30:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Chirurgie Simulation
[2012.03.20 02:45:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012.01.27 12:27:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2012.01.27 12:27:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.12 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EnchantedCavern2
[2011.11.11 03:45:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free PDF to Word Converter
[2012.03.05 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack
[2012.03.16 19:09:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\funkitron
[2012.03.13 17:18:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2012.03.04 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Iggels
[2012.03.14 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RenPy
[2011.11.01 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScummVM
[2012.02.16 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TLOTGT
[2012.01.15 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\URSE Games
[2012.03.19 20:27:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\UseNeXT
[2012.03.04 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VMLoad
[2012.02.09 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xi
[2012.02.19 01:39:41 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.07.03 01:55:39 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.03.23 01:16:56 | 000,000,000 | ---D | M] -- C:\70d4adeb9c4bbe7108
[2012.03.05 22:36:28 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.03.20 18:49:11 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.02.04 03:06:24 | 000,000,000 | ---D | M] -- C:\Dosbox
[2011.04.03 02:54:57 | 000,000,000 | ---D | M] -- C:\drivers
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.22 09:25:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.03.20 03:42:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.03.20 03:42:53 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.03.20 18:49:11 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.03.20 18:49:12 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.02 18:36:27 | 000,000,000 | ---D | M] -- C:\SIERRA
[2012.02.08 17:13:39 | 000,000,000 | ---D | M] -- C:\Spiele
[2012.02.09 20:48:16 | 000,000,000 | ---D | M] -- C:\Streamdownloads
[2012.03.20 15:28:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.02.27 12:49:32 | 000,000,000 | -HSD | M] -- C:\UserGuidePDF
[2011.10.16 01:16:04 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.20 09:42:20 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.27 03:17:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.27 03:18:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2011.02.27 03:17:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2011.02.27 03:18:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2011.02.27 03:17:33 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2011.02.27 03:18:55 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.27 03:17:33 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2011.02.27 03:18:55 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011.02.27 03:37:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.02.27 03:37:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CC30FDA5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4B244549
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6C031E3E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D2AF100E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ED221572
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:880F0FEF

< End of report >
         


Code:
ATTFilter
OTL Extras logfile created on: 20.03.2012 15:26:10 - Run 1
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Administrator\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 64,76% Memory free
7,21 Gb Paging File | 5,54 Gb Available in Paging File | 76,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 42,06 Gb Free Space | 16,55% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,97 Gb Free Space | 93,02% Space Free | Partition Type: NTFS
 
Computer Name: SARA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C897CB6-9393-C1DF-089D-7BB33C344362}" = AMD Fuel
"{50F24798-E870-CEE2-64CA-56DD81A27BAC}" = ATI Catalyst Install Manager
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6B31B6C8-383F-2362-5EB4-D950F666D8FD}" = ccc-utility64
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{909EDD8B-F26D-7051-C761-3386A1AFE052}" = ATI AVIVO64 Codecs
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E2A4EF15-22EE-B863-717D-4237AA3C1536}" = WMV9/VC-1 Video Playback
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"EA12B1FB53CE4E387C31A85236C41EF559B5E392" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (12/02/2010 6.1.0.1)
"Lenovo EE Boot Optimizer" = Lenovo EE Boot Optimizer
"Lexmark 2600 Series" = Lexmark 2600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Unlocker" = Unlocker 1.9.1-x64
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{070667D2-A6DC-C36C-10D0-4D25F0054B78}" = CCC Help Chinese Standard
"{097E024D-BE30-4D95-B5F3-B6AE9C1568D4}" = PowerXpressHybrid
"{09CB25FF-E950-0699-DA4D-5BDCD5A653EA}" = CCC Help Finnish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}" = SDFormatter
"{194E63E4-4AA0-F201-3C96-7EFEA0AEFE91}" = CCC Help French
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F3C1281-F291-573B-3913-774993D6F2C6}" = CCC Help Korean
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26A24AE4-039D-4CA4-87B4-2F83217001FF}" = Java(TM) 7 Update 1
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2BC21CD2-8053-406A-80F6-9AB61717B49D}" = ODF Add-In für Microsoft Office
"{2D2E2AD9-2DD9-FC5E-32A7-2961E5800C58}" = CCC Help English
"{2EEEC858-21F8-419B-8FE2-820621BFFCD7}" = GetDataBack for FAT
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D8D16D-13AC-826F-7494-166EB0CC021F}" = Catalyst Control Center Graphics Previews Common
"{47B5B5D0-2D0D-887B-E3A3-29744258A2F2}" = CCC Help Portuguese
"{47FAF76A-B225-FA71-F0AA-9ACD71A1A6EB}" = CCC Help Norwegian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0636E0-C17F-FEE2-0704-944EC0315996}" = CCC Help Japanese
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{54DA5204-5F2B-BB6B-3A29-93DB85E71F02}" = CCC Help Czech
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{562817EC-0640-4947-9513-570A53D55877}" = Grey's Anatomy
"{56582EEA-3AEF-4D84-8B9D-C87A3CD9250F}" = GetDataBack for NTFS
"{5B64310E-6C76-10FB-EF2D-D63D7901FE27}" = CCC Help Spanish
"{62BBB2F0-E220-4821-A564-730807D2C34D}" = Realtek USB 2.0 Reader Driver
"{6429EC24-5976-8B97-0C73-C7C6EEE717BE}" = CCC Help Polish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7AA63B49-FF6B-D9EC-F578-36AAD863791F}" = CCC Help Hungarian
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{82C9D4E8-A57A-95C2-8503-2021E9678096}" = CCC Help Thai
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85DC53E4-8D6E-4C78-A8D6-C41A7C2BBAB2}_is1" = Max Payne Ultimate Edition v1.0
"{86394597-E2A6-B8EE-9E01-5FF6FD919BFB}" = ccc-core-static
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{9F705A4D-B625-1E7E-BD3B-5DB253F4A3AE}" = Catalyst Control Center Profiles Mobile
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB480DA0-7EE9-465D-9C12-4CDE65BF18FB}" = Pando
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}" = Lenovo EasyCamera
"{AE557889-A5F1-212B-BC66-2A67D5FB84D7}" = Catalyst Control Center Localization All
"{AF311022-8A9B-41F5-BE54-E361DF2C8AA6}" = Catalyst Control Center - Branding
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"{B6534AA4-E51E-4D0E-AE12-ABFD55890F7C}_is1" = Slingo Quest Amazon [UPDATE]
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C601C102-3CF4-B39C-4479-D03BDA605CDB}" = CCC Help Swedish
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C6CABAAA-41C5-40F1-3DCC-A15E2DB8600E}" = CCC Help Dutch
"{C8670645-69C0-A438-CDD7-821A54D6C7B0}" = CCC Help Danish
"{CD5CDBC3-D83E-38BF-297B-CF3B54160C6E}" = CCC Help Italian
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D05B0ED7-7C10-49C2-990C-8D984197C1B4_P1}_is1" = Book of Unwritten Tales Patch 1.01
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D14AAC37-38FC-4454-9CEC-B3CD081632C4}" = calibre
"{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}" = Atheros Client Installation Program
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6AA424E-0598-45D7-0D92-113ACC44EC50}" = CCC Help Chinese Traditional
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E35E2F85-3E06-ADAD-7774-663DFD300D44}" = Catalyst Control Center InstallProxy
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E9F03F14-2EF3-7E0C-095F-A2056D748271}" = CCC Help Russian
"{EAE6BF35-84C4-F159-268E-9B63BDCDF545}" = CCC Help German
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = Benutzerhandbuch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F9502EF3-3D89-7CDC-1BB8-9AC33789BCA5}" = CCC Help Greek
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon Kindle" = Amazon Kindle
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bauern Glück" = Bauern Glück
"BFGC" = Big Fish Games: Game Manager
"BFG-Haunted Hotel" = Haunted Hotel
"BFG-Slingo Deluxe" = Slingo Deluxe
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo" = Diablo
"Die Legende des goldenen Buches" = Die Legende des goldenen Buches
"DivX Setup" = DivX-Setup
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"Free YouTube Download_is1" = Free YouTube Download version 3.0.20.1228
"Gemini Lost Deluxe_is1" = Gemini Lost Deluxe
"Hellfire" = Hellfire
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B2164CCB-C002-4B80-8550-7535D80DF237}" = Lenovo DirectShare
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Lenovo Games Console" = Lenovo Games Console
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NetXfer (Multilingual)_is1" = NetXfer 2.72a.437
"OpenAL" = OpenAL
"Ophelia's Bingo World" = Accorg Ophelia's Bingo World 2.21.0
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"QuickPar" = QuickPar 0.9
"Sanitarium" = Sanitarium
"ScummVM_is1" = ScummVM 1.2.1
"Season Match" = Season Match
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Sierra Utilities" = Sierra Utilities
"Slingo Quest - Deutsch" = Slingo Quest - Deutsch
"Slingo Quest Egypt Beta1.0.0.68" = Slingo Quest Egypt Beta
"Slingo Supreme1.0" = Slingo Supreme
"UltraStar Deluxe" = UltraStar Deluxe
"UseNeXT_is1" = UseNeXT
"VeriFace" = VeriFace
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"Woodville Chronicles_is1" = Woodville Chronicles
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Diablo" = Diablo
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
Im Voraus danke für Eure Mühe und Hilfe!
Madame

Alt 20.03.2012, 16:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Ohne die Logs von Malwarebytes und Co wird das hier nichts.
Alles von Malwarebytes (und evtl. anderen Scannern) muss hier gepostet werden.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 20.03.2012, 16:44   #3
Madame
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Ah okay, kein Problem, hier das Log-File:

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.20.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Administrator :: SARA-PC [Administrator]

Schutz: Aktiviert

20.03.2012 03:45:31
mbam-log-2012-03-20 (03-45-31).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 382741
Laufzeit: 2 Stunde(n), 19 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\sp (TrojanProxy.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Trymedia Systems (Adware.TryMedia) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 6
C:\Users\Administrator\AppData\Local\Temp\0.12014093979641083h7i.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Administrator\AppData\Local\Temp\0.6316633960352342h7i.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Administrator\AppData\Local\Temp\0.918349491718734h7i.exe (Spyware.Zbot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Administrator\Downloads\VMLoadSetup(1).exe (PUP.BundleInstaller.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Administrator\Downloads\VMLoadSetup(2).exe (PUP.BundleInstaller.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Administrator\Downloads\VMLoadSetup.exe (PUP.BundleInstaller.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Muss allerdings dazu sagen, dass ich die SkypePM.exe schon vor dem Suchlauf manuell gelöscht habe, dazu auch den reg-Eintrag. Hab vorsichtshalber Skype komplett deinstalliert.
SkypePM.exe taucht hier deshalb wohl nicht mehr auf, aber direkt nachdem die weg war - zunächst nur aus dem Autostart - konnte ich wieder auf Windows zugreifen, was ja bekräftigt, dass zumindest ein Teil des Übeltäters dort saß.
Drauf gekommen bin ich dadurch:

hxxp://forum.mindfactory.de/windows/66919-achtung-sicherheitsgr-nden-wurde-windows-blockiert.html

Edit: Warum diese Setup-Datei gleich dreimal vorhanden war, ist mir auch ein Rätsel.. Zweimal hab ich sie auf jeden Fall geladen, weil ich die erste nicht mehr gefunden habe. Ist aber beides eigentlich schon ein bisschen her.
__________________

Alt 20.03.2012, 17:02   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.03.2012, 17:07   #5
Madame
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Nein, hab es letzte Nacht erst hier installiert.
Das hier war noch enthalten, auch wenn das vermutlich nicht gemeint ist. Der Vollständigkeit halber trotzdem:

Code:
ATTFilter
2012/03/20 03:45:16 +0100	SARA-PC	Administrator	MESSAGE	Starting protection
2012/03/20 03:45:20 +0100	SARA-PC	Administrator	MESSAGE	Protection started successfully
2012/03/20 03:45:23 +0100	SARA-PC	Administrator	MESSAGE	Starting IP protection
2012/03/20 03:45:29 +0100	SARA-PC	Administrator	MESSAGE	IP Protection started successfully
2012/03/20 04:42:48 +0100	SARA-PC	Administrator	MESSAGE	Executing scheduled update:  Daily
2012/03/20 04:43:06 +0100	SARA-PC	Administrator	MESSAGE	Starting database refresh
2012/03/20 04:43:06 +0100	SARA-PC	Administrator	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.03.20.01 to version v2012.03.20.02
2012/03/20 04:43:06 +0100	SARA-PC	Administrator	MESSAGE	Stopping IP protection
2012/03/20 04:49:58 +0100	SARA-PC	Administrator	MESSAGE	IP Protection stopped
2012/03/20 04:50:25 +0100	SARA-PC	Administrator	MESSAGE	Database refreshed successfully
2012/03/20 04:50:25 +0100	SARA-PC	Administrator	MESSAGE	Starting IP protection
2012/03/20 04:50:34 +0100	SARA-PC	Administrator	MESSAGE	IP Protection started successfully
2012/03/20 15:20:48 +0100	SARA-PC	Administrator	MESSAGE	Starting protection
2012/03/20 15:20:54 +0100	SARA-PC	Administrator	MESSAGE	Protection started successfully
2012/03/20 15:20:57 +0100	SARA-PC	Administrator	MESSAGE	Starting IP protection
2012/03/20 15:21:05 +0100	SARA-PC	Administrator	MESSAGE	IP Protection started successfully
2012/03/20 17:58:11 +0100	SARA-PC	Administrator	MESSAGE	Starting database refresh
2012/03/20 17:58:11 +0100	SARA-PC	Administrator	MESSAGE	Stopping IP protection
2012/03/20 18:03:01 +0100	SARA-PC	Administrator	MESSAGE	IP Protection stopped
2012/03/20 18:03:06 +0100	SARA-PC	Administrator	MESSAGE	Database refreshed successfully
2012/03/20 18:03:06 +0100	SARA-PC	Administrator	MESSAGE	Starting IP protection
2012/03/20 18:03:12 +0100	SARA-PC	Administrator	MESSAGE	IP Protection started successfully
         
Mehr Logdateien hab ich bisher nicht.


Alt 20.03.2012, 17:09   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Führ bitte auch ESET aus, danach sehen wir weiter:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
--> Windowssystem gesperrt, Malwarebytes ausgeführt

Alt 20.03.2012, 20:02   #7
Madame
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Ui, da wurde einiges gefunden...

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7be7c05ece4c3f4a931a39e2bbfe10ea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-20 07:56:44
# local_time=2012-03-20 08:56:44 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 13545987 13545987 0 0
# compatibility_mode=5893 16776573 100 94 3692 83894207 0 0
# compatibility_mode=8192 67108863 100 0 4107 4107 0 0
# scanned=193415
# found=6
# cleaned=0
# scan_time=9047
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\6f4102cc-3c66f1d6	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\7ede12ec-2669f957	Java/Exploit.CVE-2011-3544.AV trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\7ddd93f-5308e5e5	a variant of Java/TrojanDownloader.Agent.AD trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\6ad3cc08-304498ce	a variant of Java/Exploit.CVE-2011-3544.AW trojan (unable to clean)	00000000000000000000000000000000	I
C:\Users\Administrator\Downloads\SoftonicDownloader_fuer_vmload.exe	a variant of Win32/SoftonicDownloader.D application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Sara\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52\383309f4-2b212fbb	a variant of Java/Agent.DP trojan (unable to clean)	00000000000000000000000000000000	I
         

Alt 21.03.2012, 14:03   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Zitat:
C:\Users\Administrator\Downloads\SoftonicDownloader_fuer_vmload.exe
Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2012, 16:35   #9
Madame
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Habe bei diesem Scan keine "Extras"-Datei bekommen. Jedenfalls finde ich keine, anders als beim ersten Mal.
Brauchst Du die auch und wenn ja, wo finde ich die zweite jetzt?

Kurze Zwischenfrage: Wenn ich aktuell festgestellt habe, dass ich Dinge nicht mehr benötige (mir fällt hier erst auf, wie viele Spiele noch installiert sind ), kann ich die dann jetzt deinstallieren?

Noch mal Edit: Wenn ich an einem Textdokument weiterarbeiten will, kann ich das dann hier oder lieber nicht so viel dran arbeiten? Kann ich das gefahrlos rüberkopieren?

Hier auf jeden Fall der aktuelle Scan:

Code:
ATTFilter
OTL logfile created on: 21.03.2012 16:54:29 - Run 2
OTL by OldTimer - Version 3.2.39.1     Folder = C:\Users\Administrator\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,60 Gb Total Physical Memory | 2,48 Gb Available Physical Memory | 68,73% Memory free
7,21 Gb Paging File | 5,76 Gb Available in Paging File | 79,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 254,14 Gb Total Space | 39,30 Gb Free Space | 15,46% Space Free | Partition Type: NTFS
Drive D: | 29,00 Gb Total Space | 26,97 Gb Free Space | 93,02% Space Free | Partition Type: NTFS
 
Computer Name: SARA-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.20 15:25:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.01.13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () -- C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe
PRC - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 13:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.27 12:40:21 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
PRC - [2010.12.05 02:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
PRC - [2010.01.19 11:44:40 | 000,536,576 | ---- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
PRC - [2009.10.29 06:10:26 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
PRC - [2009.10.29 06:10:24 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.16 14:08:21 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.16 14:08:06 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.16 14:07:23 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.16 14:07:15 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.16 14:07:11 | 007,967,232 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.12.08 04:10:02 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.02.27 12:40:20 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.10.29 06:10:26 | 000,660,136 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe
MOD - [2009.10.29 06:10:24 | 000,025,256 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnMsdMon.exe
MOD - [2009.07.23 14:49:06 | 000,782,336 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnDRS.dll
MOD - [2009.07.23 14:48:30 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdnscw.dll
MOD - [2009.05.14 08:46:42 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncaps.dll
MOD - [2009.02.11 12:50:00 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Core.dll
MOD - [2009.02.11 12:50:00 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\App4R.Monitor.Common.dll
MOD - [2009.02.11 12:49:02 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.dll
MOD - [2007.11.22 03:55:48 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\app4r.devmons.mcmdevmon.autoplayutil.dll
MOD - [2007.10.02 09:51:10 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncnv4.dll
MOD - [2007.05.29 02:39:08 | 000,589,824 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdndatr.dll
MOD - [2007.03.26 02:39:36 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2600 Series\lxdncats.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.26 05:00:14 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.25 23:48:06 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.04.28 08:58:54 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\windows\SysNative\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV:64bit: - [2007.11.28 10:51:42 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdncoms.exe -- (lxdn_device)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.11.22 09:59:30 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe -- (StumbleUponUpdater)
SRV - [2011.10.11 13:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 13:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.09.23 14:34:00 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.09.22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.28 08:58:54 | 000,029,184 | ---- | M] () [Auto | Stopped] -- C:\windows\system32\spool\DRIVERS\x64\3\\lxdnserv.exe -- (lxdnCATSCustConnectService)
SRV - [2007.11.28 10:12:40 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdncoms.exe -- (lxdn_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.18 04:45:32 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2012.02.15 19:15:35 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.25 00:36:49 | 000,017,280 | ---- | M] (Scott) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\USBDrv_AMD64.sys -- (usbUDisc)
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.10.11 14:00:01 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.11 14:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.20 23:35:11 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.27 13:01:22 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)
DRV:64bit: - [2011.02.27 13:01:11 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV:64bit: - [2011.02.27 12:58:31 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)
DRV:64bit: - [2011.02.27 12:58:31 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)
DRV:64bit: - [2011.01.26 06:51:00 | 008,014,848 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.01.26 04:23:18 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.10 20:43:40 | 000,234,960 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs)
DRV:64bit: - [2010.12.05 02:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010.12.02 06:26:44 | 001,566,848 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.11.29 09:50:38 | 000,044,672 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.24 12:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.30 09:45:22 | 000,299,520 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)
DRV:64bit: - [2010.09.21 23:04:54 | 000,015,056 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm2uvcflt.sys -- (vm2uvcflt)
DRV:64bit: - [2010.09.03 06:46:48 | 001,392,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.06.25 03:33:36 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.05.14 23:04:16 | 000,073,856 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010.05.14 23:04:16 | 000,028,800 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.21 15:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010.07.01 18:11:24 | 000,012,352 | ---- | M] () [Kernel | Unavailable | Unknown] -- C:\Programme\Unlocker\UnlockerDriver5.sys -- (UnlockerDriver5)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={795488AD-125A-4134-AB67-012AAA5BECD9}&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&lang=en&ds=ins13&pr=sa&d=2012-03-03 23:54:35&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/"
FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B18eece22-d3c7-4b46-ac9a-3345226809a0%7D&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&ds=ins13&v=10.0.0.7&lang=en&pr=sa&d=2012-03-03%2023%3A54%3A35&sap=ku&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.12 19:24:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.17 08:09:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.03.07 09:02:43 | 000,000,000 | ---D | M]
 
[2011.10.16 01:28:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2012.03.07 02:39:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions
[2012.01.27 12:27:29 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.04 00:15:05 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.07 02:39:01 | 000,000,000 | ---D | M] (Ant Video Downloader) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\anttoolbar@ant.com
[2011.12.14 20:26:44 | 000,000,000 | ---D | M] (StumbleUpon) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\9grnwodb.default\extensions\toolbar@stumbleupon.com
[2012.03.17 08:09:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.23 19:32:58 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de
[2012.01.12 19:24:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\9GRNWODB.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2012.03.17 08:09:01 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.28 17:15:00 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.12 03:52:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.03 23:54:29 | 000,003,749 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.02.12 03:52:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.12 03:52:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.12 03:52:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.12 03:52:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.12 03:52:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Administrator\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Java Deployment Toolkit 7.0.10.8 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 U1 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.17_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: StumbleUpon = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\
CHR - Extension: Google Mail = C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (NXIECatcher Class) - {83B80A9C-D91A-4F22-8DCF-EA7204039F79} - C:\Program Files (x86)\Xi\NetXfer\NXIEHelper.dll (Xi)
O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\Administrator\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)
O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)
O4:64bit: - HKLM..\Run: [lxdnamon] C:\Program Files (x86)\Lexmark 2600 Series\lxdnamon.exe ()
O4:64bit: - HKLM..\Run: [lxdnmon.exe] C:\Program Files (x86)\Lexmark 2600 Series\lxdnmon.exe ()
O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo)
O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)
O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O8 - Extra context menu item: Alles mit NetXfer herunterladen - C:\Program Files (x86)\Xi\NetXfer\NXAddList.html ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Herunterladen mit NetXfer - C:\Program Files (x86)\Xi\NetXfer\NXAddLink.html ()
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53407ECF-6E90-4F31-92E4-DCC56ED2B80F}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A209DAB-3A96-4BF2-B0DD-4B7197065907}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\Shell - "" = AutoRun
O33 - MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\Shell\AutoRun\command - "" = E:\Setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: SkypePM - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS - Reg Error: Value error.
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: MCODS - Reg Error: Value error.
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\windows\system32\cmd.exe /D /C start C:\windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.clmp3enc - C:\PROGRA~2\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.21 16:53:38 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.03.20 18:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.03.20 18:16:43 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.03.20 03:43:04 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.03.20 03:42:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.20 03:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.20 03:42:52 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2012.03.20 03:42:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.03.20 02:03:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Skype
[2012.03.16 19:09:28 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Egypt Documents
[2012.03.15 02:55:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\The Secret of Monkey Island
[2012.03.14 19:51:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RenPy
[2012.03.09 03:04:31 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Supreme Documents
[2012.03.09 02:53:25 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Hawaii Documents
[2012.03.09 02:52:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slingo Quest Hawaii
[2012.03.09 02:52:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Hawaii
[2012.03.09 02:39:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Egypt Beta
[2012.03.09 02:38:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Supreme
[2012.03.09 02:38:18 | 000,000,000 | ---D | C] -- C:\windows\Slingo Supreme
[2012.03.09 02:38:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Supreme
[2012.03.09 02:29:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Amazon Documents
[2012.03.09 02:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Quest Amazon [UPDATE]
[2012.03.09 02:29:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slingo Quest Amazon [UPDATE]
[2012.03.07 02:32:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Hausarbeit Sachenrecht
[2012.03.07 00:46:40 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Slingo Quest Documents
[2012.03.07 00:44:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Funkitron
[2012.03.05 22:37:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\funkitron
[2012.03.05 22:34:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Slingo Deluxe
[2012.03.05 20:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Audio Pack
[2012.03.05 20:26:38 | 001,212,416 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioInfos.dll
[2012.03.05 20:26:38 | 000,479,232 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioVisu.dll
[2012.03.05 20:26:38 | 000,458,752 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudPlayer.dll
[2012.03.05 20:26:38 | 000,454,656 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudioRecord.dll
[2012.03.05 20:26:38 | 000,348,160 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\WMAFile.dll
[2012.03.05 20:26:37 | 002,084,864 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudDesign.dll
[2012.03.05 20:26:37 | 001,986,560 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudFile.dll
[2012.03.05 20:26:37 | 000,417,792 | ---- | C] (NCT Company Ltd.) -- C:\windows\SysWow64\AudDisplay.dll
[2012.03.05 20:26:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack
[2012.03.05 20:26:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free mp3 Wma Converter
[2012.03.04 00:06:46 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Iggels
[2012.03.04 00:00:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.junique
[2012.03.04 00:00:35 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\VMLoad
[2012.03.03 23:54:22 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.03.03 23:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Big Fish Games
[2012.03.03 23:07:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pflanzen gegen Zombies
[2012.03.02 18:37:07 | 000,000,000 | ---D | C] -- C:\windows\solcache
[2012.03.02 18:36:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sierra
[2012.03.02 18:36:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sierra On-Line
[2012.03.02 18:36:27 | 000,000,000 | ---D | C] -- C:\SIERRA
[2012.03.02 18:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spawn
[2012.03.02 18:33:45 | 000,118,784 | ---- | C] (Blizzard Entertainment) -- C:\windows\DiabUnin.exe
[2012.03.02 18:33:45 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Diablo
[2012.03.02 18:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo
[2012.03.02 18:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo
[2012.03.01 20:48:36 | 000,000,000 | ---D | C] -- C:\ProgramData\SpecialBit Games
[2012.03.01 20:48:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Haunted Hotel
[2012.03.01 20:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Haunted Hotel
[2012.03.01 20:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Big Fish
[2012.03.01 20:47:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\bfgclient
[2012.03.01 20:46:22 | 000,000,000 | ---D | C] -- C:\BigFishGamesCache
[2012.02.29 23:01:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\.gimp-2.6
[2012.02.29 23:01:51 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\gegl-0.0
[2012.02.28 17:24:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.02.28 17:21:13 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012.02.28 17:15:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.26 20:02:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\KV Software
[2012.02.26 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Pictures
[2012.02.26 19:56:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\InterBA
[2012.02.26 19:56:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\InterBA
[2012.02.26 19:55:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ophelia's Bingo World
[2012.02.26 19:55:36 | 000,000,000 | ---D | C] -- C:\ProgramData\InterBA
[2012.02.26 19:55:35 | 000,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\windows\UnDeployV.exe
[2012.02.24 02:09:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Unwritten Tales - Viehchroniken
[2012.02.24 01:46:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vieh Chroniken
[2012.02.21 23:28:14 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Unwritten Tales
[2012.02.21 20:24:34 | 000,466,456 | ---- | C] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2012.02.21 20:24:34 | 000,444,952 | ---- | C] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
[2012.02.21 20:24:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.02.21 19:54:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Unwritten Tales
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.21 16:26:02 | 000,001,152 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500UA.job
[2012.03.21 15:14:05 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 15:14:05 | 000,013,424 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.21 14:44:07 | 001,613,412 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012.03.21 14:44:07 | 000,697,098 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012.03.21 14:44:07 | 000,652,376 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012.03.21 14:44:07 | 000,148,362 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012.03.21 14:44:07 | 000,121,308 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012.03.20 23:11:06 | 000,123,213 | ---- | M] () -- C:\windows\SysNative\fastboot.set
[2012.03.20 23:08:12 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.03.20 23:08:08 | 2902,642,688 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.20 18:16:59 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Administrator\Desktop\esetsmartinstaller_enu.exe
[2012.03.20 17:26:00 | 000,001,100 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500Core.job
[2012.03.20 15:25:12 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2012.03.20 03:42:56 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.14 20:28:00 | 000,301,280 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012.03.14 17:48:40 | 001,591,306 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012.03.12 18:12:51 | 000,010,458 | ---- | M] () -- C:\Users\Administrator\Desktop\Zombatar_2.jpg
[2012.03.11 20:28:24 | 000,002,436 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2012.03.09 02:53:10 | 000,001,104 | ---- | M] () -- C:\Users\Administrator\Desktop\Slingo Quest 2 - Hawaii.lnk
[2012.03.09 02:40:15 | 000,002,116 | ---- | M] () -- C:\Users\Public\Desktop\Slingo Quest Egypt.lnk
[2012.03.09 02:38:26 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Play Slingo Supreme.lnk
[2012.03.09 02:29:31 | 000,001,192 | ---- | M] () -- C:\Users\Public\Desktop\Slingo Quest 3 - Amazon.lnk
[2012.03.09 01:52:11 | 000,000,866 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.07 00:44:26 | 000,000,850 | ---- | M] () -- C:\Users\Administrator\Desktop\Slingo Quest - Deutsch.lnk
[2012.03.05 20:26:47 | 000,001,296 | ---- | M] () -- C:\Users\Administrator\Desktop\Free Mp3 Wma Converter.lnk
[2012.03.05 19:44:56 | 000,004,096 | ---- | M] () -- C:\windows\d3dx.dat
[2012.03.02 19:28:38 | 000,014,605 | ---- | M] () -- C:\windows\DiabUnin.dat
[2012.03.02 18:37:25 | 000,000,412 | ---- | M] () -- C:\windows\SIERRA.INI
[2012.03.02 18:34:54 | 000,118,784 | ---- | M] (Blizzard Entertainment) -- C:\windows\DiabUnin.exe
[2012.03.02 18:34:54 | 000,002,829 | ---- | M] () -- C:\windows\DiabUnin.pif
[2012.02.24 01:58:15 | 000,466,456 | ---- | M] (Creative Labs) -- C:\windows\SysNative\wrap_oal.dll
[2012.02.24 01:58:14 | 000,444,952 | ---- | M] (Creative Labs) -- C:\windows\SysWow64\wrap_oal.dll
 
========== Files Created - No Company Name ==========
 
[2012.03.20 03:42:56 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.03.12 18:12:51 | 000,010,458 | ---- | C] () -- C:\Users\Administrator\Desktop\Zombatar_2.jpg
[2012.03.09 02:52:45 | 000,001,104 | ---- | C] () -- C:\Users\Administrator\Desktop\Slingo Quest 2 - Hawaii.lnk
[2012.03.09 02:40:15 | 000,002,116 | ---- | C] () -- C:\Users\Public\Desktop\Slingo Quest Egypt.lnk
[2012.03.09 02:38:26 | 000,001,974 | ---- | C] () -- C:\Users\Public\Desktop\Play Slingo Supreme.lnk
[2012.03.09 02:29:31 | 000,001,192 | ---- | C] () -- C:\Users\Public\Desktop\Slingo Quest 3 - Amazon.lnk
[2012.03.07 13:33:51 | 000,000,850 | ---- | C] () -- C:\Users\Administrator\Desktop\Slingo Quest - Deutsch.lnk
[2012.03.05 22:32:22 | 000,001,927 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2012.03.05 22:32:22 | 000,001,248 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk
[2012.03.05 20:26:47 | 000,001,296 | ---- | C] () -- C:\Users\Administrator\Desktop\Free Mp3 Wma Converter.lnk
[2012.03.05 20:26:38 | 000,116,296 | ---- | C] () -- C:\windows\SysWow64\NCTWMAProfiles.prx
[2012.03.05 20:26:36 | 000,484,352 | ---- | C] () -- C:\windows\SysWow64\lame_enc.dll
[2012.03.05 19:44:56 | 000,004,096 | ---- | C] () -- C:\windows\d3dx.dat
[2012.03.02 18:35:10 | 000,000,412 | ---- | C] () -- C:\windows\SIERRA.INI
[2012.03.02 18:33:45 | 000,002,829 | ---- | C] () -- C:\windows\DiabUnin.pif
[2012.03.02 18:33:42 | 000,014,605 | ---- | C] () -- C:\windows\DiabUnin.dat
[2012.02.28 17:24:55 | 000,002,436 | ---- | C] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2012.02.28 17:21:16 | 000,001,152 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500UA.job
[2012.02.28 17:21:14 | 000,001,100 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-2395561902-1479221695-1832656523-500Core.job
[2012.02.18 04:45:21 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\acedrv07.dll
[2011.12.05 19:12:44 | 001,591,306 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2011.11.22 09:37:19 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
[2011.11.22 09:25:24 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
[2011.04.03 02:56:19 | 000,364,544 | ---- | C] ( ) -- C:\windows\SysWow64\lxdninpa.dll
[2011.04.03 02:56:19 | 000,348,160 | ---- | C] () -- C:\windows\SysWow64\LXDNinst.dll
[2011.04.03 02:56:19 | 000,339,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdniesc.dll
[2011.04.03 02:56:19 | 000,335,872 | ---- | C] () -- C:\windows\SysWow64\lxdncomx.dll
[2011.04.03 02:56:18 | 001,101,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnserv.dll
[2011.04.03 02:56:18 | 000,843,776 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnusb1.dll
[2011.04.03 02:56:18 | 000,663,552 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnhbn3.dll
[2011.04.03 02:56:18 | 000,647,168 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnpmui.dll
[2011.04.03 02:56:18 | 000,589,824 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncoms.exe
[2011.04.03 02:56:18 | 000,569,344 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnlmpm.dll
[2011.04.03 02:56:18 | 000,315,392 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnih.exe
[2011.04.03 02:56:18 | 000,053,248 | ---- | C] ( ) -- C:\windows\SysWow64\lxdnprox.dll
[2011.04.03 02:56:17 | 000,851,968 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncomc.dll
[2011.04.03 02:56:17 | 000,376,832 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncomm.dll
[2011.04.03 02:56:17 | 000,360,448 | ---- | C] ( ) -- C:\windows\SysWow64\lxdncfg.exe
[2011.03.20 19:50:44 | 000,000,400 | ---- | C] () -- C:\windows\ODBC.INI
[2011.02.27 13:07:27 | 000,000,512 | ---- | C] () -- C:\windows\previous.bin
[2011.02.27 13:07:27 | 000,000,512 | ---- | C] () -- C:\windows\current.bin
[2011.02.27 12:40:30 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll
[2011.02.27 12:40:30 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll
[2011.02.27 12:40:29 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll
[2011.02.27 12:40:29 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll
[2011.02.27 12:40:14 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll
[2011.02.27 12:27:05 | 000,001,823 | ---- | C] () -- C:\windows\vm332Rmv.ini
[2011.02.27 12:27:05 | 000,001,823 | ---- | C] () -- C:\windows\SysWow64\vm332Rmv.ini
[2011.02.27 12:14:30 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2011.02.27 12:10:49 | 000,002,888 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
 
========== LOP Check ==========
 
[2012.01.11 02:34:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2012.01.07 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon
[2011.12.10 00:12:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Big Fish Games
[2011.12.27 09:13:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\calibre
[2011.11.02 04:30:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Chirurgie Simulation
[2012.03.20 02:45:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012.01.27 12:27:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2012.01.27 12:27:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.12 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EnchantedCavern2
[2011.11.11 03:45:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free PDF to Word Converter
[2012.03.05 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack
[2012.03.16 19:09:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\funkitron
[2012.03.21 00:16:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2012.03.04 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Iggels
[2012.03.14 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RenPy
[2011.11.01 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScummVM
[2012.02.16 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TLOTGT
[2012.01.15 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\URSE Games
[2012.03.04 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VMLoad
[2012.02.09 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xi
[2011.09.24 03:24:32 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Awem
[2011.10.14 09:05:35 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\DAEMON Tools Lite
[2011.06.25 04:07:57 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Firestorm
[2011.10.13 19:42:52 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\ICQ
[2011.04.03 03:03:27 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\Lexmark Productivity Studio
[2011.03.22 17:13:50 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\PlayFirst
[2011.04.09 13:04:59 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\ScummVM
[2011.06.25 03:57:42 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\SecondLife
[2011.09.24 02:56:47 | 000,000,000 | ---D | M] -- C:\Users\Sara\AppData\Roaming\URSE Games
[2012.02.19 01:39:41 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.11 02:34:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2011.10.19 00:36:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012.01.07 16:51:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Amazon
[2012.02.09 15:55:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Apple Computer
[2011.10.16 01:18:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ATI
[2011.10.16 01:17:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Avira
[2011.12.10 00:12:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Big Fish Games
[2011.12.27 09:13:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\calibre
[2011.11.02 04:30:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Chirurgie Simulation
[2012.03.20 02:45:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2012.02.09 15:57:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DivX
[2011.12.09 01:04:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\dvdcss
[2012.01.27 12:27:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoft
[2012.01.27 12:27:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.02.12 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EnchantedCavern2
[2011.11.11 03:45:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Free PDF to Word Converter
[2012.03.05 20:27:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FreeAudioPack
[2012.03.16 19:09:28 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\funkitron
[2012.03.21 00:16:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2011.10.16 01:16:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012.03.04 00:06:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Iggels
[2011.10.16 01:34:45 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012.03.20 03:43:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2009.07.29 08:23:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012.03.08 23:32:30 | 000,000,000 | --SD | M] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2011.10.16 01:28:01 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Mozilla
[2011.11.19 06:52:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Nero
[2012.03.14 19:51:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RenPy
[2011.11.01 16:36:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ScummVM
[2012.03.20 03:35:32 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Skype
[2012.02.16 17:25:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TLOTGT
[2012.01.15 18:00:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\URSE Games
[2011.10.16 09:21:00 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\vlc
[2012.03.04 00:03:17 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\VMLoad
[2011.10.16 21:57:29 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinRAR
[2012.02.09 13:35:40 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Xi
 
< %APPDATA%\*.exe /s >
[2011.12.05 19:15:09 | 000,010,134 | R--- | M] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.02.27 03:50:26 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011.02.27 03:50:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.02.27 03:50:26 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.02.27 03:50:26 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011.02.27 03:37:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011.02.27 03:37:50 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CC30FDA5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4B244549
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6C031E3E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D2AF100E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ED221572
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:880F0FEF

< End of report >
         

Geändert von Madame (21.03.2012 um 16:46 Uhr)

Alt 21.03.2012, 17:03   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Zitat:
O2 - BHO: (DivX Plus Web Player HTML5 <video>)
Gehörst du auch zur der Fraktion, die sich Serien und Kinofilme über dubiose Portale anschaut?
Wenn ja: in Zukunft Finger weg, diese illegalen Portale verbreiten Malware und wenn du in Zukunft malwarefrei sein wilst, musst du auf legale Alternativen ausweichen und auf solche riskanten Streamingseiten verzichten!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2012, 17:22   #11
Madame
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Nicht jeder Stream, der sich mit dem Player abspielen lässt, ist illegal!
Broadcasts, kommentierte Livestreams (also man hört den Ton von was auch immer und sieht dazu Leute, die kommentieren etc. pp - muss man nicht mögen, ist aber völlig legal.).

Alt 21.03.2012, 17:27   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Zitat:
Nicht jeder Stream, der sich mit dem Player abspielen lässt, ist illegal!
Hab ich das irgendwo behauptet!
Ich hatte einfach die Frage ob du auch illegale Livestreams von den neuen Ablegern bzw. Alternativen wie zB kino.to machst! Wenn ja, dann ist wäre das eine sehr wahrscheinliche Ursache für die Sperrung des Windows-Rechners!

Wir müssen das hier am Tag 100x posten und du bist da keine Ausnahme wenn ich so einen DivX Webplayer im Log sehe!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2012, 17:33   #13
Madame
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Fühl Dich nicht angegriffen, so war das gar nicht gemeint.
Sorry, falls das so rüberkam. Wollte das nur anmerken, um Deine Frage zu beantworten, hätte allerdings vielleicht einen Smiley anfügen sollen.

Bin doch dankbar für Deine Hilfe und Nachfragen sind ja selbstverständlich.
Brauchtest Du jetzt eigentlich eine Extra-Datei? Wenn ja, wo finde ich die vom zweiten Scan?

Alt 21.03.2012, 19:42   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Ich fühl mich nicht angegriffen, ich muss nur Tag für Tag sehr deutliche Worte für sowas finden. Und ob du es glaubst oder nicht, oft kommen solche Ausreden wie "so einen Shice mach ich nicht" oder "das stimmt nicht" oder "ich hab das garnicht installiert"


Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com/ [binary data]
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
IE - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={795488AD-125A-4134-AB67-012AAA5BECD9}&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&lang=en&ds=ins13&pr=sa&d=2012-03-03 23:54:35&v=10.0.0.7&sap=dsp&q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..keyword.URL: "http://isearch.avg.com/search?cid=%7B18eece22-d3c7-4b46-ac9a-3345226809a0%7D&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&ds=ins13&v=10.0.0.7&lang=en&pr=sa&d=2012-03-03%2023%3A54%3A35&sap=ku&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
[2012.01.12 19:24:57 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (NetXfer) - {C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} - C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll (Xi)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\Shell - "" = AutoRun
O33 - MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\Shell\AutoRun\command - "" = E:\Setup.exe
@Alternate Data Stream - 202 bytes -> C:\ProgramData\Temp:F84B8DB5
@Alternate Data Stream - 153 bytes -> C:\ProgramData\Temp:A7DA2BCD
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:CC30FDA5
@Alternate Data Stream - 138 bytes -> C:\ProgramData\Temp:4B244549
@Alternate Data Stream - 137 bytes -> C:\ProgramData\Temp:6C031E3E
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:E6537A16
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:D2AF100E
@Alternate Data Stream - 128 bytes -> C:\ProgramData\Temp:4C3D5A8B
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:ED221572
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:E6708F08
@Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:880F0FEF
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.03.2012, 20:03   #15
Madame
 
Windowssystem gesperrt, Malwarebytes ausgeführt - Standard

Windowssystem gesperrt, Malwarebytes ausgeführt



Klar, ist ja auch verständlich.

Neustart erfolgt, hier das Logfile:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Prefs.js: "hxxp://www.facebook.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://isearch.avg.com/search?cid=%7B18eece22-d3c7-4b46-ac9a-3345226809a0%7D&mid=077f49ac5b9e47d1ac6bcd3c4e8ea837-16cb5af7f86408a254de90e74054103a593d2197&ds=ins13&v=10.0.0.7&lang=en&pr=sa&d=2012-03-03%2023%3A54%3A35&sap=ku&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0\ deleted successfully.
C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\Adobe Reader\ deleted successfully.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll moved successfully.
C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content\images folder moved successfully.
C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 folder moved successfully.
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll moved successfully.
File C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll not found.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C16CBAAC-A75C-4DB5-A0DD-CDF5CAFCDD3A}\ deleted successfully.
C:\Program Files (x86)\Xi\NetXfer\NXToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2395561902-1479221695-1832656523-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c8aedf32-e188-11e0-b84d-1c75086a41c4}\ not found.
File E:\Setup.exe not found.
ADS C:\ProgramData\Temp:F84B8DB5 deleted successfully.
ADS C:\ProgramData\Temp:A7DA2BCD deleted successfully.
ADS C:\ProgramData\Temp:CC30FDA5 deleted successfully.
ADS C:\ProgramData\Temp:4B244549 deleted successfully.
ADS C:\ProgramData\Temp:6C031E3E deleted successfully.
ADS C:\ProgramData\Temp:E6537A16 deleted successfully.
ADS C:\ProgramData\Temp:D2AF100E deleted successfully.
ADS C:\ProgramData\Temp:4C3D5A8B deleted successfully.
ADS C:\ProgramData\Temp:ED221572 deleted successfully.
ADS C:\ProgramData\Temp:E6708F08 deleted successfully.
ADS C:\ProgramData\Temp:880F0FEF deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 15068 bytes
->Temporary Internet Files folder emptied: 4486846 bytes
->Java cache emptied: 132587000 bytes
->FireFox cache emptied: 753801496 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2808 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: Sara
->Temp folder emptied: 1578048 bytes
->Temporary Internet Files folder emptied: 5645946 bytes
->Java cache emptied: 2717128 bytes
->FireFox cache emptied: 169604012 bytes
->Flash cache emptied: 1761 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 35186 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.021,00 mb
 
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.1 log created on 03212012_204704

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Antwort

Themen zu Windowssystem gesperrt, Malwarebytes ausgeführt
0x00000001, alternate, antivir, avira, bho, c:\windows\system32\cmd.exe, cid, desktop, downloader, error, firefox, flash player, format, helper, home, install.exe, installation, jdownloader, lenovo, locker, logfile, microsoft office 2003, mp3, programm, realtek, registry, rundll, scan, searchscopes, security, software, super, usb, usb 2.0, windows



Ähnliche Themen: Windowssystem gesperrt, Malwarebytes ausgeführt


  1. GVU-Trojaner, Malwarebytes Anti-Malware ausgeführt, was nun?
    Log-Analyse und Auswertung - 27.09.2012 (1)
  2. Bundestrojaner evtl . noch vorhanden, ComboFix + Malwarebytes ausgeführt, Logfiles vorhanden
    Log-Analyse und Auswertung - 27.07.2012 (5)
  3. Virus: "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert", OTL ausgeführt, was nun?
    Log-Analyse und Auswertung - 08.04.2012 (5)
  4. Windowssystem gesperrt - Zahlungsaufforderung!
    Log-Analyse und Auswertung - 23.03.2012 (15)
  5. Windowssystem gesperrt 50 Euro Zahlung
    Log-Analyse und Auswertung - 23.03.2012 (17)
  6. Ihr Windowssystem wurde gesperrt
    Log-Analyse und Auswertung - 18.03.2012 (1)
  7. Windowssystem gesperrt! Aus Sicherheitsgründen ...
    Plagegeister aller Art und deren Bekämpfung - 17.03.2012 (11)
  8. Aus Sicherheitsgründen Windowssystem gesperrt
    Plagegeister aller Art und deren Bekämpfung - 13.02.2012 (1)
  9. Windowssystem zum Schutz gesperrt
    Plagegeister aller Art und deren Bekämpfung - 08.02.2012 (19)
  10. Windowssystem gesperrt - Virus
    Log-Analyse und Auswertung - 18.01.2012 (23)
  11. Windowssystem gesperrt (wie bei And946)
    Log-Analyse und Auswertung - 11.01.2012 (16)
  12. Windowssystem gesperrt - 50 Euro zahlen
    Plagegeister aller Art und deren Bekämpfung - 05.01.2012 (23)
  13. Aus Sicherheitsgründen wurde ihr Windowssystem gesperrt
    Plagegeister aller Art und deren Bekämpfung - 30.12.2011 (21)
  14. Windowssystem wurde gesperrt!
    Log-Analyse und Auswertung - 30.12.2011 (32)
  15. Windowssystem gesperrt
    Log-Analyse und Auswertung - 29.12.2011 (9)
  16. windowssystem gesperrt
    Log-Analyse und Auswertung - 16.12.2011 (10)
  17. Windowssystem gesperrt 50euro gefordert
    Log-Analyse und Auswertung - 06.12.2011 (3)

Zum Thema Windowssystem gesperrt, Malwarebytes ausgeführt - Hallo Ihr Lieben, bei der aktuellen Welle des (ehemaligen) BKA-Virus hat es mich gestern auch erwischt. Im Autostart habe ich - wie viele andere, wie ich über die Google-Suche weiß - Windowssystem gesperrt, Malwarebytes ausgeführt...
Archiv
Du betrachtest: Windowssystem gesperrt, Malwarebytes ausgeführt auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.