GEMA-Trojaner 2.08, bereits OTLPE-Logfile erstellt

merox_x · 05.09.2012, 19:50

Mich hat es leider auch erwischt, habe mir einen GEMA-Trojaner 2.08 eingefangen.
Habe bereits mit OTLPE eine zwei .txt Dateien erstellt und hoffe, ihr könnt mir sagen was ich damit jetzt zutun habe. Wird sonst noch irgendeine Information benötigt?? Ich tue alles um das Ding wieder loszuwerden

Btw habe ich in der .txt Datei meinen Rechnernamen mit ***** ersetzt.

Lieben Dank im Vorraus,

merox_x

Die otl.txt Datei:

Code:

ATTFilter

OTL logfile created on: 9/5/2012 8:36:04 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.18 Mb Free Space | 74.18% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 6.37 Gb Free Space | 6.53% Space Free | Partition Type: NTFS
Drive E: | 833.76 Gb Total Space | 41.02 Gb Free Space | 4.92% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/04/05 22:16:02 | 000,236,544 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 15:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/04/27 03:23:24 | 000,916,992 | ---- | M] () [Auto] -- D:\Windows\System32\atwtusb.exe -- (WTService)
SRV:64bit: - [2011/01/11 16:00:00 | 000,168,448 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE -- (EPSON_EB_RPCV4_04) EPSON V5 Service4(04)
SRV:64bit: - [2011/01/11 16:00:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- D:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE -- (EPSON_PM_RPCV4_04) EPSON V3 Service4(04)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2012/08/29 18:20:47 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/05/01 19:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/01 18:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012/05/01 18:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/12 09:52:57 | 000,296,232 | ---- | M] (CyberLink) [Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe -- (CyberLink PowerDVD 12 Media Server Service)
SRV - [2012/01/12 09:52:55 | 000,087,336 | ---- | M] (CyberLink Corp.) [Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe -- (CLHNServiceForPowerDVD12)
SRV - [2012/01/12 09:52:55 | 000,075,048 | ---- | M] (CyberLink) [Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe -- (CyberLink PowerDVD 12 Media Server Monitor Service)
SRV - [2011/12/06 17:00:14 | 000,214,896 | ---- | M] () [Auto] -- D:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)
SRV - [2011/11/26 11:22:51 | 000,075,136 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011/10/31 18:22:49 | 000,008,192 | ---- | M] () [Auto] -- D:\Windows\SysWOW64\srvany.exe -- (KMService)
SRV - [2011/09/23 12:37:42 | 000,641,832 | ---- | M] (Nero AG) [Auto] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/04/10 15:01:20 | 000,623,984 | ---- | M] (Juniper Networks) [Auto] -- D:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/05 07:43:26 | 000,068,136 | ---- | M] () [Auto] -- D:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2007/05/28 12:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto] -- D:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2006/12/19 12:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- D:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/02 09:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/04/27 04:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/04/24 18:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/06 01:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 21:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 10:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 10:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto] -- D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/12/08 00:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011/12/08 00:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 00:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011/12/08 00:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011/12/08 00:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2011/12/08 00:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2011/12/01 16:02:17 | 000,526,392 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011/11/07 11:18:08 | 000,046,728 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ren2cap.sys -- (REN2CAP_DRIVER)
DRV:64bit: - [2011/11/02 21:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/10/14 14:08:51 | 000,314,016 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011/10/14 14:08:50 | 000,043,680 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011/07/13 07:59:54 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot] -- D:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011/07/13 07:59:54 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot] -- D:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/04/10 14:47:36 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2010/03/30 04:09:50 | 000,653,312 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2010/03/30 04:09:40 | 000,032,256 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\emAudio64.sys -- (emAudio)
DRV:64bit: - [2010/03/25 10:52:26 | 000,154,880 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2010/02/18 03:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/26 01:15:10 | 000,007,552 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\walvhid.sys -- (vhidmini)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/08 07:16:14 | 000,007,680 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand] -- D:\Windows\System32\drivers\moufiltr.sys -- (moufiltr)
DRV:64bit: - [2009/03/01 17:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/12/25 05:30:52 | 000,190,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008/11/03 22:21:08 | 000,098,144 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- D:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2007/01/26 11:49:32 | 012,323,072 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2012/09/05 12:57:55 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- D:\Windows\gdrv.sys -- (gdrv)
DRV - [2012/01/11 16:57:42 | 000,146,928 | ---- | M] (CyberLink Corp.) [2012/03/26 00:57:15] [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Common\NavFilter\000.fcl -- ({329F96B6-DF1E-4328-BFDA-39EA953C1312})
DRV - [2011/10/27 02:18:45 | 000,082,928 | ---- | M] (Cyberlink Corp.) [Kernel | Auto] -- D:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys -- (ntk_PowerDVD12)
DRV - [2008/11/13 20:11:42 | 000,020,512 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto] -- D:\Program Files (x86)\Common Files\Realtime Soft\UltraMonMirrorDrv\x64\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2007/01/26 11:48:28 | 012,028,032 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\SysWOW64\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\*****_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={ECD43DFD-F06D-404C-80C9-F48EF65712AD}&mid=424f75c9a28047d08eb8d16d5b9bc877-f66393d4791ef62cc104f9aa10bef1cc48e2da84&lang=de&ds=od011&pr=sa&d=2012-03-12 21:29:42&v=9.0.0.23&sap=hp
IE - HKU\*****_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\*****_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\*****_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D D1 D1 E1 E0 F4 CC 01  [binary data]
IE - HKU\*****_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\Sina_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Sina_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Sina_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DE 32 C8 3D 47 E0 CC 01  [binary data]
IE - HKU\Sina_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_3_300_262.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: D:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: D:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: D:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Nero.com/KM: D:\Program Files (x86)\Common Files\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: D:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: D:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/18 16:11:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/29 18:20:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/25 15:26:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/06/07 12:24:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2012/05/06 16:32:56 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2012/08/29 18:20:48 | 000,266,720 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/04/07 02:53:52 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- D:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/09 01:18:29 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/03/13 15:30:16 | 000,003,768 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/29 18:20:47 | 000,002,465 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/09 01:18:29 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/09 01:18:29 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/09 01:18:29 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/09 01:18:29 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012/08/25 17:43:24 | 000,004,189 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com 
O1 - Hosts: 127.0.0.1 3dns.adobe.com 
O1 - Hosts: 127.0.0.1 3dns.adobe.de
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.de
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.de
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.de
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.de
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.de 
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.de
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.de
O1 - Hosts: 72 more lines...
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - D:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} -  File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - D:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} -  File not found
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\*****_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\*****_ON_D\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Sina_ON_D\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Sina_ON_D\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MacrokeyManager] D:\Windows\System32\WTMKM.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] D:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0]  File not found
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher]  File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] D:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] D:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [crrss] D:\Windows\SysWOW64\crrss.exe (Howard Computers)
O4 - HKLM..\Run: [StartCCC] D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\*****_ON_D..\Run: [AdobeBridge]  File not found
O4 - HKU\*****_ON_D..\Run: [Kaunby] D:\Users\*****\AppData\Roaming\Eded\faurl.exe ()
O4 - HKU\*****_ON_D..\Run: [mwdaurnfotumngb] D:\ProgramData\mwdaurnf.exe ()
O4 - HKU\*****_ON_D..\Run: [winlogon] D:\Users\*****\winlogon.exe (Howard Computers)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Sina_ON_D..\Run: [AdobeBridge]  File not found
O4 - HKU\Sina_ON_D..\Run: [Epson Stylus Photo PX730(Netzwerk)]  File not found
O4 - HKU\Sina_ON_D..\Run: [EPSON4B4B95 (Epson Stylus Photo PX730)]  File not found
O4 - HKU\Sina_ON_D..\Run: [Facebook Update] D:\Users\Sina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\Sina_ON_D..\Run: [Switcher]  File not found
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\Sina_ON_D..\RunOnce: [FlashPlayerUpdate]  File not found
O4 - Startup: D:\Users\Sina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - D:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - D:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - D:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\crrss.exe) - D:\Windows\SysWOW64\crrss.exe (Howard Computers)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\*****_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\*****_ON_D Winlogon: Shell - ("C:\Users\*****\winlogon.exe") - D:\Users\*****\winlogon.exe (Howard Computers)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - D:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{ded5a911-b725-11e0-9e05-00241d7f2184}\Shell - "" = AutoRun
O33 - MountPoints2\{ded5a911-b725-11e0-9e05-00241d7f2184}\Shell\AutoRun\command - "" = F:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/05 13:00:17 | 000,105,984 | ---- | C] (Howard Computers) -- D:\Windows\SysWow64\crrss.exe
[2012/09/05 12:55:11 | 000,000,000 | ---D | C] -- D:\ProgramData\tlniiehxokphywk
[2012/09/02 14:46:41 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Unbae
[2012/09/02 14:46:41 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Pacu
[2012/09/02 14:46:41 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Eded
[2012/08/31 12:21:32 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrokey Manager
[2012/08/25 15:12:51 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012/08/25 06:12:17 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2012/08/25 00:19:57 | 000,226,304 | ---- | C] (RAD Game Tools, Inc.) -- D:\Windows\SysWow64\binkw32.dll
[2012/08/25 00:19:09 | 000,226,304 | ---- | C] (RAD Game Tools, Inc.) -- D:\Windows\System32\binkw32.dll
[2012/08/19 09:17:49 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Common Files\Java
[2012/08/19 09:17:32 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Oracle
[2012/08/19 09:17:14 | 000,772,544 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\npDeployJava1.dll
[2012/08/19 09:17:14 | 000,227,760 | ---- | C] (Oracle Corporation) -- D:\Windows\SysWow64\javaws.exe
[2012/08/18 04:15:09 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Shape games
[2012/08/18 04:15:08 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Success Story
[2012/08/16 14:18:30 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Rockstar Games
[2012/08/16 14:14:52 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/08/15 21:33:17 | 000,503,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\srcore.dll
[2012/08/15 21:33:14 | 000,751,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32spl.dll
[2012/08/15 21:33:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\win32spl.dll
[2012/08/15 21:33:14 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\splwow64.exe
[2012/08/15 21:33:13 | 000,911,360 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2012/08/15 21:33:12 | 000,717,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2012/08/15 21:33:12 | 000,609,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2012/08/15 21:33:09 | 000,073,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\netapi32.dll
[2012/08/15 21:33:09 | 000,059,392 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\browcli.dll
[2012/08/15 21:33:09 | 000,041,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\browcli.dll
[2012/08/15 21:33:01 | 000,627,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2012/08/15 21:32:59 | 000,735,744 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2012/08/15 21:32:59 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2012/08/15 21:32:59 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2012/08/15 21:32:59 | 000,134,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2012/08/15 21:32:59 | 000,132,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2012/08/15 21:32:59 | 000,097,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2012/08/15 21:32:59 | 000,067,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2012/08/15 21:32:54 | 000,956,928 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\localspl.dll
[2012/08/13 06:55:01 | 000,000,000 | ---D | C] -- D:\Users\*****\Documents\MeinSpore-Kreationen
[2012/08/13 06:54:53 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\SPORE
[2012/08/08 09:43:02 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Little Worlds Online
[2012/08/08 09:42:49 | 000,000,000 | ---D | C] -- D:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Color Cross
[2011/12/10 17:30:46 | 000,151,552 | ---- | C] ( ) -- D:\Windows\SysWow64\rsnp2std.dll
[2004/11/24 15:25:52 | 000,335,872 | ---- | C] ( ) -- D:\Windows\SysWow64\drvc.dll
[4 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/05 13:00:02 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2012/09/05 12:59:51 | 535,683,071 | -HS- | M] () -- D:\hiberfil.sys
[2012/09/05 12:58:17 | 000,000,551 | ---- | M] () -- D:\Windows\win.ini
[2012/09/05 12:57:55 | 000,023,080 | ---- | M] (Windows (R) Server 2003 DDK provider) -- D:\Windows\gdrv.sys
[2012/09/05 12:57:42 | 000,000,006 | -H-- | M] () -- D:\Windows\tasks\SA.DAT
[2012/09/05 12:55:11 | 000,000,051 | ---- | M] () -- D:\ProgramData\wptptjfiqdwyltu
[2012/09/05 12:55:07 | 000,105,984 | ---- | M] (Howard Computers) -- D:\Windows\SysWow64\crrss.exe
[2012/09/05 12:55:05 | 000,056,320 | ---- | M] () -- D:\ProgramData\mwdaurnf.exe
[2012/09/05 11:34:00 | 000,000,924 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-565651315-3918952239-1015115147-1009UA.job
[2012/09/05 10:31:00 | 000,001,142 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-565651315-3918952239-1015115147-1000UA.job
[2012/09/05 08:44:25 | 001,613,340 | ---- | M] () -- D:\Windows\System32\PerfStringBackup.INI
[2012/09/05 08:44:25 | 000,696,832 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2012/09/05 08:44:25 | 000,652,150 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2012/09/05 08:44:25 | 000,148,128 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2012/09/05 08:44:25 | 000,121,082 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2012/09/04 19:31:00 | 000,001,120 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-565651315-3918952239-1015115147-1000Core.job
[2012/09/04 14:34:00 | 000,000,902 | ---- | M] () -- D:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-565651315-3918952239-1015115147-1009Core.job
[2012/09/03 10:41:04 | 000,014,192 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 10:41:04 | 000,014,192 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 10:34:48 | 004,984,182 | -H-- | M] () -- D:\Users\*****\AppData\Local\IconCache.db
[2012/08/31 12:21:33 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrokey Manager
[2012/08/29 17:54:40 | 009,631,152 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[2012/08/25 17:44:15 | 000,179,208 | ---- | M] () -- D:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
[2012/08/25 15:40:28 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6
[2012/08/25 15:26:03 | 000,002,465 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2012/08/25 15:26:03 | 000,002,453 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2012/08/25 15:26:03 | 000,001,824 | ---- | M] () -- D:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/08/25 15:26:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2012/08/25 15:21:56 | 000,001,097 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/08/25 15:16:07 | 000,000,997 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012/08/25 06:12:18 | 000,000,760 | ---- | M] () -- D:\Users\Public\Desktop\Sleeping Dogs.lnk
[2012/08/25 06:12:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2012/08/24 23:27:39 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/08/19 09:16:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\javaw.exe
[2012/08/19 09:16:56 | 000,174,064 | ---- | M] (Oracle Corporation) -- D:\Windows\SysWow64\java.exe
[2012/08/18 04:45:34 | 000,001,456 | ---- | M] () -- D:\Users\*****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012/08/18 04:15:08 | 000,000,806 | ---- | M] () -- D:\Users\*****\Desktop\Play Success Story .lnk
[2012/08/17 22:38:42 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/08/16 14:14:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2012/08/12 07:34:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012/08/11 05:57:54 | 000,471,040 | ---- | M] () -- D:\Users\*****\Desktop\julia.indd
[2012/08/10 15:21:56 | 000,479,652 | ---- | M] () -- D:\Users\*****\Desktop\julia.pdf
[2012/08/08 09:42:49 | 000,000,788 | ---- | M] () -- D:\Users\*****\Desktop\Color Cross.lnk
[4 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/09/05 12:55:11 | 000,056,320 | ---- | C] () -- D:\ProgramData\mwdaurnf.exe
[2012/09/05 12:55:06 | 000,000,051 | ---- | C] () -- D:\ProgramData\wptptjfiqdwyltu
[2012/08/31 12:21:09 | 007,329,792 | ---- | C] () -- D:\Windows\System32\WTMKM.exe
[2012/08/25 15:26:03 | 000,001,824 | ---- | C] () -- D:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2012/08/25 15:21:56 | 000,001,097 | ---- | C] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk
[2012/08/25 06:12:18 | 000,000,760 | ---- | C] () -- D:\Users\Public\Desktop\Sleeping Dogs.lnk
[2012/08/18 04:15:08 | 000,000,806 | ---- | C] () -- D:\Users\*****\Desktop\Play Success Story .lnk
[2012/08/10 15:05:53 | 000,479,652 | ---- | C] () -- D:\Users\*****\Desktop\julia.pdf
[2012/08/10 14:48:57 | 000,471,040 | ---- | C] () -- D:\Users\*****\Desktop\julia.indd
[2012/08/08 09:42:49 | 000,000,788 | ---- | C] () -- D:\Users\*****\Desktop\Color Cross.lnk
[2012/04/18 15:59:17 | 000,561,152 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
[2012/04/18 15:59:17 | 000,159,744 | ---- | C] () -- D:\Windows\SysWow64\xvidvfw.dll
[2012/04/18 15:59:17 | 000,135,168 | ---- | C] () -- D:\Windows\SysWow64\DVDIFOFilter.dll
[2012/04/02 17:11:42 | 000,149,504 | ---- | C] () -- D:\Windows\SysWow64\UNWISE.EXE
[2012/04/02 17:11:17 | 000,033,807 | ---- | C] () -- D:\Windows\Irremote.ini
[2012/04/02 17:11:08 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\dmcrypto.dll
[2012/04/02 17:10:39 | 000,000,209 | ---- | C] () -- D:\Windows\ODBCINST.INI
[2012/04/02 17:10:39 | 000,000,135 | ---- | C] () -- D:\Windows\ODBC.INI
[2012/04/02 17:10:38 | 000,217,149 | ---- | C] () -- D:\Windows\SysWow64\hcwChDB.dll
[2012/04/02 16:02:13 | 000,002,081 | ---- | C] () -- D:\Windows\HCWPNP.INI
[2012/03/23 04:20:20 | 000,000,132 | ---- | C] () -- D:\Users\Sina\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/03/09 00:31:26 | 000,204,952 | ---- | C] () -- D:\Windows\SysWow64\ativvsvl.dat
[2012/03/09 00:31:26 | 000,157,144 | ---- | C] () -- D:\Windows\SysWow64\ativvsva.dat
[2012/02/26 22:39:53 | 000,007,597 | ---- | C] () -- D:\Users\*****\AppData\Local\resmon.resmoncfg
[2012/01/31 13:15:42 | 000,974,848 | ---- | C] () -- D:\Windows\SysWow64\cis-2.4.dll
[2012/01/31 13:15:42 | 000,081,920 | ---- | C] () -- D:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/01/31 13:15:42 | 000,065,536 | ---- | C] () -- D:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/01/31 13:15:42 | 000,057,344 | ---- | C] () -- D:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/01/31 01:00:24 | 000,016,896 | ---- | C] () -- D:\Windows\SysWow64\kdbsdk32.dll
[2012/01/30 19:15:44 | 000,030,568 | ---- | C] () -- D:\Windows\MusiccityDownload.exe
[2012/01/09 23:06:32 | 000,001,456 | ---- | C] () -- D:\Users\Sina\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2012/01/02 03:28:42 | 004,659,379 | -H-- | C] () -- D:\Users\Sina\AppData\Local\IconCache.db
[2012/01/02 01:28:58 | 000,179,208 | ---- | C] () -- D:\Users\Sina\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/12/29 14:02:44 | 000,001,456 | ---- | C] () -- D:\Users\*****\AppData\Local\Adobe Für Web speichern 12.0 Prefs
[2011/12/25 18:24:16 | 000,844,288 | ---- | C] () -- D:\Windows\RmTablet.exe
[2011/12/15 12:03:11 | 000,001,456 | ---- | C] () -- D:\Users\*****\AppData\Local\Adobe Für Web speichern 11.0 Prefs
[2011/12/10 17:30:47 | 000,020,480 | ---- | C] () -- D:\Windows\FixCamera.exe
[2011/12/10 17:30:47 | 000,015,497 | ---- | C] () -- D:\Windows\snp2std.ini
[2011/12/10 17:30:46 | 012,028,032 | ---- | C] () -- D:\Windows\SysWow64\drivers\snp2sxp.sys
[2011/12/10 17:30:46 | 000,025,472 | ---- | C] () -- D:\Windows\SysWow64\drivers\sncamd.sys
[2011/11/26 11:23:07 | 000,189,248 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrB.exe
[2011/11/26 11:22:51 | 000,075,136 | ---- | C] () -- D:\Windows\SysWow64\PnkBstrA.exe
[2011/11/25 18:26:07 | 000,032,256 | ---- | C] () -- D:\Windows\SysWow64\AVSredirect.dll
[2011/11/25 18:23:57 | 000,107,520 | RHS- | C] () -- D:\Windows\SysWow64\TAKDSDecoder.dll
[2011/11/13 05:56:56 | 004,984,182 | -H-- | C] () -- D:\Users\*****\AppData\Local\IconCache.db
[2011/10/31 18:23:20 | 000,151,552 | ---- | C] () -- D:\Windows\KMService.exe
[2011/10/31 18:23:20 | 000,008,192 | ---- | C] () -- D:\Windows\SysWow64\srvany.exe
[2011/10/12 21:20:12 | 000,939,934 | -H-- | C] () -- D:\Users\Administrator\AppData\Local\IconCache.db
[2011/10/06 11:41:33 | 000,126,176 | ---- | C] () -- D:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/09/28 12:44:14 | 000,179,271 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- D:\Windows\SysWow64\atipblag.dat
[2011/07/31 06:48:04 | 000,017,408 | ---- | C] () -- D:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/30 06:43:43 | 000,000,173 | ---- | C] () -- D:\Users\*****\AppData\Local\msmathematics.qat.*****
[2011/07/30 04:27:15 | 000,175,616 | ---- | C] () -- D:\Windows\SysWow64\unrar.dll
[2011/07/25 18:24:23 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/07/24 22:01:21 | 001,590,298 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/24 20:06:52 | 000,179,208 | ---- | C] () -- D:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
[2011/07/24 20:06:19 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin
[2011/07/24 19:52:30 | 000,000,010 | ---- | C] () -- D:\Windows\GSetup.ini
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/14 01:32:39 | 000,043,318 | ---- | C] () -- D:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 01:32:39 | 000,029,779 | ---- | C] () -- D:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,489 | ---- | C] () -- D:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,040 | ---- | C] () -- D:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- D:\Windows\msdfmap.ini
[2009/07/13 22:34:57 | 000,000,551 | ---- | C] () -- D:\Windows\win.ini
[2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- D:\Windows\system.ini
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2008/12/19 11:15:58 | 004,338,246 | ---- | C] () -- D:\Windows\SysWow64\libavcodec.dll
[2008/12/17 13:41:18 | 000,884,237 | ---- | C] () -- D:\Windows\SysWow64\ff_x264.dll
[2008/12/17 13:22:58 | 000,093,184 | ---- | C] () -- D:\Windows\SysWow64\ff_wmv9.dll
[2008/12/17 13:22:48 | 000,057,344 | ---- | C] () -- D:\Windows\SysWow64\ff_vfw.dll
[2008/12/17 13:17:34 | 000,239,247 | ---- | C] () -- D:\Windows\SysWow64\ff_theora.dll
[2008/12/17 12:59:54 | 000,560,802 | ---- | C] () -- D:\Windows\SysWow64\libmplayer.dll
[2008/12/11 07:27:02 | 000,000,547 | ---- | C] () -- D:\Windows\SysWow64\ff_vfw.dll.manifest
[2007/06/21 02:34:08 | 000,203,328 | R--- | C] () -- D:\Windows\GSetup.exe
[2006/11/02 12:10:16 | 000,080,912 | ---- | C] () -- D:\Windows\SysWow64\sherlock2.exe
[2004/10/03 13:50:54 | 000,129,024 | ---- | C] () -- D:\Windows\SysWow64\ff_mpeg2enc.dll
 
========== LOP Check ==========
 
[2012/04/16 15:29:28 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD
[2011/07/24 19:14:17 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/10/14 14:15:30 | 000,000,000 | ---D | M] -- D:\ProgramData\Codemasters
[2012/03/12 16:29:37 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2011/12/01 16:01:40 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Pro
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/07/24 19:14:17 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/10/15 08:51:58 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Core
[2012/02/29 14:36:40 | 000,000,000 | ---D | M] -- D:\ProgramData\EA Logs
[2011/10/15 08:51:58 | 000,000,000 | ---D | M] -- D:\ProgramData\Electronic Arts
[2012/06/14 12:18:15 | 000,000,000 | ---D | M] -- D:\ProgramData\EPSON
[2011/07/24 19:14:17 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/12/31 08:55:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Graboid Inc
[2012/03/25 18:53:54 | 000,000,000 | ---D | M] -- D:\ProgramData\install_clap
[2011/10/01 11:42:50 | 000,000,000 | ---D | M] -- D:\ProgramData\KONAMI
[2011/10/26 18:23:20 | 000,000,000 | ---D | M] -- D:\ProgramData\Nitro PDF
[2012/02/27 13:12:57 | 000,000,000 | ---D | M] -- D:\ProgramData\Origin
[2012/03/25 18:57:11 | 000,000,000 | ---D | M] -- D:\ProgramData\PDVD
[2011/07/31 06:45:10 | 000,000,000 | ---D | M] -- D:\ProgramData\Pictomio
[2012/08/25 17:45:05 | 000,000,000 | ---D | M] -- D:\ProgramData\regid.1986-12.com.adobe
[2011/10/29 16:41:45 | 000,000,000 | ---D | M] -- D:\ProgramData\RELOADED
[2012/08/15 21:19:37 | 000,000,000 | ---D | M] -- D:\ProgramData\Rockstar Games
[2012/03/24 23:35:01 | 000,000,000 | ---D | M] -- D:\ProgramData\Samsung
[2011/10/15 08:33:33 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/07/24 19:14:17 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/01/13 13:14:43 | 000,000,000 | ---D | M] -- D:\ProgramData\Tablet
[2012/03/25 18:53:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Temp
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2012/09/05 12:55:11 | 000,000,000 | ---D | M] -- D:\ProgramData\tlniiehxokphywk
[2011/11/26 11:27:46 | 000,000,000 | ---D | M] -- D:\ProgramData\Ubisoft
[2011/07/24 19:14:17 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/09/04 19:31:00 | 000,001,120 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-565651315-3918952239-1015115147-1000Core.job
[2012/09/05 10:31:00 | 000,001,142 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-565651315-3918952239-1015115147-1000UA.job
[2012/09/04 14:34:00 | 000,000,902 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-565651315-3918952239-1015115147-1009Core.job
[2012/09/05 11:34:00 | 000,000,924 | ---- | M] () -- D:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-565651315-3918952239-1015115147-1009UA.job
[2012/06/02 18:03:23 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >

Die Extras.txt - Datei:

Code:

ATTFilter

OTL Extras logfile created on: 9/5/2012 8:36:04 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.18 Mb Free Space | 74.18% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 6.37 Gb Free Space | 6.53% Space Free | Partition Type: NTFS
Drive E: | 833.76 Gb Total Space | 41.02 Gb Free Space | 4.92% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- D:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L" File not found
Directory [Browse with &IrfanView] -- "D:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe "%L"
Directory [Browse with &IrfanView] -- "D:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs"
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009D7870-4AA2-4852-BD59-BF17FE365137}" = Solid Edge ST
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{11937E46-490B-41A2-9ED4-78304DB56C1F}" = Media Preview
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1" = Hear
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In 
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"EPSON PX730 Series" = EPSON PX730 Series Printer Uninstall
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.9.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"RmTablet" = Tablet Driver With Macrokey Manager
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{009D7870-4AA2-4852-BD59-BF17FE365137}" = Solid Edge ST
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{11937E46-490B-41A2-9ED4-78304DB56C1F}" = Media Preview
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416026FF}" = Java(TM) 6 Update 26 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E341B88-61A8-4C28-A3F0-9021898AD3C2}_is1" = Hear
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{537056B7-32A4-4408-9B54-0341963C7C9C}" = UltraMon
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B0C6CCC9-0BAB-4636-A06F-B43B6FBC25DF}" = Motorola Mobile Drivers Installation 5.4.0
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In 
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"EPSON PX730 Series" = EPSON PX730 Series Printer Uninstall
"KLiteCodecPack64_is1" = K-Lite Codec Pack 5.9.0 (64-bit)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"RmTablet" = Tablet Driver With Macrokey Manager
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\*****_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"DeskSpace" = DeskSpace 1.5.8.12 Trial
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
"Kies Air Discovery Service" = Kies Air Discovery Service
"XBMC" = XBMC
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Sina_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
 
< End of report >

t'john · 06.09.2012, 03:07

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!

Code:

ATTFilter

:OTL
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: File not found 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Acrobat: File not found 
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - File not found 
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - File not found 
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKU\*****_ON_D\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O3 - HKU\Sina_ON_D\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) 
O4 - HKLM..\Run: [] File not found 
O4 - HKLM..\Run: [Acrobat Assistant 8.0] File not found 
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] File not found 
O4 - HKU\*****_ON_D..\Run: [AdobeBridge] File not found 
O4 - HKU\*****_ON_D..\Run: [Kaunby] D:\Users\*****\AppData\Roaming\Eded\faurl.exe () 
O4 - HKU\*****_ON_D..\Run: [mwdaurnfotumngb] D:\ProgramData\mwdaurnf.exe () 
O4 - HKU\Sina_ON_D..\Run: [AdobeBridge] File not found 
O4 - HKU\Sina_ON_D..\Run: [Epson Stylus Photo PX730(Netzwerk)] File not found 
O4 - HKU\Sina_ON_D..\Run: [EPSON4B4B95 (Epson Stylus Photo PX730)] File not found 
O4 - HKU\Sina_ON_D..\Run: [Switcher] File not found 
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found 
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found 
O4 - HKU\Sina_ON_D..\RunOnce: [FlashPlayerUpdate] File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found 
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found 
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) 
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Reg Error: Key error.) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) 
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) 
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found 
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] 
O33 - MountPoints2\{ded5a911-b725-11e0-9e05-00241d7f2184}\Shell - "" = AutoRun 
O33 - MountPoints2\{ded5a911-b725-11e0-9e05-00241d7f2184}\Shell\AutoRun\command - "" = F:\setup.exe 
O34 - HKLM BootExecute: (autocheck autochk *) - File not found 
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found 
[2012/09/05 13:00:17 | 000,105,984 | ---- | C] (Howard Computers) -- D:\Windows\SysWow64\crrss.exe 
[4 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ] 
[2012/09/05 12:55:05 | 000,056,320 | ---- | M] () -- D:\ProgramData\mwdaurnf.exe 

[2012/09/05 12:55:11 | 000,000,000 | ---D | C] -- D:\ProgramData\tlniiehxokphywk 
[2012/09/05 12:55:11 | 000,000,051 | ---- | M] () -- D:\ProgramData\wptptjfiqdwyltu 

:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP


ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

t'john · 26.10.2012, 02:44

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

GEMA-Trojaner 2.08, bereits OTLPE-Logfile erstellt

Log-Analyse und Auswertung: GEMA-Trojaner 2.08, bereits OTLPE-Logfile erstellt