Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: explorer.exe infected

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 28.08.2010, 21:22   #1
magy
 
explorer.exe infected - Standard

explorer.exe infected



Hallo Zusammen,

mein Explorer stürzt seit ein paar Tagen des öfteren ab.
Ich habe die explorer.exe bei Virustotal gecheckt und 3 von den 41 sagen infected/modified.

VirusTotal - Free Online Virus, Malware and URL Scanner

Hijack logfile:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:02:57, on 28.08.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\DAEMON Tools Net\DTAgent.exe
C:\Program Files (x86)\Logitech\G35\G35.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:6522
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Tango - {5FBA0E3E-786B-42EE-B8C0-2ADB116384C9} - C:\Windows\SysWow64\3a78.dll (file missing)
O3 - Toolbar: Nero Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Logitech G35] C:\Program Files (x86)\Logitech\G35\G35.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Net Agent] "C:\Program Files (x86)\DAEMON Tools Net\DTAgent.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\SysWow64\DreamScene.dll (file missing)
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: DTNetService - DT Soft Ltd - C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Fax - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files (x86)\Norton AntiVirus\Engine\17.0.0.136\ccSvcHst.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Unknown owner - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9961 bytes
         
--- --- ---

bin um jeden tipp dankbar!!

Alt 28.08.2010, 21:54   #2
Chris4You
 
explorer.exe infected - Standard

explorer.exe infected



Hi,

ist das in 64-Bit System? Da gibt es wenige Tools die richtig funktionieren...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt (OTL.TXT und EXTRAS.TXT)
  • Poste die Logfiles hier in den Thread

Wobei stürzt der Explorer ab, wenn Du Verzeichniss aufrufst in denen Bilder/Videos liegen?

chris
__________________

__________________

Alt 28.08.2010, 22:15   #3
magy
 
explorer.exe infected - Standard

explorer.exe infected



Danke für die rasche Antwort.
Grundsätzlich kann ich nicht sagen wann ist immer verschieden.
Allerdings wenn ich der Logitech Setpoint auf Update prüfen klicke stürtz er auch ab und dort immer.

Aber ist das normal das der Virustotalcheck Trojaner bzw Malware anzeigt in dieser exe Datei??

Es ist ein 64 Bit System.
Malwarebytes hab ich schon zich mal drüber laufen lassen hat nicht gebracht.

OTL Logfile: OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.08.2010 22:11:40 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\magy\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.21 Gb Total Space | 39.59 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 13.40 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAGY-PC
Current User Name: magy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\magy\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DAEMON Tools Net\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\magy\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (DTNetService) -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe (DT Soft Ltd)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Inc)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (dtcdrom) -- C:\Windows\SysWOW64\drivers\dtcdrom.sys (Disc-Soft)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 C1 35 FA 83 55 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.the-sealanders.ch/paintball/index.php"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.08.22 19:33:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.28 15:42:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.28 15:42:59 | 000,000,000 | ---D | M]
 
[2009.10.26 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Extensions
[2009.10.26 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.08.28 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Firefox\Profiles\2lq04ze3.default\extensions
[2010.03.27 17:08:46 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\magy\AppData\Roaming\mozilla\Firefox\Profiles\2lq04ze3.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.08.28 19:01:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.25 14:01:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.28 15:50:17 | 000,001,820 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0 more lines...
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {5FBA0E3E-786B-42EE-B8C0-2ADB116384C9} - C:\Windows\SysWow64\3a78.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWow64\DreamScene.dll File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.28 15:38:31 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12139b68-1bdf-11df-b05d-002354078035}\Shell - "" = AutoRun
O33 - MountPoints2\{12139b68-1bdf-11df-b05d-002354078035}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d6b503d3-f32b-11de-96df-002354078035}\Shell - "" = AutoRun
O33 - MountPoints2\{d6b503d3-f32b-11de-96df-002354078035}\Shell\AutoRun\command - "" = G:\STEAMBACKUP.EXE -- File not found
O33 - MountPoints2\{dd9cd1a0-ae10-11df-9d89-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9cd1a0-ae10-11df-9d89-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.28 22:10:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\magy\Desktop\OTL.exe
[2010.08.28 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\CrashDumps
[2010.08.28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Backup
[2010.08.28 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C-CHANNEL
[2010.08.28 19:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.08.28 17:09:53 | 000,000,000 | ---D | C] -- C:\Users\magy\Documents\Anti-Malware
[2010.08.28 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.08.28 16:33:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.08.28 16:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.08.28 16:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010.08.28 16:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.08.28 15:48:48 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010.08.28 15:37:37 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.08.27 17:55:29 | 000,000,000 | ---D | C] -- C:\ProgramData\{ECC164E0-3133-4C70-A831-F08DB2940F70}
[2010.08.27 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Malwarebytes
[2010.08.27 17:44:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.27 17:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.27 16:10:46 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Logishrd
[2010.08.27 16:10:17 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.08.27 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.08.27 16:09:04 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.08.27 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2010.08.27 16:05:42 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Logishrd
[2010.08.27 12:41:37 | 000,000,000 | ---D | C] -- C:\AdobeTemp
[2010.08.27 11:55:41 | 000,234,048 | ---- | C] (Disc-Soft) -- C:\Windows\SysWow64\drivers\dtcdrom.sys
[2010.08.26 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.08.26 18:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.08.25 14:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.08.25 14:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.08.25 14:01:28 | 000,423,656 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.08.25 14:01:28 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.08.25 14:01:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.08.25 14:01:28 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\magy\Documents\StarCraft II
[2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.08.25 11:06:20 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.08.24 16:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.08.24 16:00:13 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.08.24 16:00:13 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.08.24 16:00:13 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.08.24 16:00:13 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.08.24 16:00:12 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.08.24 16:00:12 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.08.24 16:00:12 | 000,382,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010.08.24 16:00:12 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010.08.24 16:00:10 | 012,471,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.08.24 16:00:10 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.08.24 16:00:10 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.08.24 16:00:10 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.08.24 16:00:10 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.08.24 16:00:09 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.08.24 16:00:09 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.08.24 16:00:09 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.08.24 16:00:09 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.08.24 16:00:09 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.08.24 16:00:09 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010.08.24 16:00:09 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.08.23 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\id Software
[2010.08.23 20:34:47 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010.08.22 19:51:37 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.08.22 19:36:41 | 000,000,000 | ---D | C] -- C:\Users\magy\Adobe Flash Builder 4
[2010.08.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010.08.22 19:30:05 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010.08.22 19:30:05 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010.08.22 19:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010.08.22 18:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Net
[2010.08.22 18:54:51 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Net
[2010.08.22 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\DAEMON Tools Net
[2010.08.14 17:10:21 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Sunbelt Software
[2010.08.14 17:09:43 | 000,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.08.14 16:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.08.14 12:24:43 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\tysepamao
[2010.08.14 12:24:41 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\xydepqlqn
[2010.08.14 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Windows Server
[2010.08.14 12:24:25 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\E489084B2DBCBD550FA6616675C2950C
[2010.08.11 17:51:08 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.11 17:50:57 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.11 17:50:57 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.11 17:50:57 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.11 17:50:57 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.11 17:50:56 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.11 17:50:56 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.11 17:50:52 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.11 17:50:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.11 17:50:50 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.11 17:50:49 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.11 17:50:49 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.28 22:13:13 | 008,126,464 | -HS- | M] () -- C:\Users\magy\ntuser.dat
[2010.08.28 20:34:27 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.28 20:34:27 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.28 20:28:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.28 20:28:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.28 20:28:16 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.28 20:27:23 | 001,971,437 | -H-- | M] () -- C:\Users\magy\AppData\Local\IconCache.db
[2010.08.28 20:21:21 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini
[2010.08.28 20:21:16 | 000,000,231 | ---- | M] () -- C:\Users\Public\Documents\PreUnInstall4Backup20100828_202116.zip
[2010.08.28 16:11:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.08.28 15:38:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.08.27 16:43:20 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\magy\Desktop\OTL.exe
[2010.08.27 16:10:17 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.08.27 15:58:32 | 004,984,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.27 14:54:08 | 000,112,160 | ---- | M] () -- C:\Users\magy\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010.08.27 11:55:41 | 000,234,048 | ---- | M] (Disc-Soft) -- C:\Windows\SysWow64\drivers\dtcdrom.sys
[2010.08.27 00:29:20 | 000,310,784 | ---- | M] () -- C:\Users\magy\Documents\Polterabend.doc
[2010.08.26 18:10:33 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.26 18:10:33 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.26 18:10:33 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.26 18:10:33 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.26 18:10:33 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.25 12:43:00 | 000,000,568 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.08.25 12:28:57 | 000,000,376 | ---- | M] () -- C:\Users\magy\Desktop\Wolfenstein™.lnk
[2010.08.25 12:28:54 | 000,000,376 | ---- | M] () -- C:\Users\magy\Desktop\Wolfenstein™ MP.lnk
[2010.08.25 12:27:06 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.23 20:43:40 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.23 20:43:28 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.22 18:55:44 | 000,502,256 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.08.16 19:50:17 | 000,028,160 | ---- | M] () -- C:\Users\magy\Documents\Kündigung.doc
[2010.08.16 19:50:03 | 000,185,149 | ---- | M] () -- C:\Users\magy\Documents\Kündigung.pdf
[2010.08.14 17:09:43 | 000,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.08.14 16:29:33 | 000,003,080 | ---- | M] () -- C:\Users\magy\Documents\cc_20100814_162929.reg
[2010.08.12 19:19:26 | 000,004,096 | -H-- | M] () -- C:\Users\magy\AppData\Local\keyfile3.drm
[2010.08.12 19:17:25 | 001,532,859 | ---- | M] () -- C:\Users\magy\Documents\Bewerbung.pdf
[2010.08.12 19:17:16 | 002,858,496 | ---- | M] () -- C:\Users\magy\Documents\Bewerbung.doc
[2010.08.12 19:12:16 | 000,520,644 | ---- | M] () -- C:\Users\magy\Documents\Arbeitszeugnis M.Hügli.jpg
[2010.08.06 13:53:49 | 001,532,040 | ---- | M] () -- C:\Users\magy\Documents\Fähigkeitsausweis.jpg
[2010.08.06 13:51:02 | 001,445,000 | ---- | M] () -- C:\Users\magy\Documents\Schulzeugniss.jpg
[2010.08.06 13:39:36 | 000,445,840 | ---- | M] () -- C:\Users\magy\Documents\Arbeitszeugniss W.Hügli.jpg
[2010.08.05 16:43:55 | 000,011,159 | ---- | M] () -- C:\Users\magy\Documents\Haushaltsgeld.xlsx
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.28 20:21:16 | 000,000,231 | ---- | C] () -- C:\Users\Public\Documents\PreUnInstall4Backup20100828_202116.zip
[2010.08.28 16:11:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.08.28 15:38:31 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010.08.27 00:29:19 | 000,310,784 | ---- | C] () -- C:\Users\magy\Documents\Polterabend.doc
[2010.08.25 12:28:57 | 000,000,376 | ---- | C] () -- C:\Users\magy\Desktop\Wolfenstein™.lnk
[2010.08.25 12:28:54 | 000,000,376 | ---- | C] () -- C:\Users\magy\Desktop\Wolfenstein™ MP.lnk
[2010.08.25 12:12:13 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.23 20:43:28 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.16 19:50:03 | 000,185,149 | ---- | C] () -- C:\Users\magy\Documents\Kündigung.pdf
[2010.08.14 16:29:31 | 000,003,080 | ---- | C] () -- C:\Users\magy\Documents\cc_20100814_162929.reg
[2010.08.12 19:19:26 | 000,004,096 | -H-- | C] () -- C:\Users\magy\AppData\Local\keyfile3.drm
[2010.08.12 19:13:47 | 000,520,644 | ---- | C] () -- C:\Users\magy\Documents\Arbeitszeugnis M.Hügli.jpg
[2010.08.06 14:06:53 | 000,028,160 | ---- | C] () -- C:\Users\magy\Documents\Kündigung.doc
[2010.08.06 13:57:35 | 001,532,859 | ---- | C] () -- C:\Users\magy\Documents\Bewerbung.pdf
[2010.08.06 13:52:34 | 001,532,040 | ---- | C] () -- C:\Users\magy\Documents\Fähigkeitsausweis.jpg
[2010.08.06 13:50:40 | 001,445,000 | ---- | C] () -- C:\Users\magy\Documents\Schulzeugniss.jpg
[2010.08.06 13:39:47 | 000,445,840 | ---- | C] () -- C:\Users\magy\Documents\Arbeitszeugniss W.Hügli.jpg
[2010.08.06 13:15:48 | 002,858,496 | ---- | C] () -- C:\Users\magy\Documents\Bewerbung.doc
[2010.08.05 16:09:18 | 000,011,159 | ---- | C] () -- C:\Users\magy\Documents\Haushaltsgeld.xlsx
[2010.07.03 15:57:53 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll
[2010.07.03 15:57:19 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2010.07.03 15:57:19 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
[2010.04.09 22:54:23 | 000,003,584 | ---- | C] () -- C:\Users\magy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.09 20:05:14 | 000,000,600 | ---- | C] () -- C:\Users\magy\AppData\Roaming\winscp.rnd
[2009.12.28 02:26:05 | 000,000,568 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.27 13:35:33 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2009.12.03 19:36:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.12.03 19:36:15 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.12.02 13:13:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.12.02 13:13:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.11.24 22:26:12 | 000,001,609 | ---- | C] () -- C:\ProgramData\afl.log
[2009.11.16 16:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2009.10.27 08:19:44 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2009.10.27 08:19:44 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2009.10.27 08:19:44 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009.10.27 08:08:46 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.25 20:25:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.10.25 20:01:50 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll
[2009.10.25 19:49:00 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.10.25 18:19:11 | 000,292,878 | ---- | C] () -- C:\ProgramData\{DD247A2D-B6A4-4FB4-A0DC-3DF2797CEBBB}production_install_pkg.ico
[2009.10.25 18:19:11 | 000,068,724 | ---- | C] () -- C:\ProgramData\{DD247A2D-B6A4-4FB4-A0DC-3DF2797CEBBB}aul.xml
[2009.10.25 18:19:11 | 000,014,628 | ---- | C] () -- C:\ProgramData\{DD247A2D-B6A4-4FB4-A0DC-3DF2797CEBBB}banner.png
[2009.10.25 18:19:11 | 000,012,158 | ---- | C] () -- C:\ProgramData\{DD247A2D-B6A4-4FB4-A0DC-3DF2797CEBBB}application.sif
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
         
--- --- ---


Extras Logfile: OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 28.08.2010 22:11:40 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\magy\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.21 Gb Total Space | 39.59 Gb Free Space | 21.26% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 13.40 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: MAGY-PC
Current User Name: magy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.js [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.txt [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"AntiSpyWareDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D01D10FC-9454-4C51-9A31-34F9FC1EFFCF}" = Logitech G35
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.15
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 21
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3516C69A-024D-42A8-B948-FFAA7B9CC49A}" = Windows SideShow Managed Runtime 1.0
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DCF21FE-A8CB-41DE-AEA3-D5FBEF108CD5}" = Microsoft Office Outlook-Minianwendungen für Windows SideShow
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FBA0E3E-786B-42EE-B8C0-2ADB116384C9}" = Tango
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_VISPRO_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_VISPRO_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_VISPRO_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0407-0000-0000000FF1CE}" = Microsoft Office Visio MUI (German) 2007
"{90120000-0054-0407-0000-0000000FF1CE}_VISPRO_{60CC0F2D-BFA0-4851-903D-809D876DD87B}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_VISPRO_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3CA9611-CD42-4562-ADAB-A554CF8E17F1}" = Microsoft WSE 2.0 SP3 Runtime
"{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-09-21 16:18
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FileZilla Client" = FileZilla Client 3.3.2.1
"HelixYUVCodecs" = Helix YUV Codecs (remove only)
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}" = Wolfenstein
"LimeWire" = LimeWire PRO 5.3.6
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 220" = Half-Life 2
"Steam App 320" = Half-Life 2: Deathmatch
"Steam App 340" = Half-Life 2: Lost Coast
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trapcode 3DStroke" = Trapcode 3DStroke
"Trapcode Form" = Trapcode Form
"Trapcode Lux" = Trapcode Lux
"Trapcode Particular v2" = Trapcode Particular v2
"Trapcode Shine" = Trapcode Shine
"Trapcode Starglow" = Trapcode Starglow
"VISPRO" = Microsoft Office Visio Professional 2007
"VLC media player" = VLC media player 1.0.3
"Xvid_is1" = Xvid 1.2.2 final uninstall
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 28.08.2010 10:52:34 | Computer Name = magy-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 28.08.2010 10:52:48 | Computer Name = magy-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
 
Error - 28.08.2010 10:52:48 | Computer Name = magy-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 28.08.2010 12:50:18 | Computer Name = magy-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
 
Error - 28.08.2010 12:50:18 | Computer Name = magy-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 28.08.2010 12:50:19 | Computer Name = magy-PC | Source = Outlook | ID = 34
Description = Fehler beim Abrufen des Crawlbereichs-Managers. Fehler=0x8007043c.
 
Error - 28.08.2010 12:50:19 | Computer Name = magy-PC | Source = Outlook | ID = 35
Description = Fehler beim Bestimmen, ob sich der Speicher im Crawlbereich befindet
 (Fehler=0x8007043c).
 
Error - 28.08.2010 14:25:51 | Computer Name = magy-PC | Source = MsiInstaller | ID = 11905
Description = 
 
Error - 28.08.2010 14:47:25 | Computer Name = magy-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\program files
 (x86)\activision\wolfenstein\MP\serverlauncher.exe". Fehler in  Manifest- oder Richtliniendatei
 "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt
 mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.
Komponente
 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.
 
Error - 28.08.2010 15:16:32 | Computer Name = magy-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Name des fehlerhaften Moduls: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aebab8d  Ausnahmecode: 0xc000041d  Fehleroffset: 0x000000000002cc2b
ID
 des fehlerhaften Prozesses: 0x530  Startzeit der fehlerhaften Anwendung: 0x01cb46ded334bd20
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 C:\Windows\Explorer.EXE  Berichtskennung: c3ec9ca0-b2d8-11df-b202-002354078035
 
[ System Events ]
Error - 28.08.2010 14:12:00 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 28.08.2010 14:13:24 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
Error - 28.08.2010 14:20:52 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 28.08.2010 14:28:11 | Computer Name = magy-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\drivers\SBREdrv.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 28.08.2010 14:28:32 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SpyHunter 4 Service" wurde aufgrund folgenden Fehlers 
nicht gestartet:   %%2
 
Error - 28.08.2010 14:29:21 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows CardSpace erreicht.
 
Error - 28.08.2010 14:29:21 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows CardSpace" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 28.08.2010 14:29:26 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Nero BackItUp Scheduler 4.0" wurde aufgrund folgenden 
Fehlers nicht gestartet:   %%2
 
Error - 28.08.2010 14:30:49 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Diagnosediensthost" wurde nicht richtig gestartet.
 
Error - 28.08.2010 14:30:49 | Computer Name = magy-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   SBRE
 
[ TuneUp Events ]
Error - 22.02.2010 15:22:43 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 22.02.2010 15:22:43 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 22.02.2010 15:23:18 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 22.02.2010 15:23:18 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
Error - 22.02.2010 15:23:18 | Computer Name = magy-PC | Source = TuneUp.UtilitiesSvc | ID = 300
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 28.08.2010, 22:22   #4
magy
 
explorer.exe infected - Standard

explorer.exe infected



hxxp://www.virustotal.com/file-scan/report.html?id=958e0d171dec9bc374328f94988b36e8a39433948a661e7c7538c1af0586bdf2-1283007451

Sieh dir das mal an

Hier trotzdem noch die Malwarebytes Logfile:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4495

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.08.2010 22:23:36
mbam-log-2010-08-28 (22-23-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 137898
Laufzeit: 3 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 28.08.2010, 22:35   #5
Chris4You
 
explorer.exe infected - Standard

explorer.exe infected



Hi,

was hast Du von Sunbelt drauf, und was sagt MAM?

Einer der Fehler im Log weist einen sunbelt-treiber aus:
Zitat:
Error - 28.08.2010 14:28:11 | Computer Name = magy-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\system32\drivers\SBREdrv.sys
nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
des Treibers zu erhalten.
Das hier gefällt mir nicht:
[2010.08.14 12:24:43 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\tysepamao
[2010.08.14 12:24:41 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\xydepqlqn

[2009.12.27 13:35:33 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik



Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“
    und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\SysWow64\pbsvc.exe
(Wahrscheinlich punkbuster!)
C:\ProgramData\xqkcebzs.dik
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfügen.
  • Wichtig: Auch die Größenangabe sowie den HASH mit kopieren!

War der Rechner schon mal verseucht?
Poste bitte mal die Ergebnisse von virustotal (vom explorer.exe)...

Lass MAM bitte mal (wenn nicht schon durch) im Fullscan-modus los...

chris

__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Geändert von Chris4You (28.08.2010 um 22:51 Uhr)

Alt 28.08.2010, 22:53   #6
magy
 
explorer.exe infected - Standard

explorer.exe infected



pbsvc ja das ist punkbusterservice und der ist laut VT clean.
die andere datei ist laut VT auch clean.
Die explorer.exe Logfile von VT von heute nachmittag:

Zitat:
AhnLab-V3 2010.08.29.00 2010.08.28 -
AntiVir 8.2.4.46 2010.08.28 -
Antiy-AVL 2.0.3.7 2010.08.26 -
Authentium 5.2.0.5 2010.08.28 -
Avast 4.8.1351.0 2010.08.28 -
Avast5 5.0.594.0 2010.08.28 Win32:Bamital-X
AVG 9.0.0.851 2010.08.28 -
BitDefender 7.2 2010.08.28 -
CAT-QuickHeal 11.00 2010.08.28 -
ClamAV 0.96.2.0-git 2010.08.28 -
Comodo 5888 2010.08.28 -
DrWeb 5.0.2.03300 2010.08.28 -
Emsisoft 5.0.0.37 2010.08.28 -
eSafe 7.0.17.0 2010.08.26 -
eTrust-Vet 36.1.7823 2010.08.27 -
F-Prot 4.6.1.107 2010.08.28 -
F-Secure 9.0.15370.0 2010.08.28 -
Fortinet 4.1.143.0 2010.08.28 -
GData 21 2010.08.28 -
Ikarus T3.1.1.88.0 2010.08.28 -
Jiangmin 13.0.900 2010.08.28 -
Kaspersky 7.0.0.125 2010.08.28 -
McAfee 5.400.0.1158 2010.08.28 -
McAfee-GW-Edition 2010.1B 2010.08.28 -
Microsoft 1.6103 2010.08.28 -
NOD32 5404 2010.08.28 -
Norman 6.05.11 2010.08.28 -
nProtect 2010-08-28.01 2010.08.28 -
PCTools 7.0.3.5 2010.08.28 -
Prevx 3.0 2010.08.28 -
Rising 22.62.05.03 2010.08.28 -
Sophos 4.56.0 2010.08.28 -
Sunbelt 6806 2010.08.28 -
SUPERAntiSpyware 4.40.0.1006 2010.08.28 -
Symantec 20101.1.1.7 2010.08.28 WS.Reputation.1
TheHacker 6.5.2.1.356 2010.08.26 -
TrendMicro 9.120.0.1004 2010.08.28 -
TrendMicro-HouseCall 9.120.0.1004 2010.08.28 -
VBA32 3.12.14.0 2010.08.27 -
ViRobot 2010.8.28.4013 2010.08.28 Win32.Patched.AF
VirusBuster 5.0.27.0 2010.08.27 -
Additional information
Show all
MD5 : 5c8ec18438b0709795683256c5deca4d
SHA1 : c9bc24ca2795f1aef9bab168fccf4589a04327f6
SHA256: 958e0d171dec9bc374328f94988b36e8a39433948a661e7c7538c1af0586bdf2


Sunbelt sagt mir nichts. Hab auf dem Computer auch nichts gefunden unter diesem Namen. Wie kann ich vorgehen??

Alt 28.08.2010, 22:54   #7
magy
 
explorer.exe infected - Standard

explorer.exe infected



hat sunbelt vielleicht was mit java zu tun??

Alt 28.08.2010, 22:57   #8
magy
 
explorer.exe infected - Standard

explorer.exe infected



habe diese

[2010.08.14 12:24:43 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\tysepamao
[2010.08.14 12:24:41 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\xydepqlqn

[2009.12.27 13:35:33 | 000,005,052 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik

files gelöscht.

die mam logfile habe ich oben ja gepostet und so wie ich das verstehe gab es keine Funde

Alt 28.08.2010, 23:05   #9
Chris4You
 
explorer.exe infected - Standard

explorer.exe infected



Hi,

firewall sunbelt keriko etc....

Hast Du MAM mal im Fullscanmodus loslegen lassen?

CF läuft leider nicht auf 64Bit... An einen Explorer-patch glaube ich eigentlich nicht...

Mal sehen:
Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jpshortstuff/SystemLook.exe
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
  • Vista-User mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code:
ATTFilter
:filefind
explorer.exe
         
  • Klicke nun auf den Button Look, um den Scan zu starten.
Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Prevx:
Das Tool neigt zu Fehlalarmen und kann in der freien Version auch nichts löschen, ist aber sonst recht gut... (und läuft auch 64Bit-Plattformen)
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 28.08.2010, 23:17   #10
magy
 
explorer.exe infected - Standard

explorer.exe infected



SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 23:15 on 28/08/2010 by magy (Administrator - Elevation successful)

========== filefind ==========

Searching for "explorer.exe"
C:\Windows\explorer.exe --a--- 2870272 bytes [18:23 26/01/2010] [06:34 31/10/2009] 5C8EC18438B0709795683256C5DECA4D
C:\Windows\System32\explorer.exe --a--- 2614272 bytes [18:23 26/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\SysWOW64\explorer.exe --a--- 2614272 bytes [18:23 26/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe --a--- 2868224 bytes [23:56 13/07/2009] [01:39 14/07/2009] C235A51CB740E45FFA0EBFB9BAFCDA64
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe --a--- 2868224 bytes [15:05 25/10/2009] [06:17 03/08/2009] F170B4A061C9E026437B193B4D571799
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe --a--- 2870272 bytes [18:23 26/01/2010] [06:34 31/10/2009] 9AAAEC8DAC27AA17B053E6352AD233AE
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe --a--- 2868224 bytes [15:05 25/10/2009] [06:19 03/08/2009] 700073016DAC1C3D2E7E2CE4223334B6
C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe --a--- 2870272 bytes [18:23 26/01/2010] [06:38 31/10/2009] B8EC4BD49CE8F6FC457721BFC210B67F
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe --a--- 2613248 bytes [23:41 13/07/2009] [01:14 14/07/2009] 15BC38A7492BEFE831966ADB477CF76F
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe --a--- 2613248 bytes [15:05 25/10/2009] [05:35 03/08/2009] B95EEB0F4E5EFBF1038A35B3351CF047
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe --a--- 2614272 bytes [18:23 26/01/2010] [05:45 31/10/2009] 2626FC9755BE22F805D3CFA0CE3EE727
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe --a--- 2613248 bytes [15:05 25/10/2009] [05:49 03/08/2009] 9FF6C4C91A3711C0A3B18F87B08B518D
C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe --a--- 2614272 bytes [18:23 26/01/2010] [06:00 31/10/2009] C76153C7ECA00FA852BB0C193378F917

-=End Of File=-

Alt 28.08.2010, 23:24   #11
magy
 
explorer.exe infected - Standard

explorer.exe infected





was von sunbelt drauf ist find ich nicht raus

ja Mam lief gestern im Fullscanmodus und hat nichts gefunden. die ist allerdings von heute und war nur ein kleiner scan

Alt 28.08.2010, 23:38   #12
Chris4You
 
explorer.exe infected - Standard

explorer.exe infected



Hi,

die Prevx-Meldung hätte gereicht ;o)

Was macht der Rest?

Customscan mit OTL:

* Starte bitte die OTL.exe.
Vista/Win7-User mit Rechtsklick "als Administrator starten"
* Kopiere nun den Inhalt in die Textbox.


Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
mv61xx.sys
/md5stop
c:\windows\system32\drivers\*.sys /lockedfiles
c:\windows\system32\*.dll /lockedfiles
%systemroot%\*. /mp /s
%PROGRAMFILES%\*.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
         
* Schliesse bitte nun alle Programme. (Wichtig)
* Klicke nun bitte auf den Quick Scan Button.
* Klick auf OK .
* Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Alt 28.08.2010, 23:52   #13
magy
 
explorer.exe infected - Standard

explorer.exe infected



scan ist am laufen. welchen rest meinst du?

Alt 29.08.2010, 00:07   #14
magy
 
explorer.exe infected - Standard

explorer.exe infected



OTL Logfile:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 28.08.2010 23:49:57 - Run 3
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\magy\Desktop\Malware
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 78.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186.21 Gb Total Space | 40.20 Gb Free Space | 21.59% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 13.40 Gb Free Space | 5.76% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive K: | 465.76 Gb Total Space | 26.05 Gb Free Space | 5.59% Space Free | Partition Type: NTFS
 
Computer Name: MAGY-PC
Current User Name: magy
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\magy\Desktop\Malware\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\DAEMON Tools Net\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\magy\Desktop\Malware\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AEADIFilters) -- C:\Windows\SysNative\AEADISRV.EXE (Andrea Electronics Corporation)
SRV - (DTNetService) -- C:\Program Files (x86)\DAEMON Tools Net\DTNetSrv.exe (DT Soft Ltd)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (pxscan) -- C:\Windows\SysNative\drivers\pxscan.sys File not found
DRV:64bit: - (pxrts) -- C:\Windows\SysNative\drivers\pxrts.sys File not found
DRV:64bit: - (pxkbf) -- C:\Windows\SysNative\drivers\pxkbf.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (SBRE) -- C:\Windows\SysNative\drivers\SBREDrv.sys (Sunbelt Software)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (ADIHdAudAddService) -- C:\Windows\SysNative\drivers\ADIHdAud.sys (Analog Devices, Inc.)
DRV:64bit: - (LADF_SBVM) -- C:\Windows\SysNative\drivers\ladfSBVMamd64.sys (Logitech)
DRV:64bit: - (LADF_DHP2) -- C:\Windows\SysNative\drivers\ladfDHP2amd64.sys (Logitech)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (USBMULCD) -- C:\Windows\SysNative\drivers\CM10664.sys (C-Media Inc)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (dtcdrom) -- C:\Windows\SysWOW64\drivers\dtcdrom.sys (Disc-Soft)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ch/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 C1 35 FA 83 55 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6522
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.the-sealanders.ch/paintball/index.php"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.08.22 19:33:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.08.28 15:42:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.08.28 15:42:59 | 000,000,000 | ---D | M]
 
[2009.10.26 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Extensions
[2009.10.26 19:51:49 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.08.28 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\mozilla\Firefox\Profiles\2lq04ze3.default\extensions
[2010.03.27 17:08:46 | 000,000,000 | ---D | M] (softonic-de3 Toolbar) -- C:\Users\magy\AppData\Roaming\mozilla\Firefox\Profiles\2lq04ze3.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2010.08.28 23:36:15 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npContribute.dll
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.28 15:50:17 | 000,001,820 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 0 more lines...
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Tango) - {5FBA0E3E-786B-42EE-B8C0-2ADB116384C9} - C:\Windows\SysWow64\3a78.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Value error. File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll File not found
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysWow64\DreamScene.dll File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.28 15:38:31 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{12139b68-1bdf-11df-b05d-002354078035}\Shell - "" = AutoRun
O33 - MountPoints2\{12139b68-1bdf-11df-b05d-002354078035}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{d6b503d3-f32b-11de-96df-002354078035}\Shell - "" = AutoRun
O33 - MountPoints2\{d6b503d3-f32b-11de-96df-002354078035}\Shell\AutoRun\command - "" = G:\STEAMBACKUP.EXE -- File not found
O33 - MountPoints2\{dd9cd1a0-ae10-11df-9d89-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{dd9cd1a0-ae10-11df-9d89-806e6f6e6963}\Shell\AutoRun\command - "" = H:\Installer.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk - C:\PROGRA~1\Logitech\SetPoint\SetPoint.exe - File not found
MsConfig:64bit - StartUpReg: EvtMgr6 - hkey= - key= - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
MsConfig:64bit - StartUpReg: Logitech G35 - hkey= - key= - C:\Program Files (x86)\Logitech\G35\G35.exe (Logitech(c))
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.dvsd - C:\Windows\SysWow64\pdvcodec.dll (Matsushita Electric Industrial Co., Ltd.)
Drivers32: vidc.ffds - C:\PROGRA~2\COMBIN~1\Filters\FFDShow\ff_vfw.dll ()
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.i420 - C:\Windows\SysWow64\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.28 23:36:41 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2010.08.28 23:18:31 | 000,000,000 | ---D | C] -- C:\Users\magy\Desktop\Malware
[2010.08.28 23:17:42 | 000,060,928 | ---- | C] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-11027991
[2010.08.28 23:01:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.08.28 22:19:45 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.28 22:19:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.28 21:16:34 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\CrashDumps
[2010.08.28 20:21:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Backup
[2010.08.28 20:21:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C-CHANNEL
[2010.08.28 19:00:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.08.28 17:09:53 | 000,000,000 | ---D | C] -- C:\Users\magy\Documents\Anti-Malware
[2010.08.28 16:35:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2010.08.28 16:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010.08.28 15:48:48 | 000,000,000 | ---D | C] -- C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010.08.28 15:37:37 | 000,000,000 | ---D | C] -- C:\Windows\95431C66CF9A4913BFFF6050785AFB65.TMP
[2010.08.27 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Malwarebytes
[2010.08.27 17:44:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.27 16:10:46 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Logishrd
[2010.08.27 16:10:17 | 000,018,960 | ---- | C] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.08.27 16:09:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
[2010.08.27 16:08:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
[2010.08.27 16:05:42 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Logishrd
[2010.08.27 12:41:37 | 000,000,000 | ---D | C] -- C:\AdobeTemp
[2010.08.27 11:55:41 | 000,234,048 | ---- | C] (Disc-Soft) -- C:\Windows\SysWow64\drivers\dtcdrom.sys
[2010.08.26 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.08.26 18:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.08.25 14:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Users\magy\Documents\StarCraft II
[2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StarCraft II
[2010.08.25 12:12:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.08.24 16:00:13 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.08.24 16:00:13 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.08.23 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\id Software
[2010.08.23 20:34:47 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010.08.22 19:36:41 | 000,000,000 | ---D | C] -- C:\Users\magy\Adobe Flash Builder 4
[2010.08.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010.08.22 19:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010.08.22 18:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Net
[2010.08.22 18:54:37 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\DAEMON Tools Net
[2010.08.14 17:10:21 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Sunbelt Software
[2010.08.14 17:09:43 | 000,093,360 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.08.14 12:24:32 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Local\Windows Server
[2010.08.14 12:24:25 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\E489084B2DBCBD550FA6616675C2950C
[2010.07.13 17:54:50 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Avira
[2010.07.13 17:53:35 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.07.13 17:53:35 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.07.13 17:53:35 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.07.13 17:53:35 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.07.13 17:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.06.29 23:31:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2010.06.29 23:31:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2010.06.27 00:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.06.27 00:42:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.06.27 00:42:41 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.06.27 00:41:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.06.07 19:49:43 | 000,000,000 | ---D | C] -- C:\Users\magy\AppData\Roaming\Blender Foundation
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.28 23:49:52 | 008,126,464 | -HS- | M] () -- C:\Users\magy\ntuser.dat
[2010.08.28 23:36:23 | 001,507,106 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.28 23:36:23 | 000,657,438 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.28 23:36:23 | 000,618,714 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.28 23:36:23 | 000,130,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.28 23:36:23 | 000,107,034 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.28 23:17:42 | 000,060,928 | ---- | M] (Prevx) -- C:\Windows\SysWow64\PxSecure.dll-11027991
[2010.08.28 23:17:34 | 000,000,049 | ---- | M] () -- C:\Windows\wininit.ini
[2010.08.28 20:34:27 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.28 20:34:27 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.28 20:28:35 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.28 20:28:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.28 20:28:16 | 2146,344,959 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.28 20:21:21 | 000,000,497 | ---- | M] () -- C:\Windows\win.ini
[2010.08.28 20:21:16 | 000,000,231 | ---- | M] () -- C:\Users\Public\Documents\PreUnInstall4Backup20100828_202116.zip
[2010.08.28 16:11:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.08.28 15:38:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2010.08.27 16:10:17 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.08.27 15:58:32 | 004,984,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010.08.27 11:55:41 | 000,234,048 | ---- | M] (Disc-Soft) -- C:\Windows\SysWow64\drivers\dtcdrom.sys
[2010.08.27 00:29:20 | 000,310,784 | ---- | M] () -- C:\Users\magy\Documents\Polterabend.doc
[2010.08.25 12:43:00 | 000,000,568 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.08.25 12:28:57 | 000,000,376 | ---- | M] () -- C:\Users\magy\Desktop\Wolfenstein™.lnk
[2010.08.25 12:28:54 | 000,000,376 | ---- | M] () -- C:\Users\magy\Desktop\Wolfenstein™ MP.lnk
[2010.08.25 12:27:06 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.23 20:43:40 | 000,111,928 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.23 20:43:28 | 000,794,408 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.22 18:55:44 | 000,502,256 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.08.16 19:50:17 | 000,028,160 | ---- | M] () -- C:\Users\magy\Documents\Kündigung.doc
[2010.08.16 19:50:03 | 000,185,149 | ---- | M] () -- C:\Users\magy\Documents\Kündigung.pdf
[2010.08.14 17:09:43 | 000,093,360 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.08.14 16:29:33 | 000,003,080 | ---- | M] () -- C:\Users\magy\Documents\cc_20100814_162929.reg
[2010.08.12 19:17:25 | 001,532,859 | ---- | M] () -- C:\Users\magy\Documents\Bewerbung.pdf
[2010.08.12 19:17:16 | 002,858,496 | ---- | M] () -- C:\Users\magy\Documents\Bewerbung.doc
[2010.08.12 19:12:16 | 000,520,644 | ---- | M] () -- C:\Users\magy\Documents\Arbeitszeugnis M.Hügli.jpg
[2010.08.06 13:53:49 | 001,532,040 | ---- | M] () -- C:\Users\magy\Documents\Fähigkeitsausweis.jpg
[2010.08.06 13:51:02 | 001,445,000 | ---- | M] () -- C:\Users\magy\Documents\Schulzeugniss.jpg
[2010.08.06 13:39:36 | 000,445,840 | ---- | M] () -- C:\Users\magy\Documents\Arbeitszeugniss W.Hügli.jpg
[2010.08.05 16:43:55 | 000,011,159 | ---- | M] () -- C:\Users\magy\Documents\Haushaltsgeld.xlsx
[2010.07.13 18:00:38 | 000,000,600 | ---- | M] () -- C:\Users\magy\AppData\Roaming\winscp.rnd
[2010.07.10 00:38:00 | 000,065,128 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.07.10 00:38:00 | 000,056,936 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.07.10 00:38:00 | 000,012,264 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2010.06.12 03:02:31 | 000,000,039 | ---- | M] () -- C:\Windows\vbaddin.ini
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.28 23:17:27 | 000,000,049 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.28 20:21:16 | 000,000,231 | ---- | C] () -- C:\Users\Public\Documents\PreUnInstall4Backup20100828_202116.zip
[2010.08.28 16:11:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010.08.28 15:38:31 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job
[2010.08.27 11:50:05 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job
[2010.08.27 00:29:19 | 000,310,784 | ---- | C] () -- C:\Users\magy\Documents\Polterabend.doc
[2010.08.25 12:28:57 | 000,000,376 | ---- | C] () -- C:\Users\magy\Desktop\Wolfenstein™.lnk
[2010.08.25 12:28:54 | 000,000,376 | ---- | C] () -- C:\Users\magy\Desktop\Wolfenstein™ MP.lnk
[2010.08.25 12:12:13 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.08.23 20:43:28 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.16 19:50:03 | 000,185,149 | ---- | C] () -- C:\Users\magy\Documents\Kündigung.pdf
[2010.08.14 16:29:31 | 000,003,080 | ---- | C] () -- C:\Users\magy\Documents\cc_20100814_162929.reg
[2010.08.12 19:13:47 | 000,520,644 | ---- | C] () -- C:\Users\magy\Documents\Arbeitszeugnis M.Hügli.jpg
[2010.08.06 14:06:53 | 000,028,160 | ---- | C] () -- C:\Users\magy\Documents\Kündigung.doc
[2010.08.06 13:57:35 | 001,532,859 | ---- | C] () -- C:\Users\magy\Documents\Bewerbung.pdf
[2010.08.06 13:52:34 | 001,532,040 | ---- | C] () -- C:\Users\magy\Documents\Fähigkeitsausweis.jpg
[2010.08.06 13:50:40 | 001,445,000 | ---- | C] () -- C:\Users\magy\Documents\Schulzeugniss.jpg
[2010.08.06 13:39:47 | 000,445,840 | ---- | C] () -- C:\Users\magy\Documents\Arbeitszeugniss W.Hügli.jpg
[2010.08.06 13:15:48 | 002,858,496 | ---- | C] () -- C:\Users\magy\Documents\Bewerbung.doc
[2010.08.05 16:09:18 | 000,011,159 | ---- | C] () -- C:\Users\magy\Documents\Haushaltsgeld.xlsx
[2010.07.03 15:57:53 | 001,481,728 | ---- | C] () -- C:\Windows\SysWow64\LegitCheckControl.dll
[2010.07.03 15:57:19 | 000,676,224 | ---- | C] () -- C:\Windows\SysWow64\OGACheckControl.dll
[2010.07.03 15:57:19 | 000,414,208 | ---- | C] () -- C:\Windows\SysWow64\WgaTray.exe
[2010.07.03 15:57:19 | 000,190,976 | ---- | C] () -- C:\Windows\SysWow64\WgaLogon.dll
[2010.02.09 20:05:14 | 000,000,600 | ---- | C] () -- C:\Users\magy\AppData\Roaming\winscp.rnd
[2009.12.28 02:26:05 | 000,000,568 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.12.03 19:36:15 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2009.12.03 19:36:15 | 000,014,392 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2009.12.02 13:13:50 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2009.12.02 13:13:50 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.11.16 16:14:14 | 000,524,288 | ---- | C] () -- C:\Windows\SysWow64\RegisterDialog.dll
[2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2009.10.27 08:19:44 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2009.10.27 08:19:44 | 000,000,205 | ---- | C] () -- C:\Windows\SysWow64\lsprst7.dll
[2009.10.27 08:19:44 | 000,000,073 | ---- | C] () -- C:\Windows\SysWow64\ssprs.dll
[2009.10.27 08:19:44 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009.10.27 08:08:46 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.10.25 20:25:24 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2009.10.25 20:01:50 | 000,106,496 | ---- | C] () -- C:\Windows\Vmix.dll
[2009.10.25 19:49:00 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
========== LOP Check ==========
 
[2010.06.07 19:49:43 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\Blender Foundation
[2010.01.14 22:27:55 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\Canneverbe_Limited
[2010.04.14 19:46:03 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\Command and Conquer 4
[2009.10.25 17:43:44 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\DAEMON Tools Lite
[2010.08.22 19:17:27 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\DAEMON Tools Net
[2010.08.14 12:26:35 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\E489084B2DBCBD550FA6616675C2950C
[2010.04.23 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\FileZilla
[2010.01.17 12:51:02 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\IrfanView
[2009.10.28 18:42:36 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\Leadertech
[2010.08.26 18:11:31 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\LimeWire
[2010.08.28 20:22:35 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\MAXON
[2009.12.02 22:23:17 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\NetMeter
[2009.12.31 01:32:51 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\ProtectDisc
[2010.01.20 21:21:30 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\TS3Client
[2009.10.27 20:51:26 | 000,000,000 | ---D | M] -- C:\Users\magy\AppData\Roaming\TuneUp Software
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job
[2010.08.27 11:56:45 | 000,000,446 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.05.08 21:44:55 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< c:\windows\system32\drivers\*.sys /lockedfiles >
 
< c:\windows\system32\*.dll /lockedfiles >
 
< %systemroot%\*. /mp /s >
 
< %PROGRAMFILES%\*. >
[2010.08.23 20:36:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Activision
[2010.08.28 20:19:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Adobe
[2009.10.25 18:18:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Alcohol Soft
[2009.12.26 18:47:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Analog Devices
[2009.12.03 19:36:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ASUS
[2009.10.28 23:46:53 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\AVG
[2010.07.13 17:53:35 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Avira
[2010.08.28 20:21:28 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\C-CHANNEL
[2009.11.22 17:35:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\CCleaner
[2009.10.25 19:41:43 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Combined Community Codec Pack
[2010.08.28 20:23:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Common Files
[2010.03.27 17:08:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Conduit
[2010.08.22 18:55:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Net
[2009.10.25 17:42:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DAEMON Tools Toolbar
[2009.12.01 23:23:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\DivX
[2009.12.27 23:18:25 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Elaborate Bytes
[2010.08.14 16:42:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Electronic Arts
[2010.04.16 21:07:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Endress+Hauser
[2010.04.22 18:05:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\FileZilla FTP Client
[2010.08.28 20:21:28 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\InstallShield Installation Information
[2010.08.11 21:54:30 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Internet Explorer
[2010.07.13 17:59:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\IrfanView
[2010.06.27 00:43:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\iTunes
[2010.08.25 14:01:24 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Java
[2010.08.27 12:27:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Jdowner
[2010.05.17 18:50:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\LimeWire
[2009.10.28 18:45:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Logitech
[2010.08.28 22:19:47 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2009.10.25 19:45:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Office
[2010.08.26 18:06:39 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Silverlight
[2009.10.25 19:45:07 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio
[2009.10.25 19:43:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2009.10.27 01:43:36 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft Works
[2009.11.04 18:17:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft WSE
[2010.08.11 17:55:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Microsoft.NET
[2009.12.30 18:21:10 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mkv2vob
[2010.08.28 15:42:59 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox
[2009.10.25 19:45:17 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSBuild
[2009.10.28 04:00:23 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\MSXML 4.0
[2010.08.22 19:30:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\My Company Name
[2010.08.26 18:08:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Nero
[2010.08.24 16:01:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.08.22 19:45:27 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\ProtectDisc
[2010.06.27 00:41:19 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\QuickTime
[2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Reference Assemblies
[2010.08.25 12:43:21 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\StarCraft II
[2010.08.28 20:24:16 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Steam
[2009.10.25 19:42:41 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Teamspeak2_RC2
[2010.08.28 19:00:26 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Trend Micro
[2009.07.14 06:57:06 | 000,000,000 | -H-D | M] -- C:\Program Files (x86)\Uninstall Information
[2009.12.02 00:11:29 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\VideoLAN
[2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Defender
[2010.05.12 21:16:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Mail
[2009.10.25 17:05:37 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Media Player
[2009.07.14 07:32:38 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows NT
[2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Photo Viewer
[2009.07.14 07:32:40 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Portable Devices
[2009.07.14 19:58:49 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows Sidebar
[2009.10.26 19:21:45 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Windows SideShow
[2009.12.02 13:13:50 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Xvid
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >
         
Extra.txt gab es nicht diesmal.
--- --- ---

Alt 29.08.2010, 01:18   #15
Chris4You
 
explorer.exe infected - Standard

explorer.exe infected



Hi,

OTL-Log schaue ich mir morgen an...

ABER welchen Explorer hast du überprüfen lassen?
C:\Windows\explorer.exe
C:\Windows\System32\explorer.exe
Überprüfe mal beide... einer ist wohl doch "gedopt"... und unter vista steht der richtige unter c:\windows...

chris
__________________
Don't bring me down
Vor dem posten beachten!
Spenden
(Wer spenden will, kann sich gerne melden )

Antwort

Themen zu explorer.exe infected
adobe, antivir, antivir guard, antivirus, ask toolbar, ask.com, avg, avira, bho, browser, desktop, emsisoft, emsisoft anti-malware, enigma, firefox, hijackthis, hängen, internet, internet explorer, intrusion prevention, logfile, malware, mozilla, object, online virus, plug-in, scan, senden, software, spyhunter 4, symantec, system, syswow64, virus, windows



Ähnliche Themen: explorer.exe infected


  1. PUP.Dealio infected
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (7)
  2. HTML/Infected.WebPage.Gen -> Internet Explorer öffnet sich ungewollt
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (1)
  3. HTML Infected
    Plagegeister aller Art und deren Bekämpfung - 11.08.2009 (3)
  4. Infected.WebPage.Gen
    Plagegeister aller Art und deren Bekämpfung - 07.07.2009 (4)
  5. Your Computer is infected
    Log-Analyse und Auswertung - 23.11.2008 (5)
  6. Your Computer is Infected...!!!
    Log-Analyse und Auswertung - 13.11.2008 (3)
  7. Your computer is infected!...
    Mülltonne - 13.10.2008 (0)
  8. Your computer is infected!
    Plagegeister aller Art und deren Bekämpfung - 01.08.2008 (9)
  9. Your Computer is Infected
    Mülltonne - 22.07.2008 (0)
  10. Your computer is infected
    Log-Analyse und Auswertung - 23.03.2008 (0)
  11. Am i Infected or not ?
    Log-Analyse und Auswertung - 14.12.2006 (1)
  12. Your Computer is infected!
    Plagegeister aller Art und deren Bekämpfung - 14.03.2006 (1)
  13. Infected !
    Plagegeister aller Art und deren Bekämpfung - 15.02.2006 (24)
  14. Your computer is infected!
    Plagegeister aller Art und deren Bekämpfung - 06.01.2006 (1)
  15. your Computer is infected
    Log-Analyse und Auswertung - 16.11.2005 (1)
  16. Your computer is infected........!!!
    Plagegeister aller Art und deren Bekämpfung - 13.11.2005 (3)
  17. Your computer is infected
    Plagegeister aller Art und deren Bekämpfung - 10.11.2005 (2)

Zum Thema explorer.exe infected - Hallo Zusammen, mein Explorer stürzt seit ein paar Tagen des öfteren ab. Ich habe die explorer.exe bei Virustotal gecheckt und 3 von den 41 sagen infected/modified. VirusTotal - Free Online - explorer.exe infected...
Archiv
Du betrachtest: explorer.exe infected auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.