Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: winlogon.exe nicht in Windows/System 32

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 06.10.2010, 15:51   #1
Jenser0609
 
winlogon.exe nicht in Windows/System 32 - Standard

winlogon.exe nicht in Windows/System 32



Hallo euch allen das Thema gibt es schon aber da ich dort keine Berechtigung habe mache ich ein neues auf. Ich hab die Winlogon.EXE In C:\Dokumente und Einstellungen\Anwendungsdaten.

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

* Doppelklick auf die OTL.exe
* Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.
______________________________________________________________________________________________________________________________________________________ ______________________________________
Dies habe ich durchgeführt bzw bin noch dabei Ergebnisee folgen.

So hier das Log File von Malwarebytes

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4754

Windows 6.1.7601 Service Pack 1, v.178
Internet Explorer 9.0.7930.16406

06.10.2010 16:54:25
mbam-log-2010-10-06 (16-54-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146984
Laufzeit: 4 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{son4l6k8-3f67-h8k6-o0n8-ki77rutf17p6} (Generic.Bot.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Cerberus (Backdoor.Trace) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cerberus (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cerberus (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cerberus (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\cerberus (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Administrator\AppData\Roaming\WinLogon.exe (Generic.Bot.H) -> Quarantined and deleted successfully.
______________________________________________________________________________________________________________________________________________________ _________________________________________
Rest vom OTL folgt sofort.

So hier 1 Logfile von OTL EXTRASOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.10.2010 17:01:39 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1, v.178 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 82,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,59 Gb Total Space | 42,00 Gb Free Space | 41,75% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 78,55 Gb Free Space | 26,35% Space Free | Partition Type: NTFS
Drive E: | 100,59 Gb Total Space | 95,57 Gb Free Space | 95,01% Space Free | Partition Type: NTFS
Drive F: | 100,59 Gb Total Space | 47,91 Gb Free Space | 47,63% Space Free | Partition Type: NTFS
Drive G: | 629,75 Gb Total Space | 531,18 Gb Free Space | 84,35% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 5,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PRIVAT-PC
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "e:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "e:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "e:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{E520EB70-A071-4A1A-9BD2-B28CC6D9DB22}" = O&O CleverCache
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"cFosSpeed" = cFosSpeed v6.02
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{090B5A39-32DD-431D-A978-3163C950AF6E}" = PROMT Professional 9.0 German Giant Trial
"{1148E85C-E1AF-48E0-A29C-68DACE07E054}" = Pro Evolution Soccer 2011
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{283FFB23-8751-4B08-ACB8-5E0F8BCF7727}" = Pro Evolution Soccer 2010
"{28A8E12A-D73B-4580-84CC-51B6DDBD8C21}" = Aion
"{2E1A71D5-7897-4F3F-B0E3-B412C86A646D}" = Need for Speed™ ProStreet
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54FC6F76-AF49-40D4-A74F-83DF45DE9629}" = Winamp Pro
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-1033-F400-7760-000000000003}" = Adobe Acrobat 8 Professional - English, Français, Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B99CB207-4704-4C51-9309-0FA90AA26DD4}" = ROCCAT Kone[+] Mouse Driver
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E871FF1A-D7A0-420D-9A47-B78AFD8B16AA}" = PES 2010 Editor
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Die Minen Von Moria v02.01.03.4020
"Adobe Acrobat 8 Professional - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Akamai" = Akamai NetSession Interface
"Browser Defender_is1" = Browser Defender 3.0
"Collectorz.com Movie Collector" = Collectorz.com Movie Collector
"DVDFab 7_is1" = DVDFab 7.0.9.0 (30/07/2010)
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"HijackThis" = HijackThis 2.0.2
"InstallShield_{149464D9-B06F-4505-9968-FD1206F67AD3}" = Call of Duty(R) - World at War(TM) 1.3 Patch
"InstallShield_{20962D9D-D7B9-4AEE-B72B-5C9A45A1B402}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{3521F7CF-9343-4C1F-AE5E-0D2A57A18D2B}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{97EE1BAC-C04F-4935-8110-B1BBAB99D09D}" = Call of Duty(R) - World at War(TM) 1.4.1 Patch
"InstallShield_{CC862A04-B2B0-4A79-ADD2-4B76D6CF4DCD}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"InstallShield_{E237FA24-CFB3-431F-B356-DF8FB116DE4B}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"LHTTSFRF" = L&H TTS3000 Français
"LHTTSGED" = L&H TTS3000 Deutsch
"LHTTSRUR" = L&H TTS3000 Russian
"LHTTSSPE" = L&H TTS3000 Español
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"mv61xxDriver" = marvell 61xx
"NAVIGON Fresh" = NAVIGON Fresh 3.2.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Spyware Doctor" = PC Tools Internet Security 8.0
"StarCraft II" = StarCraft II
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"UltraISO_is1" = UltraISO Premium V9.36
"VLC media player" = VLC media player 1.1.3
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.10.2010 11:52:04 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.PowerPointAddin.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.PowerPointAddin.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 03.10.2010 11:36:15 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.OutlookAddin.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.OutlookAddin.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 03.10.2010 11:36:24 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.WordAddin.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.WordAddin.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 03.10.2010 11:36:34 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.ExcelAddin.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.ExcelAddin.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 03.10.2010 11:36:58 | Computer Name = Privat-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "E:\PRMT9\SMARTOOLX\SmartoolX.PowerPointAddin.dll.Manifest".
 Fehler in Manifest- oder Richtliniendatei "E:\PRMT9\SMARTOOLX\SmartoolX.PowerPointAddin.dll.Manifest"
 in Zeile 4.  Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
 des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
 Windows-Version nicht unterstützt wird.
 
Error - 05.10.2010 13:15:35 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: leecher.exe, Version: 5.1.1.150, 
Zeitstempel: 0x4bb65475  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.16562,
 Zeitstempel: 0x4c08af4d  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000b727  ID des fehlerhaften
 Prozesses: 0xc5c  Startzeit der fehlerhaften Anwendung: 0x01cb64b08add2b55  Pfad der
 fehlerhaften Anwendung: G:\Loader\sft-loader_2010_alpha\leecher.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 2a442423-d0a4-11df-95b8-00261800a901
 
Error - 05.10.2010 13:50:24 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: leecher.exe, Version: 4.4.5.108, 
Zeitstempel: 0x2a425e19  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.16562,
 Zeitstempel: 0x4c08aeac  Ausnahmecode: 0xc0000028  Fehleroffset: 0x00090695  ID des fehlerhaften
 Prozesses: 0x814  Startzeit der fehlerhaften Anwendung: 0x01cb64b4f971a9dd  Pfad der
 fehlerhaften Anwendung: C:\Users\Administrator\Downloads\sft-loader_2009_final\leecher.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 0799d9a2-d0a9-11df-b230-00261800a901
 
Error - 06.10.2010 09:54:13 | Computer Name = Privat-PC | Source = Bonjour Service | ID = 100
Description = 676: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 06.10.2010 09:59:10 | Computer Name = Privat-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.14.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 184c    Startzeit:
 01cb655e4dcb5e5d    Endzeit: 3    Anwendungspfad: C:\Users\Administrator\Downloads\OTL.exe

Berichts-ID:
   
 
Error - 06.10.2010 10:32:34 | Computer Name = Privat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pctsSvc.exe, Version: 7.0.0.131, 
Zeitstempel: 0x4c7ac978  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.16562,
 Zeitstempel: 0x4c08af4d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e86c  ID des fehlerhaften
 Prozesses: 0xba0  Startzeit der fehlerhaften Anwendung: 0x01cb6563423ffd6b  Pfad der
 fehlerhaften Anwendung: e:\PC Tools Security\pctsSvc.exe  Pfad des fehlerhaften Moduls:
 C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 8e73a544-d156-11df-a5d3-00261800a901
 
[ System Events ]
Error - 06.10.2010 09:41:52 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHelp20
 
Error - 06.10.2010 09:52:24 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 06.10.2010 10:32:08 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "KMService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 06.10.2010 10:32:08 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 06.10.2010 10:32:09 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
Error - 06.10.2010 10:32:30 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHelp20
 
Error - 06.10.2010 10:33:49 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PC Tools Security Service" wurde unerwartet beendet. Dies 
ist bereits 1 Mal passiert.
 
Error - 06.10.2010 10:58:10 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "KMService" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 06.10.2010 10:58:10 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PnkBstrA" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 06.10.2010 10:58:22 | Computer Name = Privat-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   PxHelp20
 
 
< End of report >
         
--- --- ---
______________________________________________________________________________________________________________________________________________________ _________________________________________

2 Logfile OTL OTL TXTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.10.2010 17:01:39 - Run 2
OTL by OldTimer - Version 3.2.14.1     Folder = C:\Users\Administrator\Desktop
64bit- Ultimate Edition Service Pack 1, v.178 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.7930.16406)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 7,00 Gb Available Physical Memory | 82,00% Memory free
16,00 Gb Paging File | 14,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,59 Gb Total Space | 42,00 Gb Free Space | 41,75% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 78,55 Gb Free Space | 26,35% Space Free | Partition Type: NTFS
Drive E: | 100,59 Gb Total Space | 95,57 Gb Free Space | 95,01% Space Free | Partition Type: NTFS
Drive F: | 100,59 Gb Total Space | 47,91 Gb Free Space | 47,63% Space Free | Partition Type: NTFS
Drive G: | 629,75 Gb Total Space | 531,18 Gb Free Space | 84,35% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 5,96 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: PRIVAT-PC
Current User Name: Administrator
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - e:\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - E:\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
PRC - e:\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe (ROCCAT GmbH)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDWebCam.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - e:\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - E:\PRMT9\PrmtSvr.exe (PROMT Ltd.)
PRC - e:\DAEMON Tools Pro\DTProShellHlp.exe (DT Soft Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.16562_none_41ebc47a2bd240fc\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH)
SRV:64bit: - (dgdersvc) -- C:\Windows\SysNative\dgdersvc.exe (Devguru Co., Ltd.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV:64bit: - (ose64) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_062a651.dll ()
SRV - (dgdersvc) -- C:\Windows\SysWOW64\dgdersvc.exe (Devguru Co., Ltd.)
SRV - (PnkBstrA) -- C:\Windows\SysWow64\PnkBstrA.exe ()
SRV - (Browser Defender Update Service) -- e:\PC Tools Security\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- e:\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (ThreatFire) -- e:\PC Tools Security\TFEngine\TFService.exe (PC Tools)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdAuxService) -- e:\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (O&O CleverCache) -- E:\CleverCache\ooccag.exe (O&O Software GmbH)
SRV - (StarWindServiceAE) -- e:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (VGPU) -- C:\Windows\SysNative\drivers\rdvgkmd.sys File not found
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys File not found
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\synth3dvsc.sys File not found
DRV:64bit: - (cFosSpeed) cFosSpeed for faster Internet connections (NDIS 6) -- C:\Windows\SysNative\drivers\cfosspeed6.sys (cFos Software GmbH)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (PCTFW-PacketFilter) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys (PC Tools)
DRV:64bit: - (pctgntdi) -- C:\Windows\SysNative\drivers\pctgntdi64.sys (PC Tools)
DRV:64bit: - (pctplfw) -- C:\Windows\SysNative\drivers\pctplfw64.sys (PC Tools)
DRV:64bit: - (pctplsg) -- C:\Windows\SysNative\drivers\pctplsg64.sys (PC Tools)
DRV:64bit: - (TfSysMon) -- C:\Windows\SysNative\drivers\TfSysMon.sys (PC Tools)
DRV:64bit: - (TfFsMon) -- C:\Windows\SysNative\drivers\TfFsMon.sys (PC Tools)
DRV:64bit: - (TfNetMon) -- C:\Windows\SysNative\drivers\TfNetMon.sys (PC Tools)
DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys (PC Tools)
DRV:64bit: - (pctNdisMP) -- C:\Windows\SysNative\drivers\pctNdis64.sys (PC Tools)
DRV:64bit: - (pctNdis) -- C:\Windows\SysNative\drivers\pctNdis64.sys (PC Tools)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys (PC Tools)
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys (PC Tools)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (mv61xx) -- C:\Windows\SysNative\drivers\mv61xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\drivers\Entech64.sys (EnTech Taiwan)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV - (dgderdrv) -- C:\Windows\SysWOW64\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (ISODrive) -- e:\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = ED EE C2 F1 B9 64 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - e:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: anycolor.pavlos256@gmail.com:0.3.3
FF - prefs.js..extensions.enabledItems: promtff9@promt9.ru:9.0
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: {cb84136f-9c44-433a-9048-c5cd9df1dc16}:2.0.6
FF - prefs.js..extensions.enabledItems: djziggy@gmail.com:1.2.0
FF - prefs.js..extensions.enabledItems: info@djzig.com:1.2.0
FF - prefs.js..extensions.enabledItems: {241aae70-0022-11de-87af-0800200c9a66}:3.6.30.01.10
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: e:\PC Tools Security\BDT\Firefox\ [2010.10.05 20:46:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.05 19:36:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.22 19:04:50 | 000,000,000 | ---D | M]
 
[2010.08.03 00:02:35 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010.10.05 20:59:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions
[2010.08.03 22:43:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.03 00:04:03 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2010.08.03 00:04:03 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010.08.21 18:44:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\anycolor.pavlos256@gmail.com
[2010.09.06 21:56:18 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\djziggy@gmail.com
[2010.10.05 19:34:25 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\fb_add_on@avm.de
[2010.09.06 21:56:21 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\vntc22dp.default\extensions\info@djzig.com
[2010.10.05 20:09:25 | 000,002,689 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\FireFox\Profiles\vntc22dp.default\searchplugins\search-defender.xml
[2010.10.05 20:59:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Program Files (x86)\mozilla firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] (Blue Fox) -- C:\Program Files (x86)\mozilla firefox\extensions\{241aae70-0022-11de-87af-0800200c9a66}
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Program Files (x86)\mozilla firefox\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\anycolor.pavlos256@gmail.com
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\chatzilla
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\Console2
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\downthemall
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\emusic
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\fullerscreen
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\sage
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\toolkit
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\global\extensions\webdeveloper
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\djziggy@gmail.com\chrome\mozapps\extensions
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\chatzilla
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\Console2
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\downthemall
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\emusic
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\fullerscreen
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\sage
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\toolkit
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\global\extensions\webdeveloper
[2010.08.03 00:02:13 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions\info@djzig.com\chrome\mozapps\extensions
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Promt IE Helper) - {1F13CE11-4FAC-49A9-8155-D4F3F0F91A33} - E:\PRMT9\PRMTIE\prmtie.dll (PROMT Ltd.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - e:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - e:\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PROMT-Übersetzer) - {C7DDDD27-F303-42A5-B979-51559F7DC0F0} - E:\PRMT9\PRMTIE\prmtie.dll (PROMT Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cFosSpeed] C:\Programme\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [ooccctrl.exe] E:\CleverCache\ooccctrl.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ISTray] e:\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [PCTools FGuard] e:\PC Tools Security\BDT\FGuard.exe (Threat Expert Ltd.)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKCU..\Run: [KiesTrayAgent]  File not found
O4 - HKCU..\Run: [PlayNC Launcher]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Ganze Seite übersetzen - E:\PRMT9\PRMTIE\page.HTM ()
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Markierung ubersetzen - E:\PRMT9\PRMTIE\translat.HTM ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Suchanfrage ubersetzen - E:\PRMT9\PRMTIE\search.HTM ()
O8:64bit: - Extra context menu item: Thema automatisch bestimmen - E:\PRMT9\PRMTIE\aot.htm ()
O8:64bit: - Extra context menu item: Übersetzungsoptionen anpassen - E:\PRMT9\PRMTIE\options.HTM ()
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandenes PDF anfügen - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ganze Seite übersetzen - E:\PRMT9\PRMTIE\page.HTM ()
O8 - Extra context menu item: In Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Markierung ubersetzen - E:\PRMT9\PRMTIE\translat.HTM ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Suchanfrage ubersetzen - E:\PRMT9\PRMTIE\search.HTM ()
O8 - Extra context menu item: Thema automatisch bestimmen - E:\PRMT9\PRMTIE\aot.htm ()
O8 - Extra context menu item: Übersetzungsoptionen anpassen - E:\PRMT9\PRMTIE\options.HTM ()
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - E:\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.17 06:32:29 | 000,335,752 | R--- | M] (Konami Digital Entertainment Co., Ltd.) - I:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.08.17 06:32:29 | 000,000,047 | R--- | M] () - I:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{446b7806-9e86-11df-a7dc-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{446b7806-9e86-11df-a7dc-806e6f6e6963}\Shell\AutoRun\command - "" = H:\ACRONIS.EXE -- File not found
O33 - MountPoints2\{464829d5-9f37-11df-b868-00261800a901}\Shell - "" = AutoRun
O33 - MountPoints2\{464829d5-9f37-11df-b868-00261800a901}\Shell\AutoRun\command - "" = K:\AionLauncher.exe -- File not found
O33 - MountPoints2\{efc735a8-9e7b-11df-abb6-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{efc735a8-9e7b-11df-abb6-806e6f6e6963}\Shell\AutoRun\command - "" = I:\autorun.exe -- [2010.08.17 06:32:29 | 000,335,752 | R--- | M] (Konami Digital Entertainment Co., Ltd.)
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.06 16:45:19 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.10.06 16:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.06 16:18:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2010.10.06 16:18:19 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.10.06 16:17:46 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2010.10.06 15:55:55 | 000,576,512 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.10.06 15:53:16 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.10.06 15:53:16 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.10.06 15:52:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.10.06 15:52:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.10.06 15:52:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.10.05 21:06:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Erste Seite Bestellung
[2010.10.05 20:46:39 | 001,865,680 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.10.05 20:46:39 | 000,739,280 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.10.05 20:46:39 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.10.05 20:45:39 | 000,816,016 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2010.10.05 20:45:39 | 000,452,872 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctDS64.sys
[2010.10.05 20:45:38 | 000,329,320 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2010.10.05 20:45:38 | 000,136,168 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2010.10.05 20:45:37 | 000,254,624 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2010.10.05 20:44:42 | 000,074,312 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfSysMon.sys
[2010.10.05 20:44:42 | 000,041,888 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfNetMon.sys
[2010.10.05 20:44:39 | 000,065,072 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\TfFsMon.sys
[2010.10.05 20:44:38 | 000,116,616 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-PacketFilter64.sys
[2010.10.05 20:44:38 | 000,042,968 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis-DNS64.sys
[2010.10.05 20:44:37 | 000,177,904 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplfw64.sys
[2010.10.05 20:44:37 | 000,092,896 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2010.10.05 20:44:37 | 000,077,784 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\pctNdis64.sys
[2010.10.05 20:44:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PC Tools
[2010.10.05 20:44:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2010.10.05 19:50:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Spam Monitor
[2010.10.05 19:50:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\PCToolsFirewallPlus
[2010.10.05 19:45:39 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.10.05 19:43:59 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010.10.05 19:43:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\FRITZ!
[2010.10.05 19:39:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\FRITZ!
[2010.10.05 19:36:04 | 000,000,000 | ---D | C] -- C:\Programme\FRITZ!DSL
[2010.10.02 22:36:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\EA Games
[2010.10.01 23:23:56 | 132,218,216 | ---- | C] (Samsung Electronics Co., Ltd.) -- C:\Users\Administrator\Desktop\kies_win.exe
[2010.09.30 23:07:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\AFSExplorer_3_7
[2010.09.30 21:25:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Zubehör PES 2011
[2010.09.30 21:13:33 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My ISO Files
[2010.09.30 21:13:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2010.09.30 20:46:41 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.09.29 21:28:59 | 017,276,616 | ---- | C] (Logitech                                                    ) -- C:\Users\Administrator\Desktop\lgs510_x64.exe
[2010.09.29 21:14:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010.09.29 21:14:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2010.09.27 22:08:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2010.09.27 22:07:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Games
[2010.09.27 22:01:50 | 017,686,528 | ---- | C] (Intel Corporation / Blue Ripple Sound Limited) -- C:\Windows\SysWow64\mkl_blueripple.dll
[2010.09.27 22:01:50 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2010.09.27 22:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2010.09.27 22:01:40 | 000,466,520 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.09.27 22:01:40 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.09.27 22:01:40 | 000,122,968 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.09.27 22:01:40 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.09.27 22:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.09.27 21:59:36 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.09.27 21:59:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.09.25 16:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\ROCCAT
[2010.09.25 16:52:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ROCCAT
[2010.09.23 18:45:11 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Canon
[2010.09.22 21:29:49 | 001,501,912 | ---- | C] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys
[2010.09.22 19:04:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.09.21 18:14:03 | 001,633,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2010.09.21 18:14:03 | 001,502,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2010.09.21 18:14:03 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2010.09.21 18:14:03 | 001,355,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2010.09.21 18:14:03 | 000,819,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.09.21 18:14:03 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.09.21 18:14:03 | 000,690,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.09.21 18:14:03 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.09.21 18:14:03 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.09.21 18:14:03 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.09.21 18:14:03 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2010.09.21 18:14:03 | 000,165,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2010.09.21 18:14:03 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2010.09.21 18:14:03 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2010.09.21 18:14:03 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2010.09.21 18:14:03 | 000,114,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2010.09.21 18:14:03 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2010.09.21 18:14:03 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2010.09.21 18:14:03 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2010.09.21 18:14:03 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\imgutil.dll
[2010.09.21 18:14:03 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2010.09.21 18:14:02 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2010.09.21 18:14:02 | 003,695,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2010.09.21 18:14:02 | 002,431,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.09.21 18:14:02 | 000,545,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2010.09.21 18:14:02 | 000,532,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2010.09.21 18:14:02 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.09.21 18:14:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2010.09.21 18:14:02 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.09.21 18:14:02 | 000,353,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtmsft.dll
[2010.09.21 18:14:02 | 000,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2010.09.21 18:14:02 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieaksie.dll
[2010.09.21 18:14:02 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieaksie.dll
[2010.09.21 18:14:02 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dxtrans.dll
[2010.09.21 18:14:02 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ie4uinit.exe
[2010.09.21 18:14:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakui.dll
[2010.09.21 18:14:02 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakui.dll
[2010.09.21 18:14:02 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieakeng.dll
[2010.09.21 18:14:02 | 000,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.09.21 18:14:02 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2010.09.21 18:14:02 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieakeng.dll
[2010.09.21 18:14:02 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.09.21 18:14:02 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2010.09.21 18:14:02 | 000,093,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2010.09.21 18:14:02 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2010.09.21 18:14:02 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2010.09.21 18:14:02 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2010.09.21 18:14:02 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admparse.dll
[2010.09.21 18:14:02 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2010.09.21 18:14:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admparse.dll
[2010.09.21 18:14:02 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2010.09.21 18:14:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2010.09.21 18:14:02 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.09.21 18:14:02 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.09.21 18:14:02 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.09.21 18:14:02 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.09.21 18:14:01 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.09.21 18:14:01 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.09.21 18:14:01 | 000,215,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2010.09.21 18:14:01 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2010.09.21 18:14:01 | 000,166,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2010.09.21 18:14:01 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msls31.dll
[2010.09.21 18:14:01 | 000,159,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2010.09.21 18:14:01 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2010.09.21 18:14:01 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2010.09.21 18:14:01 | 000,128,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2010.09.21 18:14:01 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2010.09.21 18:14:01 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2010.09.21 18:14:01 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.09.21 18:14:01 | 000,093,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2010.09.21 18:14:01 | 000,090,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2010.09.21 18:14:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2010.09.21 18:14:01 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2010.09.21 18:14:01 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2010.09.21 18:14:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.09.21 18:14:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2010.09.21 18:14:01 | 000,063,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2010.09.21 18:14:01 | 000,049,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2010.09.21 18:14:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2010.09.21 18:14:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2010.09.21 18:13:42 | 001,866,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ExplorerFrame.dll
[2010.09.21 18:13:42 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ExplorerFrame.dll
[2010.09.21 18:13:42 | 000,958,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll
[2010.09.21 18:13:42 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\actxprxy.dll
[2010.09.21 18:13:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Feedback Tool
[2010.09.20 19:36:11 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2010.09.20 19:36:11 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2010.09.20 19:36:11 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2010.09.20 19:36:11 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2010.09.20 19:36:11 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2010.09.20 19:36:11 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2010.09.20 19:36:11 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2010.09.18 17:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010.09.16 10:12:34 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\nHancer
[2010.09.16 10:12:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Caphyon
[2010.09.16 10:12:19 | 000,000,000 | ---D | C] -- C:\ProgramData\nHancer
[2010.09.15 10:41:54 | 000,569,344 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax
[2010.09.15 10:41:54 | 000,491,520 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll
[2010.09.15 10:41:54 | 000,352,256 | ---- | C] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll
[2010.09.15 10:41:54 | 000,258,048 | ---- | C] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax
[2010.09.15 10:41:54 | 000,245,760 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll
[2010.09.15 10:41:54 | 000,243,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCaller.dll
[2010.09.15 10:41:54 | 000,200,704 | ---- | C] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll
[2010.09.15 10:41:54 | 000,172,032 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe
[2010.09.15 10:41:54 | 000,155,648 | ---- | C] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll
[2010.09.15 10:41:54 | 000,135,168 | ---- | C] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll
[2010.09.15 10:41:54 | 000,131,072 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax
[2010.09.15 10:41:54 | 000,122,880 | ---- | C] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax
[2010.09.15 10:41:54 | 000,118,784 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll
[2010.09.15 10:41:54 | 000,110,592 | ---- | C] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax
[2010.09.15 10:41:54 | 000,057,344 | ---- | C] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll
[2010.09.15 10:41:54 | 000,057,344 | ---- | C] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll
[2010.09.15 10:41:54 | 000,049,152 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll
[2010.09.15 10:41:54 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll
[2010.09.15 10:41:54 | 000,045,056 | ---- | C] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll
[2010.09.15 10:41:54 | 000,040,960 | ---- | C] (마크애니연구소) -- C:\Windows\SysWow64\MAMACExtract.dll
[2010.09.15 10:41:54 | 000,040,960 | ---- | C] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll
[2010.09.15 10:41:54 | 000,024,576 | ---- | C] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe
[2010.09.15 10:41:08 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Synchronization2.dll
[2010.09.15 10:41:08 | 000,288,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Microsoft.Synchronization.dll
[2010.09.15 10:41:08 | 000,253,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MetaStore2.dll
[2010.09.15 10:37:40 | 000,763,216 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2010.09.15 10:37:40 | 000,095,568 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgdersvc.exe
[2010.09.15 10:37:40 | 000,018,120 | ---- | C] (Devguru Co., Ltd) -- C:\Windows\SysWow64\drivers\dgderdrv.sys
[2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2010.09.06 22:19:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\System32
[2010.08.03 23:07:42 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Administrator\AppData\Roaming\pcouffin.sys
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.06 16:58:07 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010.10.06 16:58:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.06 16:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.06 16:57:55 | 2146,729,983 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.06 16:56:53 | 003,145,728 | -HS- | M] () -- C:\Users\Administrator\NTUSER.DAT
[2010.10.06 16:56:52 | 005,441,090 | -H-- | M] () -- C:\Users\Administrator\AppData\Local\IconCache.db
[2010.10.06 16:45:21 | 000,000,567 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.06 16:39:35 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.06 16:39:35 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.06 16:37:07 | 001,527,504 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.06 16:37:07 | 000,664,396 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.06 16:37:07 | 000,624,578 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.06 16:37:07 | 000,134,564 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.06 16:37:07 | 000,110,216 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.06 16:17:49 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Administrator\Desktop\mbam-setup.exe
[2010.10.06 16:13:55 | 000,307,694 | ---- | M] () -- C:\Users\Administrator\Desktop\PES2011_Camera_Settings_1.3.rar
[2010.10.06 15:55:56 | 000,576,512 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2010.10.05 20:47:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\SM.lock
[2010.10.05 20:38:45 | 000,026,189 | ---- | M] () -- C:\Users\Administrator\Desktop\billing_349202775_4cab7092742ac.pdf
[2010.10.05 20:13:54 | 000,406,650 | ---- | M] () -- C:\Users\Administrator\Desktop\Zweite Seite der Bestellung.png
[2010.10.05 19:50:16 | 001,337,458 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010.10.04 19:59:17 | 902,445,056 | ---- | M] () -- C:\Users\Administrator\Desktop\dt07.img
[2010.10.03 22:30:08 | 000,016,769 | ---- | M] () -- C:\Users\Administrator\Desktop\Setups F1 2010.docx
[2010.10.01 23:28:14 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2010.10.01 23:25:28 | 132,218,216 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Administrator\Desktop\kies_win.exe
[2010.09.29 21:29:04 | 017,276,616 | ---- | M] (Logitech                                                    ) -- C:\Users\Administrator\Desktop\lgs510_x64.exe
[2010.09.27 22:01:40 | 000,466,520 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.09.27 22:01:40 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.09.27 22:01:40 | 000,122,968 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.09.27 22:01:40 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.09.22 16:34:40 | 001,501,912 | ---- | M] (cFos Software GmbH) -- C:\Windows\SysNative\drivers\cfosspeed6.sys
[2010.09.15 10:42:14 | 000,819,024 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysNative\dgderapi.dll
[2010.09.15 10:42:12 | 000,119,632 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysNative\dgdersvc.exe
[2010.09.15 10:42:12 | 000,020,552 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\SysNative\drivers\dgderdrv.sys
[2010.09.15 10:41:54 | 000,974,848 | ---- | M] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.15 10:41:54 | 000,569,344 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzdecode.ax
[2010.09.15 10:41:54 | 000,491,520 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.dll
[2010.09.15 10:41:54 | 000,352,256 | ---- | M] (Sample Corporation) -- C:\Windows\SysWow64\MSLUR71.dll
[2010.09.15 10:41:54 | 000,258,048 | ---- | M] ((c) PeeringPortal) -- C:\Windows\SysWow64\muzoggsp.ax
[2010.09.15 10:41:54 | 000,245,760 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSCLib.dll
[2010.09.15 10:41:54 | 000,243,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCaller.dll
[2010.09.15 10:41:54 | 000,200,704 | ---- | M] ( (c) MusicCity) -- C:\Windows\SysWow64\muzwmts.dll
[2010.09.15 10:41:54 | 000,172,032 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzapp.exe
[2010.09.15 10:41:54 | 000,155,648 | ---- | M] (Teruten Inc.) -- C:\Windows\SysWow64\MSFLib.dll
[2010.09.15 10:41:54 | 000,135,168 | ---- | M] (Musiccity Co.Ltd.) -- C:\Windows\SysWow64\muzaf1.dll
[2010.09.15 10:41:54 | 000,131,072 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmpgsp.ax
[2010.09.15 10:41:54 | 000,122,880 | ---- | M] ((c) MUSICCITY) -- C:\Windows\SysWow64\muzeffect.ax
[2010.09.15 10:41:54 | 000,118,784 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MaDRM.dll
[2010.09.15 10:41:54 | 000,110,592 | ---- | M] ((c) MusicCity) -- C:\Windows\SysWow64\muzmp4sp.ax
[2010.09.15 10:41:54 | 000,081,920 | ---- | M] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.15 10:41:54 | 000,065,536 | ---- | M] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.15 10:41:54 | 000,057,344 | ---- | M] (Marktek) -- C:\Windows\SysWow64\MK_Lyric.dll
[2010.09.15 10:41:54 | 000,057,344 | ---- | M] (Marktek Inc.) -- C:\Windows\SysWow64\MTXSYNCICON.dll
[2010.09.15 10:41:54 | 000,057,344 | ---- | M] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.09.15 10:41:54 | 000,049,152 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaJGUILib.dll
[2010.09.15 10:41:54 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MaXMLProto.dll
[2010.09.15 10:41:54 | 000,045,056 | ---- | M] ((주) 마크애니) -- C:\Windows\SysWow64\MACXMLProto.dll
[2010.09.15 10:41:54 | 000,040,960 | ---- | M] (마크애니연구소) -- C:\Windows\SysWow64\MAMACExtract.dll
[2010.09.15 10:41:54 | 000,040,960 | ---- | M] (Telechips Inc.,) -- C:\Windows\SysWow64\MTTELECHIP.dll
[2010.09.15 10:41:54 | 000,024,576 | ---- | M] ((주)마크애니) -- C:\Windows\SysWow64\MASetupCleaner.exe
[2010.09.15 10:41:08 | 000,511,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Synchronization2.dll
[2010.09.15 10:41:08 | 000,288,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Microsoft.Synchronization.dll
[2010.09.15 10:41:08 | 000,253,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MetaStore2.dll
[2010.09.15 10:37:40 | 000,763,216 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2010.09.15 10:37:40 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgdersvc.exe
[2010.09.15 10:37:40 | 000,018,120 | ---- | M] (Devguru Co., Ltd) -- C:\Windows\SysWow64\drivers\dgderdrv.sys
[2010.09.15 10:33:32 | 000,020,480 | ---- | M] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2010.09.15 10:33:32 | 000,016,392 | ---- | M] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2010.09.15 10:33:32 | 000,016,392 | ---- | M] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.06 16:45:21 | 000,000,567 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.06 16:13:55 | 000,307,694 | ---- | C] () -- C:\Users\Administrator\Desktop\PES2011_Camera_Settings_1.3.rar
[2010.10.05 20:47:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\SM.lock
[2010.10.05 20:46:39 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.10.05 20:46:39 | 000,002,074 | ---- | C] () -- C:\Windows\UDB.zip
[2010.10.05 20:46:39 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.10.05 20:46:39 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.10.05 20:46:39 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.10.05 20:38:45 | 000,026,189 | ---- | C] () -- C:\Users\Administrator\Desktop\billing_349202775_4cab7092742ac.pdf
[2010.10.05 20:13:54 | 000,406,650 | ---- | C] () -- C:\Users\Administrator\Desktop\Zweite Seite der Bestellung.png
[2010.10.05 19:46:57 | 001,337,458 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2010.10.05 19:39:01 | 000,000,800 | ---- | C] () -- C:\Users\Administrator\DesktopStCenter.txt
[2010.10.04 19:58:42 | 902,445,056 | ---- | C] () -- C:\Users\Administrator\Desktop\dt07.img
[2010.09.28 21:47:20 | 000,016,769 | ---- | C] () -- C:\Users\Administrator\Desktop\Setups F1 2010.docx
[2010.09.23 18:45:51 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\Sti_Trace.log
[2010.09.21 18:14:03 | 000,072,533 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2010.09.21 18:14:03 | 000,072,533 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2010.09.15 10:41:54 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.15 10:41:54 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.15 10:41:54 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.15 10:41:54 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010.09.14 21:38:00 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010.08.04 00:05:29 | 000,000,101 | ---- | C] () -- C:\Users\Administrator\AppData\Local\fusioncache.dat
[2010.08.04 00:04:38 | 001,526,730 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.08.03 23:07:55 | 000,000,034 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.log
[2010.08.03 23:07:42 | 000,099,384 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\inst.exe
[2010.08.03 23:07:42 | 000,007,859 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.cat
[2010.08.03 23:07:42 | 000,001,167 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\pcouffin.inf
[2010.08.03 22:05:12 | 000,000,000 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\wklnhst.dat
[2010.08.03 21:49:17 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.12.04 00:02:42 | 001,738,128 | ---- | C] () -- C:\Windows\SysWow64\BCGPStyle2007Luna.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005.04.07 03:42:07 | 000,581,632 | RHS- | C] () -- C:\Users\Administrator\AppData\Roaming\plugin.dat
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 197 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:430C6D84
< End of report >
         
--- --- ---
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

So das ist bis jetzt Stand der Dinge Ich hoffe ich habe nichts Falsch gemacht und mir kann einer Helfen. Danke schon mal vorab.

Geändert von Jenser0609 (06.10.2010 um 16:08 Uhr)

Alt 06.10.2010, 21:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon.exe nicht in Windows/System 32 - Standard

winlogon.exe nicht in Windows/System 32



Zitat:
Art des Suchlaufs: Quick-Scan
mach bitte einen Vollscan mit malwarebytes!
__________________

__________________

Alt 07.10.2010, 07:18   #3
Jenser0609
 
winlogon.exe nicht in Windows/System 32 - Standard

winlogon.exe nicht in Windows/System 32



Hallo Arne
Habe ich nachdem ist den ersten Einweisungen aus meinen obigen Post abgeschlossen hatte schon gemacht. Er findet nichts mehr im Quick Scan. Auch die Einträge unter msconfig sind nun weg. Hab ihm wohl durch eure Anweisungen oben welche ich in einem anderen Beitrag gelesen habe weg bekommen. Oder soll ich das Log File noch mal Posten?
__________________

Alt 07.10.2010, 13:57   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon.exe nicht in Windows/System 32 - Standard

winlogon.exe nicht in Windows/System 32



Wann hast Du den Vollscan gemacht? Ich seh nur Logs über einen Quickscan!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 07.10.2010, 19:15   #5
Jenser0609
 
winlogon.exe nicht in Windows/System 32 - Standard

winlogon.exe nicht in Windows/System 32



Zitat:
Zitat von cosinus Beitrag anzeigen
Wann hast Du den Vollscan gemacht? Ich seh nur Logs über einen Quickscan!
Sorry war mein Fehler der Vollscan läuft sobald der Fertig ist Poste ich wieder. Hatte dich Falsch Verstanden.

So jetzt ist der Vollscan durch

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4770

Windows 6.1.7601 Service Pack 1, v.178
Internet Explorer 9.0.7930.16406

07.10.2010 20:35:18
mbam-log-2010-10-07 (20-35-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 302951
Laufzeit: 21 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
G:\Arbeit\VMwareWorkstation700B203739\VMwareWorkstation.7.0.0.Build203739\Keygen(EMBRACE)\keygen.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.


Geändert von Jenser0609 (07.10.2010 um 19:35 Uhr)

Alt 07.10.2010, 19:40   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon.exe nicht in Windows/System 32 - Standard

winlogon.exe nicht in Windows/System 32



Zitat:
G:\Arbeit\VMwareWorkstation700B203739\VMwareWorkstation.7.0.0.Build203739\Keygen
D'oh!

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
__________________
--> winlogon.exe nicht in Windows/System 32

Alt 07.10.2010, 21:16   #7
Jenser0609
 
winlogon.exe nicht in Windows/System 32 - Standard

winlogon.exe nicht in Windows/System 32



Zitat:
Zitat von cosinus Beitrag anzeigen
D'oh!

Die (Be)nutzung von Cracks, Serials und Keygens ist illegal, somit gibt es im Trojaner-Board keinen weiteren Support mehr.

Für Dich geht es hier weiter => Neuaufsetzen des Systems
Bitte auch alle Passwörter abändern (für E-Mail-Konten, StudiVZ, Ebay...einfach alles!) da nicht selten in dieser dubiosen Software auch Keylogger und Backdoorfunktionen stecken.

Danach nie wieder sowas anrühren!
lach wie mann Neuinstalliert weiß ich selber. Und nur zur Info den Keygen hab ich gelöscht. Danke für die tolle Hilfe Arne
Und zur Info selbst das von euch Empfohlene Malwarebytes wird von einigen als Virus erkannt. So blockt PC Tools Internet Security 2011 sofort die EXE. Aber das nur am Rande.

Geändert von Jenser0609 (07.10.2010 um 21:25 Uhr)

Alt 08.10.2010, 11:00   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
winlogon.exe nicht in Windows/System 32 - Standard

winlogon.exe nicht in Windows/System 32



Zitat:
lach wie mann Neuinstalliert weiß ich selber. Und nur zur Info den Keygen hab ich gelöscht. Danke für die tolle Hilfe Arne
Den Mist hast Du Dir selbst durch illegale Software eingebrockt, also such jetzt nicht die Schuld bei anderen. Der Grundsatz im TB lautet keine Hilfe bei Cracks, Keygens etc.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu winlogon.exe nicht in Windows/System 32
32-bit, 7-zip, acroiehelper.dll, administrator, alternate, ausführen, backdoor.trace, beendet, browser guard, c:\windows\system32\rundll32.exe, call of duty, components, device driver, document, dokumente, doppelklick, durchgeführt, einstellungen, erstell, excel.exe, feedback, firefox.exe, folge, folgen, gen, generic.bot.h, herunter, install.exe, klicke, langs, links, location, logfiles, malwarebytes, manuell, microsoft office word, neues, ntdll.dll, oldtimer, poste, programdata, rechtsklick, registry, richtlinie, saver, searchplugins, service pack 1, shell32.dll, shortcut, sptd.sys, studio, syswow64, thema, usbaapl64, vista, visual studio, vlc media player, webcheck, winlogon.exe, world at war, wähle



Ähnliche Themen: winlogon.exe nicht in Windows/System 32


  1. winlogon.exe kann nicht gefunden werden
    Log-Analyse und Auswertung - 22.02.2012 (6)
  2. C:\system32\winlogon.exe <-- nicht normal?
    Log-Analyse und Auswertung - 22.12.2011 (3)
  3. Malwarebytes kann Winlogon\Shell (Backdoor.Agent) nicht löschen
    Log-Analyse und Auswertung - 30.10.2011 (22)
  4. The Cleaner 2012 findet .....Winlogon\Taskman - Trojan.Agent - System infiziert?
    Plagegeister aller Art und deren Bekämpfung - 07.03.2011 (2)
  5. C:\WINDOWS\System32\winlogon.exe Trojaner ?
    Plagegeister aller Art und deren Bekämpfung - 22.01.2011 (3)
  6. Winlogon prozess beendet - Pc startet nicht
    Alles rund um Windows - 02.01.2011 (2)
  7. Winlogon Prozess Beendet - Pc starten Windows nicht mehr!
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (0)
  8. C:\windows\system32/winlogon.exe (auswertung logfile)
    Log-Analyse und Auswertung - 12.09.2010 (29)
  9. Win32.Loader.O (DB) in C:\WINDOWS\SYSTEM32\WINLOGON.EXE und C:\WINDOWS\Explorer.EXE
    Plagegeister aller Art und deren Bekämpfung - 26.08.2010 (3)
  10. winlogon.exe und laufende nicht zu beendende Prozesse
    Log-Analyse und Auswertung - 26.07.2010 (43)
  11. Kann winlogon\taskman trojaner nicht entfernen, was tun?
    Plagegeister aller Art und deren Bekämpfung - 25.05.2010 (20)
  12. winlogon.exe/csrss.exe ? jemand entscheidet was ich darf und was nicht..Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2010 (10)
  13. Auf meinem MiniPC(acer), mit Windows 7, die datei winlogon.exe löschen????
    Plagegeister aller Art und deren Bekämpfung - 10.12.2009 (2)
  14. ntos.exe lässt sich nicht aus Winlogon entfernen
    Plagegeister aller Art und deren Bekämpfung - 12.09.2008 (10)
  15. Wie lösche ich C:\windows\system32\winlogon.exe
    Plagegeister aller Art und deren Bekämpfung - 30.03.2007 (2)
  16. Help: Winlogon.exe ist verseucht, und lässt sich nicht löschen.
    Plagegeister aller Art und deren Bekämpfung - 03.01.2007 (1)
  17. winlogon.exe ---> Windows Logon Procedure
    Plagegeister aller Art und deren Bekämpfung - 09.08.2005 (1)

Zum Thema winlogon.exe nicht in Windows/System 32 - Hallo euch allen das Thema gibt es schon aber da ich dort keine Berechtigung habe mache ich ein neues auf. Ich hab die Winlogon.EXE In C:\Dokumente und Einstellungen\Anwendungsdaten. Bitte routinemäßig - winlogon.exe nicht in Windows/System 32...
Archiv
Du betrachtest: winlogon.exe nicht in Windows/System 32 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.