Zurück   Trojaner-Board > Web/PC > Alles rund um Windows

Alles rund um Windows: Ausführen Dialog lässt sich nicht öffnen(Win7 x64)

Windows 7 Hilfe zu allen Windows-Betriebssystemen: Windows XP, Windows Vista, Windows 7, Windows 8(.1) und Windows 10 - als auch zu sämtlicher Windows-Software. Alles zu Windows 10 ist auch gerne willkommen. Bitte benenne etwaige Fehler oder Bluescreens unter Windows mit dem Wortlaut der Fehlermeldung und Fehlercode. Erste Schritte für Hilfe unter Windows.

Antwort
Alt 14.12.2010, 19:21   #1
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Problem: Ausführen Dialog lässt sich nicht öffnen(Win7 x64)



Hi

Wenn ich auf Ausführen klicke/Windows+e drücke kommt folgende Meldung:
Zitat:
Der Vorgang wurde aufgrund von aktuellen Beschränkungen auf dem Computer abgebrochen. Wenden Sie sich an den Systemadministrator.
Natürlich bin ich der Administrator.

Hijackthis Log:
HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:07:43, on 14.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal
 
Running processes:
D:\Program Files (x86)\WhatPulse\WhatPulse.exe
C:\Windows\SysWOW64\cmd.exe
D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe
D:\Programme\Mozilla Firefox 4.0 Beta 1\firefox.exe
D:\Program Files (x86)\TuneUp Utilities 2011\Integrator.exe
C:\Users\Messna\Desktop\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: The IP address should
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\ievkbd.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\Microsoft Office\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\Microsoft Office\Office14\URLREDIR.DLL
O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [AVP] "D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe"
O4 - HKCU\..\Run: [WhatPulse] D:\Program Files (x86)\WhatPulse\WhatPulse.exe
O4 - HKCU\..\Run: [Windows Update] \Server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - Startup: Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~2\Microsoft Office\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\ie_banner_deny.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~2\Microsoft Office\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~3\AVP9\mzvkbd3.dll,C:\PROGRA~3\AVP9\sbhook.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Kaspersky Security Suite CBE 10 (AVP) - Kaspersky Lab - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: lxdu_device - - C:\Windows\system32\lxducoms.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - D:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 9633 bytes
         
--- --- ---


Vielen Dank

Alt 15.12.2010, 13:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Anleitung / Hilfe



Hallo,

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 15.12.2010, 14:36   #3
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Details



Über den Taskmanager kann ich ganz normal CMD oder ähnliches ausführen, aber mit der Tastenkombination Windows+R gehts nicht.

O4 - HKCU\..\Run: [Windows Update] \Server.exe
Sollte ich den Eintrag nicht fixen?^^ Klingt so verdächtig, habs aber vorerst nur aus Autostart genommen.

€:Sorry, Post von cosinus nicht gelesen, log folgt
__________________

Alt 15.12.2010, 17:02   #4
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Lösung: Ausführen Dialog lässt sich nicht öffnen(Win7 x64)



Malwarebytes:
Zitat:
Malwarebytes' Anti-Malware 1.50
Malwarebytes

Datenbank Version: 5319

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.12.2010 17:24:00
mbam-log-2010-12-15 (17-24-00).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|S:\|)
Durchsuchte Objekte: 713429
Laufzeit: 1 Stunde(n), 29 Minute(n), 31 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 43

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\itunes.exe (Security.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{d08d9f98-1c78-4704-87e6-368b0023d831} (Adware.RelevantKnowledge) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\$Recycle.Bin\s-1-5-21-2139195342-347865021-1775352756-1000\$RR0UO3Q.exe (Trojan.Cospet) -> Quarantined and deleted successfully.
c:\Users\***\AppData\Roaming\microsoft\PROGRA~1.EXE (Trojan.FakeMS) -> Quarantined and deleted successfully.
s:\Server.exe (Trojan.Agent) -> Quarantined and deleted successfully.
s:\***\ski alpin\pztrain.exe (Malware.Packer.Gen) -> Not selected for removal.
s:\***\zoo tycoon2\pztrain.exe (Malware.Packer.Gen) -> Not selected for removal.
OTL Extras:
Code:
ATTFilter
OTL Extras logfile created on: 15.12.2010 17:30:23 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\***\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.024,00 Mb Total Physical Memory | 119,00 Mb Available Physical Memory | 12,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,29 Gb Total Space | 0,63 Gb Free Space | 2,15% Space Free | Partition Type: NTFS
Drive D: | 157,01 Gb Total Space | 15,09 Gb Free Space | 9,61% Space Free | Partition Type: NTFS
Drive M: | 962,20 Mb Total Space | 21,61 Mb Free Space | 2,25% Space Free | Partition Type: FAT
Drive S: | 186,31 Gb Total Space | 5,87 Gb Free Space | 3,15% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Programme\Mozilla Firefox 4.0 Beta 1\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "d:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "d:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "d:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "d:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AntiSpyWareDisableNotify" = 1
"AntiVirusDisableNotify" = 1
"AntiVirusOverride" = 1
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 1
"FirewallOverride" = 1
"AutoUpdateDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"UacDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 1
"FirewallOverride" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UacDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"FirstRunDisabled" = 0
"UacDisableNotify" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = d:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{104FB32A-7CE3-4C4B-B2AA-70C613FF9DFA}" = iTunes
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{26CFBB12-69A5-4EA1-A904-3382A37B0681}" = Nitro PDF Professional
"{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
"{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Professional
"{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0)
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.129
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.1.0
"Lexmark 5600-6600 Series" = Lexmark 5600-6600 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"nbi-nb-base-6.9.1.0.0" = NetBeans IDE 6.9.1
"NVIDIA Drivers" = NVIDIA Drivers
"SP6" = Logitech SetPoint 6.20
"Unlocker" = Unlocker 1.9.0-x64
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1A3696A0-31B9-4D2F-A5B6-FF6DD56BDE9D}_is1" = MyMenu 1.3
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 22
"{2FB1052B-2F3D-48CE-A65D-006240516ECE}_is1" = Tweak Me! Version 1.1.0.7
"{328019A7-0012-401D-96A2-4CDDD02675A8}" = Garmin POI Loader
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3CD5832D-13D9-4751-8B22-3A7D3F4ACA42}" = Quake Live Mozilla Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{42996E6D-2079-42E4-82C6-8EF063BAA50E}" = iLoad
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{510D2239-6C2E-457B-9590-485EC552D94D}" = Garmin USB Drivers
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6AE4D46-A845-45CF-A6B2-D5D62780EA69}_is1" = Piratenleben Sprachausgabe 1.0
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Professional Edition
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIDA64 Extreme Edition_is1" = AIDA64 Extreme Edition v1.00
"AV Voice Changer Software DIAMOND 7.0" = AV Voice Changer Software DIAMOND 7.0
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Cross Fire_is1" = Cross Fire En
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX-Setup
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"FirstloadIkarus" = Firstload Ikarus
"Foxit Reader" = Foxit Reader
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"HC51 9.60PL0" = HI-TECH C51-lite V9.60PL0
"HyperCam 3" = HyperCam 3
"ImgBurn" = ImgBurn
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Security Suite CBE 10
"KC Softwares SUMo_is1" = KC Softwares SUMo
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.6.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.1.4
"Mozilla Firefox 4.0b7 (x86 de)" = Mozilla Firefox 4.0b7 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"Opera 11.00.1029" = Opera 11.00 alpha build 1029
"Orbit_is1" = Orbit Downloader
"PICC 9.60PL0" = HI-TECH PICC lite V9.60PL0
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"Steam App 240" = Counter-Strike: Source
"Steam App 630" = Alien Swarm
"SUPER ©" = SUPER © Version 2010.bld.42 (Nov 7, 2010)
"TrueCrypt" = TrueCrypt
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"uTorrent" = µTorrent
"Virtual DJ Pro Full - Atomix Productions" = Virtual DJ Pro Full - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.5
"WBFS Manager 3.0" = WBFS Manager 3.0
"WhatPulse" = WhatPulse 1.7
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Worms Reloaded_is1" = Worms Reloaded
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"sc11-AT_ORF_MAIN" = Ski Challenge 11 (AT)
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.12.2010 07:51:22 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description = 
 
Error - 11.12.2010 07:51:22 | Computer Name = ***-PC | Source = VSS | ID = 13
Description = 
 
Error - 11.12.2010 07:51:22 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description = 
 
Error - 11.12.2010 07:52:09 | Computer Name = ***-PC | Source = VSS | ID = 13
Description = 
 
Error - 11.12.2010 07:52:09 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description = 
 
Error - 11.12.2010 07:52:10 | Computer Name = ***-PC | Source = VSS | ID = 13
Description = 
 
Error - 11.12.2010 07:52:10 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description = 
 
Error - 11.12.2010 07:52:10 | Computer Name = ***-PC | Source = VSS | ID = 13
Description = 
 
Error - 11.12.2010 07:52:10 | Computer Name = ***-PC | Source = VSS | ID = 12292
Description = 
 
Error - 11.12.2010 17:01:31 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WiiBaFu.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ceed7e9  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.7.1.0, Zeitstempel:
 0x4cd4ce16  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0010590f  ID des fehlerhaften Prozesses:
 0x17c0  Startzeit der fehlerhaften Anwendung: 0x01cb99766906bf58  Pfad der fehlerhaften
 Anwendung: C:\Users\***\Desktop\Wii Backup Fusion 0.8.5\WiiBaFu.exe  Pfad des 
fehlerhaften Moduls: C:\Users\***\Desktop\Wii Backup Fusion 0.8.5\QtCore4.dll
Berichtskennung:
 d3b50545-0569-11e0-be28-000feaec1e69
 
[ System Events ]
Error - 14.12.2010 10:24:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst OODefragAgent erreicht.
 
Error - 14.12.2010 10:24:31 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 14.12.2010 10:24:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst OODefragAgent erreicht.
 
Error - 14.12.2010 16:39:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst OODefragAgent erreicht.
 
Error - 15.12.2010 09:18:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 15.12.2010 09:18:50 | Computer Name = ***-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 15.12.2010 09:19:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst OODefragAgent erreicht.
 
Error - 15.12.2010 09:19:32 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst OODefragAgent erreicht.
 
Error - 15.12.2010 11:34:02 | Computer Name = ***-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Users\***\Desktop\MHS6.1\IUKJT
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 15.12.2010 11:34:02 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "JmfuZoyXBfg" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
 
< End of report >
         
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.12.2010 17:30:20 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\***\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1.024,00 Mb Total Physical Memory | 119,00 Mb Available Physical Memory | 12,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 59,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 29,29 Gb Total Space | 0,63 Gb Free Space | 2,15% Space Free | Partition Type: NTFS
Drive D: | 157,01 Gb Total Space | 15,09 Gb Free Space | 9,61% Space Free | Partition Type: NTFS
Drive M: | 962,20 Mb Total Space | 21,61 Mb Free Space | 2,25% Space Free | Partition Type: FAT
Drive S: | 186,31 Gb Total Space | 5,87 Gb Free Space | 3,15% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: ***| Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - D:\Programme\Mozilla Firefox 4.0 Beta 1\plugin-container.exe (Mozilla Corporation)
PRC - D:\Programme\Mozilla Firefox 4.0 Beta 1\firefox.exe (Mozilla Corporation)
PRC - D:\Program Files (x86)\SUPER\SUPER.exe (eRightSoft)
PRC - D:\Program Files (x86)\WhatPulse\WhatPulse.exe (WhatPulse.org)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (PnkBstrA) -- C:\Windows\SysNative\PnkBstrA.exe File not found
SRV:64bit: - (npggsvc) -- C:\Windows\SysNative\GameMon.des File not found
SRV:64bit: - (KMService) -- C:\Windows\SysNative\srvany.exe File not found
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (NitroDriverReadSpool) -- C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe (Nitro PDF Software)
SRV:64bit: - (lxdu_device) -- C:\Windows\SysNative\lxducoms.exe ( )
SRV:64bit: - (lxduCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxduserv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (OODefragAgent) -- D:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (TuneUp.UtilitiesSvc) -- D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (KMService) -- C:\Windows\SysWOW64\srvany.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files (x86)\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AVP) -- D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
SRV - (Microsoft SharePoint Workspace Audit Service) -- D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (lxdu_device) -- C:\Windows\SysWow64\lxducoms.exe ( )
SRV - (ABBYY.Licensing.FineReader.Professional.10.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (NPPTNT2) -- C:\Windows\SysNative\npptNT2.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\drivers\klbg.sys (Kaspersky Lab)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:64bit: - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\SysNative\drivers\RTKVAC64.SYS (Realtek Semiconductor Corp.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\SysNative\drivers\vcsvad.sys (Avnex)
DRV:64bit: - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (TuneUpUtilitiesDrv) -- D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 7D D3 2F 27 3B CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2600793&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/ig"
FF - prefs.js..extensions.enabledItems: amin.eft_Shutdown@gmail.com:3.6.2D
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: firegestures@xuldev.org:1.5.7
FF - prefs.js..extensions.enabledItems: {2f17f610-5e97-4fed-828f-9940b7b577a4}:1.5.6
FF - prefs.js..extensions.enabledItems: {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}:11.0.1
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.4
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:4.0.53.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: support@auto-hide-ip.com:1.0
FF - prefs.js..extensions.enabledItems: {536ea192-4331-47ea-8ac1-c334a845c9ee}:2.7.1.3
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "190.144.93.154"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "190.144.93.154"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "67.23.5.193"
FF - prefs.js..network.proxy.http_port: 443
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "190.144.93.154"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..network.proxy.http: "67.23.5.193"
FF - user.js..network.proxy.http_port: 443
FF - user.js..network.proxy.type: 0);user_pref("network.proxy.socks", ""
FF - user.js..network.proxy.socks_port: 0
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Components: D:\Programme\Mozilla Firefox 4.0 Beta 1\components [2010.11.17 19:17:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b7\extensions\\Plugins: D:\Programme\Mozilla Firefox 4.0 Beta 1\plugins [2010.12.10 10:38:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: D:\Program Files (x86)\Kaspersky Security Suite CBE 10\THBExt [2010.08.26 19:08:12 | 000,000,000 | ---D | M]
 
[2010.08.13 21:46:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2010.12.10 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3q00ksrp.Profile-Old\extensions
[2010.10.30 12:56:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3q00ksrp.Profile-Old\extensions\compatibility@addons.mozilla.org
[2010.11.03 17:31:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3q00ksrp.Profile-Old\extensions\elemhidehelper@adblockplus.org
[2010.08.31 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d5o2pxs4.default\extensions
[2010.08.31 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d5o2pxs4.default\extensions\compatibility@addons.mozilla.org
[2010.08.31 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d5o2pxs4.default\extensions\elemhidehelper@adblockplus.org
[2010.08.31 11:18:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\d5o2pxs4.default\extensions\firegestures@xuldev.org
 
O1 HOSTS File: ([2010.11.23 20:32:39 | 000,001,289 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: The IP address should
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll ()
O4:64bit: - HKLM..\Run: [EvtMgr6] D:\Programme\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [AVP] D:\Program Files (x86)\Kaspersky Security Suite CBE 10\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [WhatPulse] D:\Program Files (x86)\WhatPulse\WhatPulse.exe (WhatPulse.org)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] d:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 10\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~3\AVP9\mzvkbd3.dll) - C:\ProgramData\AVP9\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~3\AVP9\sbhook.dll) - C:\ProgramData\AVP9\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.12 17:43:56 | 000,000,000 | ---- | M] () - S:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell - "" = AutoRun
O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.15 17:27:34 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.15 17:21:42 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\SysWow64\devil.dll
[2010.12.15 17:21:42 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\SysWow64\avisynth.dll
[2010.12.15 17:21:41 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\i420vfw.dll
[2010.12.15 17:21:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AviSynth 2.5
[2010.12.15 17:17:32 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLVorbisDec.ax
[2010.12.15 17:17:32 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSSplitter.ax
[2010.12.15 17:17:32 | 000,090,112 | RHS- | C] (-) -- C:\Windows\SysWow64\TTADSDecoder.ax
[2010.12.15 17:17:31 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\SysWow64\pncrt.dll
[2010.12.15 17:17:31 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\SysWow64\nbDX.dll
[2010.12.15 17:17:31 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\SysWow64\RLOgg.ax
[2010.12.15 17:17:31 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\DiracSplitter.ax
[2010.12.15 17:17:31 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\MatroskaDX.ax
[2010.12.15 17:17:31 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\flvDX.dll
[2010.12.15 17:17:31 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\SysWow64\RealMediaDX.ax
[2010.12.15 17:17:31 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\SysWow64\AVCDX.ax
[2010.12.15 17:17:31 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\SysWow64\RLTheoraDec.ax
[2010.12.15 17:17:31 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\SysWow64\msfDX.dll
[2010.12.15 17:15:28 | 029,508,222 | ---- | C] (eRightSoft   ) -- C:\Users\***\Desktop\SUPERsetup42.exe
[2010.12.15 17:13:30 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2010.12.15 15:39:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.12.15 15:39:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.15 15:39:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.15 15:38:58 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.14 20:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.12.14 20:23:50 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\***\Desktop\spybotsd162.exe
[2010.12.14 20:04:24 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backups
[2010.12.14 16:33:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\.bsnes
[2010.12.11 21:59:31 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Wii Backup Fusion 0.8.5
[2010.12.11 14:14:02 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\oodag
[2010.12.11 13:05:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Firstload Ikarus
[2010.12.11 13:04:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Verimount
[2010.12.11 12:50:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\O&O
[2010.12.11 12:48:31 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2010.12.11 12:38:53 | 000,000,000 | ---D | C] -- C:\downloads
[2010.12.10 15:58:30 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\QuickPar
[2010.12.10 12:19:07 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\PJ64 1.7.50
[2010.12.10 12:05:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LogiShrd
[2010.12.10 12:04:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Logishrd
[2010.12.10 11:04:51 | 000,839,680 | ---- | C] (hxxp://www.mp3dev.org/) -- C:\Windows\SysWow64\lameACM.acm
[2010.12.10 11:04:50 | 000,151,552 | ---- | C] (fccHandler) -- C:\Windows\SysWow64\ac3acm.acm
[2010.12.10 11:04:50 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\SysWow64\yv12vfw.dll
[2010.12.10 00:21:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\National Instruments
[2010.12.05 17:36:48 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.12.05 17:36:47 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2010.12.05 17:36:47 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.12.05 17:36:47 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.12.02 20:23:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HI-TECH Software
[2010.12.02 20:20:15 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\National Instruments
[2010.12.02 20:18:15 | 000,000,000 | ---D | C] -- C:\Programme\National Instruments
[2010.12.02 20:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\National Instruments
[2010.12.02 18:53:34 | 000,000,000 | ---D | C] -- C:\Users\***\.netbeans
[2010.12.02 18:53:08 | 000,000,000 | ---D | C] -- C:\Users\***\.netbeans-registration
[2010.12.02 18:17:37 | 000,000,000 | ---D | C] -- C:\Users\***\.nbi
[2010.12.02 18:15:08 | 000,521,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010.12.02 18:15:08 | 000,189,216 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010.12.02 18:15:08 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010.12.02 18:15:08 | 000,171,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010.11.29 20:15:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\KC Softwares
[2010.11.27 21:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\createpart
[2010.11.27 21:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\explauncher
[2010.11.27 21:54:34 | 000,000,000 | ---D | C] -- C:\ProgramData\launcher
[2010.11.27 21:20:48 | 000,037,392 | ---- | C] (Paragon Software Group) -- C:\Windows\SysNative\drivers\hotcore3.sys
[2010.11.25 08:47:32 | 002,250,568 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr
[2010.11.25 08:46:10 | 000,349,512 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2010.11.25 08:45:58 | 000,535,880 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll
[2010.11.25 08:45:40 | 000,010,056 | ---- | C] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2010.11.24 16:55:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\VirtualDJ
[2010.11.24 16:03:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.11.22 21:11:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2010.11.20 23:35:13 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.11.20 23:35:13 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.11.20 23:35:11 | 020,280,936 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.11.20 23:35:11 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.11.20 23:35:10 | 001,308,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvgenco642030.dll
[2010.11.20 23:35:09 | 001,500,264 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco642050.dll
[2010.11.20 23:35:08 | 012,787,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.11.20 23:35:07 | 010,021,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2010.11.20 23:35:07 | 002,911,848 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.11.20 23:35:06 | 003,112,552 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.11.20 23:35:06 | 002,934,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.11.20 23:35:05 | 006,470,760 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.11.20 23:35:05 | 004,836,456 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.11.20 23:35:05 | 002,666,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.11.20 23:35:02 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.11.20 23:35:01 | 018,597,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.11.20 23:35:01 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.11.20 23:11:22 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.11.20 22:50:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GrabPro
[2010.11.20 22:43:22 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Deployment
[2010.11.20 22:28:06 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.11.20 22:28:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.11.20 22:28:06 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.11.19 23:51:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\mIRC
[2010.11.19 23:46:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Steganos
[2010.11.19 23:42:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\codeblocks
[2010.11.19 23:40:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Process Hacker
[2010.11.19 20:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thinstall
[2010.11.19 20:54:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thinstall
[2010.11.18 16:55:35 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.11.18 16:55:33 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010.11.18 16:55:32 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2010.09.13 13:53:58 | 001,058,624 | ---- | C] (TuneUp Software) -- C:\Users\***\AppData\Local\77292.exe
[2010.09.13 13:53:45 | 001,058,624 | ---- | C] (TuneUp Software) -- C:\Users\***\AppData\Local\826333.exe
[2010.08.14 16:26:20 | 000,860,160 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduusb1.dll
[2010.08.14 16:26:20 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdupmui.dll
[2010.08.14 16:26:20 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduinpa.dll
[2010.08.14 16:26:20 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduiesc.dll
[2010.08.14 16:26:19 | 001,069,056 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduserv.dll
[2010.08.14 16:26:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxduhbn3.dll
[2010.08.14 16:26:19 | 000,577,536 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdulmpm.dll
[2010.08.14 16:26:18 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomm.dll
[2010.08.14 16:26:17 | 000,761,856 | ---- | C] ( ) -- C:\Windows\SysWow64\lxducomc.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.15 17:33:13 | 000,367,224 | ---- | M] (RegNow.com) -- C:\Users\***\Desktop\Download_iOrgSoftAMVConverter3.3.8_trial.exe
[2010.12.15 17:27:34 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.12.15 17:17:34 | 000,000,819 | ---- | M] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.12.15 17:17:34 | 000,000,795 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.12.15 17:16:12 | 029,508,222 | ---- | M] (eRightSoft   ) -- C:\Users\***\Desktop\SUPERsetup42.exe
[2010.12.15 15:39:05 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.15 14:49:27 | 002,015,011 | ---- | M] () -- C:\Users\***\Desktop\miranda-im-v0.9.13-x64.7z
[2010.12.15 14:18:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.14 21:26:36 | 001,619,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.14 21:26:36 | 000,699,848 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.14 21:26:36 | 000,654,560 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.14 21:26:36 | 000,148,644 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.14 21:26:36 | 000,121,432 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.14 20:27:06 | 000,000,954 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2010.12.14 20:24:37 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\***\Desktop\spybotsd162.exe
[2010.12.14 16:37:50 | 000,965,199 | ---- | M] () -- C:\Users\***\Desktop\vSNES291_exec.rar
[2010.12.14 15:40:31 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.14 15:40:31 | 000,017,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.13 21:01:41 | 000,079,147 | ---- | M] () -- C:\Users\***\Desktop\gesendeteauftraege.pdf
[2010.12.11 12:49:57 | 000,002,757 | ---- | M] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2010.12.10 22:17:43 | 004,150,938 | ---- | M] () -- C:\Users\***\Desktop\CheatEngine6Alpha17.rar
[2010.12.10 20:59:22 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\Firstload Ikarus.lnk
[2010.12.10 15:57:56 | 000,000,721 | ---- | M] () -- C:\Users\***\Desktop\QuickPar.lnk
[2010.12.10 12:19:59 | 000,001,314 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.12.10 12:14:07 | 004,969,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.10 12:13:33 | 804,950,016 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.10 12:03:43 | 000,018,960 | ---- | M] (Logitech, Inc.) -- C:\Windows\SysNative\drivers\LNonPnP.sys
[2010.12.09 10:03:59 | 000,000,729 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.09 09:32:56 | 001,044,437 | ---- | M] () -- C:\Users\***\Desktop\megui-0_3_1_1001.exe
[2010.12.09 09:28:20 | 005,424,911 | ---- | M] () -- C:\Users\***\Desktop\mkvtoolnix-unicode-4.4.0.7z
[2010.12.09 09:14:44 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.12.09 09:14:43 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.12.05 17:36:44 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2010.12.05 13:01:26 | 000,000,825 | ---- | M] () -- C:\Users\***\Documents\M64Cheats.lssave
[2010.12.02 19:05:21 | 000,043,520 | ---- | M] () -- C:\Users\***\Desktop\Werkstaettenbericht.doc
[2010.12.02 18:44:36 | 000,000,947 | ---- | M] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2010.12.02 18:14:06 | 000,521,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\deployJava1.dll
[2010.12.02 18:14:06 | 000,189,216 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaws.exe
[2010.12.02 18:14:06 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\javaw.exe
[2010.12.02 18:14:06 | 000,171,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysNative\java.exe
[2010.11.29 21:32:22 | 000,000,799 | ---- | M] () -- C:\Users\***\Desktop\Ski Challenge 11 (AT) starten.lnk
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.27 21:20:10 | 000,001,998 | ---- | M] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 11 Professional.lnk
[2010.11.25 08:47:32 | 002,250,568 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\ooscrsav.scr
[2010.11.25 08:46:10 | 000,349,512 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbs.exe
[2010.11.25 08:45:58 | 000,535,880 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodssrs.dll
[2010.11.25 08:45:40 | 000,010,056 | ---- | M] (O&O Software GmbH) -- C:\Windows\SysNative\oodbsrs.dll
[2010.11.24 19:00:00 | 000,136,704 | ---- | M] () -- C:\Windows\SysNative\ff_vfw.dll
[2010.11.24 16:55:36 | 000,000,745 | ---- | M] () -- C:\Users\***\Desktop\Virtual DJ Pro.lnk
[2010.11.24 09:00:00 | 000,108,032 | ---- | M] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.11.24 09:00:00 | 000,000,038 | ---- | M] () -- C:\Windows\avisplitter.ini
[2010.11.20 23:08:02 | 000,000,733 | ---- | M] () -- C:\Users\Public\Desktop\FlashFXP.lnk
[2010.11.19 23:51:58 | 000,034,308 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.11.19 23:50:58 | 000,000,851 | ---- | M] () -- C:\Users\***\Desktop\Password Manager.lnk
[2010.11.19 23:28:32 | 000,000,609 | -H-- | M] () -- C:\Users\***\AppData\Roaming\***log.dat
[2010.11.19 23:24:38 | 000,062,931 | ---- | M] () -- C:\Users\***\AppData\Roaming\***3SQLite3.dll
[2010.11.19 16:53:48 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2010.11.19 16:49:14 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2010.11.19 16:49:12 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2010.11.19 16:49:08 | 000,036,160 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2010.11.19 16:49:04 | 000,029,504 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.15 17:21:41 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.15 17:17:34 | 000,000,819 | ---- | C] () -- C:\Users\Public\Desktop\SUPER © Uninstall.lnk
[2010.12.15 17:17:34 | 000,000,795 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2010.12.15 17:17:31 | 000,227,328 | RHS- | C] () -- C:\Windows\SysWow64\ac3DX.ax
[2010.12.15 17:17:31 | 000,175,104 | RHS- | C] () -- C:\Windows\SysWow64\CoreAAC.ax
[2010.12.15 17:17:31 | 000,120,832 | RHS- | C] () -- C:\Windows\SysWow64\MPCDx.ax
[2010.12.15 17:17:31 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\RLMPCDec.ax
[2010.12.15 17:17:31 | 000,097,280 | RHS- | C] () -- C:\Windows\SysWow64\FLACDX.ax
[2010.12.15 17:17:31 | 000,081,920 | RHS- | C] () -- C:\Windows\SysWow64\aac_parser.ax
[2010.12.15 17:17:31 | 000,070,656 | RHS- | C] () -- C:\Windows\SysWow64\RLAPEDec.ax
[2010.12.15 17:17:31 | 000,051,712 | RHS- | C] () -- C:\Windows\SysWow64\RLSpeexDec.ax
[2010.12.15 15:39:05 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.15 14:49:27 | 002,015,011 | ---- | C] () -- C:\Users\***\Desktop\miranda-im-v0.9.13-x64.7z
[2010.12.14 20:27:06 | 000,000,954 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2010.12.14 16:37:48 | 000,965,199 | ---- | C] () -- C:\Users\***\Desktop\vSNES291_exec.rar
[2010.12.13 21:01:31 | 000,079,147 | ---- | C] () -- C:\Users\***\Desktop\gesendeteauftraege.pdf
[2010.12.11 12:49:57 | 000,002,757 | ---- | C] () -- C:\Users\Public\Desktop\O&O Defrag.lnk
[2010.12.10 22:14:48 | 004,150,938 | ---- | C] () -- C:\Users\***\Desktop\CheatEngine6Alpha17.rar
[2010.12.10 22:02:03 | 000,191,488 | ---- | C] () -- C:\Windows\SysNative\unrar.dll
[2010.12.10 22:02:02 | 000,136,704 | ---- | C] () -- C:\Windows\SysNative\ff_vfw.dll
[2010.12.10 20:59:22 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\Firstload Ikarus.lnk
[2010.12.10 15:57:56 | 000,000,721 | ---- | C] () -- C:\Users\***\Desktop\QuickPar.lnk
[2010.12.10 12:05:06 | 000,001,314 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
[2010.12.10 11:04:51 | 000,000,414 | ---- | C] () -- C:\Windows\SysWow64\lame_acm.xml
[2010.12.10 11:04:51 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.12.10 11:04:50 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.10 11:04:50 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.10 11:04:50 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010.12.09 10:03:58 | 000,000,729 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2010.12.09 09:32:55 | 001,044,437 | ---- | C] () -- C:\Users\***\Desktop\megui-0_3_1_1001.exe
[2010.12.09 09:28:05 | 005,424,911 | ---- | C] () -- C:\Users\***\Desktop\mkvtoolnix-unicode-4.4.0.7z
[2010.12.02 18:44:35 | 000,000,947 | ---- | C] () -- C:\Users\Public\Desktop\NetBeans IDE 6.9.1.lnk
[2010.11.29 21:32:22 | 000,000,799 | ---- | C] () -- C:\Users\***\Desktop\Ski Challenge 11 (AT) starten.lnk
[2010.11.27 21:20:10 | 000,001,998 | ---- | C] () -- C:\Users\Public\Desktop\Paragon Partition Manager™ 11 Professional.lnk
[2010.11.24 16:55:36 | 000,000,745 | ---- | C] () -- C:\Users\***\Desktop\Virtual DJ Pro.lnk
[2010.11.19 23:51:58 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
[2010.11.19 23:50:02 | 000,000,851 | ---- | C] () -- C:\Users\***\Desktop\Password Manager.lnk
[2010.11.19 23:24:38 | 000,062,931 | ---- | C] () -- C:\Users\***\AppData\Roaming\***3SQLite3.dll
[2010.10.24 20:08:20 | 000,000,167 | ---- | C] () -- C:\ProgramData\nbinst.ini
[2010.10.24 19:30:54 | 000,000,167 | ---- | C] () -- C:\ProgramData\nb558temp.ini
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.09.14 14:02:34 | 001,639,226 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.09.11 16:04:36 | 003,799,951 | ---- | C] () -- C:\Windows\SysWow64\erdmpg-6.dll
[2010.08.26 14:08:20 | 000,005,120 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.22 16:00:19 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010.08.14 16:34:56 | 000,000,089 | ---- | C] () -- C:\ProgramData\lxdu.log
[2010.08.14 16:28:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2010.08.14 16:28:06 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2010.08.14 16:28:05 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2010.08.14 16:26:21 | 000,389,120 | ---- | C] () -- C:\Windows\SysWow64\LXDUinst.dll
[2010.08.14 16:26:21 | 000,335,872 | ---- | C] () -- C:\Windows\SysWow64\lxducomx.dll
[2010.08.14 14:07:09 | 000,000,000 | ---- | C] () -- C:\ProgramData\UpdaterLog.txt
[2010.08.14 00:08:41 | 000,154,144 | ---- | C] () -- C:\Windows\SysWow64\RTLCPAPI.dll
[2010.06.25 18:03:12 | 000,053,299 | ---- | C] () -- C:\Windows\SysWow64\pthreadVC.dll
[2009.09.16 16:27:58 | 000,508,224 | ---- | C] () -- C:\Windows\SysWow64\ICCProfiles.dll
[2009.07.29 10:35:54 | 002,378,752 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2005.04.08 03:16:43 | 000,000,609 | -H-- | C] () -- C:\Users\***\AppData\Roaming\***log.dat

< End of report >
         
--- --- ---

MfG

Alt 16.12.2010, 10:16   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Wie Ausführen Dialog lässt sich nicht öffnen(Win7 x64)



Zitat:
Mozilla Firefox 4.0 Beta 1
Warum verwendest du eine Betaversion?


Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "190.144.93.154"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "190.144.93.154"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "67.23.5.193"
FF - prefs.js..network.proxy.http_port: 443
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.ssl: "190.144.93.154"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js..network.proxy.http: "67.23.5.193"
FF - user.js..network.proxy.http_port: 443
FF - user.js..network.proxy.type: 0);user_pref("network.proxy.socks", ""
FF - user.js..network.proxy.socks_port: 0
O32 - AutoRun File - [2010.02.12 17:43:56 | 000,000,000 | ---- | M] () - S:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell - "" = AutoRun
O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
[2010.12.15 17:21:41 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.12.2010, 14:34   #6
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Wo Ausführen Dialog lässt sich nicht öffnen(Win7 x64) Lösung!



Es scheint wieder alles zu gehen, vielen Dank.
Zu Firefox: Ich verwende gerne aktuelle Versionen, wenn sie nicht Abstürzen oder extrem viele Bugs haben. Vorallem bei Programmen, die ich jeden Tag verwende.

OTL Log:
Code:
ATTFilter
All processes killed
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.ftp: ""> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.ftp_port: 0> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.gopher: ""> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.gopher_port: 0> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.socks: ""> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.socks_port: 0> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.ssl: ""> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.backup.ssl_port: 0> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.ftp: "190.144.93.154"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.ftp_port: 8080> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.gopher: "190.144.93.154"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.gopher_port: 8080> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.http: "67.23.5.193"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.http_port: 443> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.share_proxy_settings: true> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.ssl: "190.144.93.154"> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.ssl_port: 8080> in the current context!
Error: Unable to interpret <FF - prefs.js..network.proxy.type: 0> in the current context!
Error: Unable to interpret <FF - user.js..network.proxy.http: "67.23.5.193"> in the current context!
Error: Unable to interpret <FF - user.js..network.proxy.http_port: 443> in the current context!
Error: Unable to interpret <FF - user.js..network.proxy.type: 0);user_pref("network.proxy.socks", ""> in the current context!
Error: Unable to interpret <FF - user.js..network.proxy.socks_port: 0> in the current context!
Error: Unable to interpret <O32 - AutoRun File - [2010.02.12 17:43:56 | 000,000,000 | ---- | M] () - S:\AUTOEXEC.BAT -- [ NTFS ]> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell - "" = AutoRun> in the current context!
Error: Unable to interpret <O33 - MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found> in the current context!
Error: Unable to interpret <[2010.12.15 17:21:41 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll> in the current context!
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: ***
->Temp folder emptied: 9105535 bytes
->Temporary Internet Files folder emptied: 91294704 bytes
->Java cache emptied: 10938366 bytes
->FireFox cache emptied: 185263983 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 80912 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1619120 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66156 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 250213719 bytes
 
Total Files Cleaned = 523,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 12162010_152246

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 16.12.2010, 15:56   #7
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64)



Lol der Rechtsklick funktioniert am Desktop nicht. Hab schon alles versucht, geht nicht mal mit der Tastaturmaus.

Alt 16.12.2010, 19:22   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64)



Zitat:
Ich verwende gerne aktuelle Versionen, wenn sie nicht Abstürzen oder extrem viele Bugs haben.
Sry aber mit dieser Begründung eine Beta zu nutzen ist absurd
Eine Beta ist ausdrücklich zum Testen da, sie enthält noch viele Fehler und ist wahrscheinlich instabil!

Außerdem hast du im Script das ":OTL" (erste Zeile!) nicht mitkopiert trotz meines deutlichen Hinweises!!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2010, 18:07   #9
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64)



Bei Firefox konnte ich eigentlich noch keinen richtigen Bug finden. Das einzige, was mich nervt ist, dass einige Addons nicht funktionieren^^.

Nochmal der OTL Log:
Code:
ATTFilter
All processes killed
========== OTL ==========
Prefs.js: "" removed from network.proxy.backup.ftp
Prefs.js: 0 removed from network.proxy.backup.ftp_port
Prefs.js: "" removed from network.proxy.backup.gopher
Prefs.js: 0 removed from network.proxy.backup.gopher_port
Prefs.js: "" removed from network.proxy.backup.socks
Prefs.js: 0 removed from network.proxy.backup.socks_port
Prefs.js: "" removed from network.proxy.backup.ssl
Prefs.js: 0 removed from network.proxy.backup.ssl_port
Prefs.js: "190.144.93.154" removed from network.proxy.ftp
Prefs.js: 8080 removed from network.proxy.ftp_port
Prefs.js: "190.144.93.154" removed from network.proxy.gopher
Prefs.js: 8080 removed from network.proxy.gopher_port
Prefs.js: "67.23.5.193" removed from network.proxy.http
Prefs.js: 443 removed from network.proxy.http_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Prefs.js: "190.144.93.154" removed from network.proxy.ssl
Prefs.js: 8080 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
C:\Users\Messna\AppData\Roaming\Mozilla\FireFox\Profiles\d5o2pxs4.default\user.js moved successfully.
S:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e080956d-a7cc-11df-9e92-000feaec1e69}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e080956d-a7cc-11df-9e92-000feaec1e69}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e080956d-a7cc-11df-9e92-000feaec1e69}\ not found.
File L:\autorun.exe not found.
C:\Windows\SysWOW64\AVSredirect.dll moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Messna
->Temp folder emptied: 839961 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 165693768 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1331 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 19810768 bytes
 
Total Files Cleaned = 178,00 mb
 
 
OTL by OldTimer - Version 3.2.17.3 log created on 12162010_211514

Files\Folders moved on Reboot...
C:\Users\Messna\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Alt 19.12.2010, 14:14   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.12.2010, 21:23   #11
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]



Code:
ATTFilter
ComboFix 10-12-18.02 - *** 19.12.2010  21:57:59.1.1 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.43.1031.18.1024.561 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: Kaspersky Security Suite CBE 10 *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Security Suite CBE 10 *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Security Suite CBE 10 *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\***\AppData\Local\77292.exe
c:\users\***\AppData\Local\826333.exe
c:\users\***\AppData\Roaming\EurekaLog

.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_RelevantKnowledge


(((((((((((((((((((((((   Dateien erstellt von 2010-11-19 bis 2010-12-19  ))))))))))))))))))))))))))))))
.

2010-12-19 21:07 . 2010-12-19 21:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-19 18:16 . 2010-05-12 08:42	631616	----a-w-	C:\MSVCP100D.dll
2010-12-19 18:14 . 2010-05-12 08:42	631616	----a-w-	c:\windows\system32\MSVCP100D.dll
2010-12-17 21:28 . 2010-01-06 12:13	506368	----a-w-	c:\windows\SysWow64\sqlite3.dll
2010-12-16 15:53 . 1998-10-09 12:02	75776	----a-w-	c:\windows\SysWow64\DWSPY36.dll
2010-12-16 15:53 . 1998-09-01 00:09	140800	----a-w-	c:\windows\SysWow64\DWSHK36.OCX
2010-12-16 14:22 . 2010-12-16 14:22	--------	d-----w-	C:\_OTL
2010-12-15 20:42 . 2010-12-18 12:06	--------	d-----w-	c:\users\***\AppData\Roaming\IDM
2010-12-15 20:42 . 2010-12-19 21:13	--------	d-----w-	c:\users\***\AppData\Roaming\DMCache
2010-12-15 17:12 . 2010-12-15 17:12	--------	d-----w-	c:\users\***\AppData\Roaming\Apowersoft
2010-12-15 16:33 . 2010-12-15 16:33	--------	d-----w-	c:\users\***\AppData\Roaming\GetRightToGo
2010-12-15 16:21 . 2009-09-27 08:39	369152	----a-w-	c:\windows\SysWow64\avisynth.dll
2010-12-15 16:21 . 2004-02-22 09:11	719872	----a-w-	c:\windows\SysWow64\devil.dll
2010-12-15 16:21 . 2004-01-24 23:00	70656	----a-w-	c:\windows\SysWow64\i420vfw.dll
2010-12-15 16:21 . 2010-12-15 16:21	--------	d-----w-	c:\program files (x86)\AviSynth 2.5
2010-12-15 16:13 . 2010-12-15 16:13	--------	d-----w-	C:\AV_LOGS
2010-12-15 14:39 . 2010-12-15 14:39	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-12-15 14:39 . 2010-11-29 16:42	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-15 14:39 . 2010-12-15 14:39	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-15 14:38 . 2010-11-29 16:42	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 19:26 . 2010-12-19 20:52	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-12-14 15:33 . 2010-12-14 15:33	--------	d-----w-	c:\users\***\AppData\Roaming\.bsnes
2010-12-11 13:14 . 2010-12-11 14:14	--------	d-----w-	c:\windows\system32\oodag
2010-12-11 12:04 . 2010-12-11 12:04	--------	d-----w-	c:\users\***\AppData\Roaming\Verimount
2010-12-11 11:50 . 2010-12-11 11:50	--------	d-----w-	c:\users\***\AppData\Local\O&O
2010-12-11 11:48 . 2010-12-11 11:48	--------	d-----w-	c:\users\***\AppData\Local\Downloaded Installations
2010-12-11 11:38 . 2010-12-11 11:38	--------	d-----w-	C:\downloads
2010-12-10 21:02 . 2010-03-15 10:31	191488	----a-w-	c:\windows\system32\unrar.dll
2010-12-10 21:02 . 2010-11-24 18:00	136704	----a-w-	c:\windows\system32\ff_vfw.dll
2010-12-10 14:58 . 2010-12-10 15:06	--------	d-----w-	c:\users\***\AppData\Local\QuickPar
2010-12-10 11:19 . 2010-12-10 11:19	53248	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-10 11:05 . 2010-12-10 11:05	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2010-12-10 11:04 . 2010-12-10 11:04	--------	d-----w-	c:\users\***\AppData\Local\Logishrd
2010-12-10 10:04 . 2008-09-24 19:41	839680	----a-w-	c:\windows\SysWow64\lameACM.acm
2010-12-10 10:04 . 2010-11-24 08:00	108032	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2010-12-10 10:04 . 2010-06-08 17:10	790528	----a-w-	c:\windows\SysWow64\xvidcore.dll
2010-12-10 10:04 . 2010-06-08 17:10	134144	----a-w-	c:\windows\SysWow64\xvidvfw.dll
2010-12-10 10:04 . 2010-01-17 16:18	151552	----a-w-	c:\windows\SysWow64\ac3acm.acm
2010-12-10 10:04 . 2004-01-24 23:00	70656	----a-w-	c:\windows\SysWow64\yv12vfw.dll
2010-12-09 23:21 . 2010-12-09 23:21	--------	d-----w-	c:\users\***\AppData\Roaming\National Instruments
2010-12-09 08:02 . 2010-12-09 05:40	139840	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2010-12-05 16:36 . 2010-11-19 15:49	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2010-12-05 16:36 . 2010-11-19 15:49	25920	----a-w-	c:\windows\system32\authuitu.dll
2010-12-05 16:36 . 2010-11-19 15:49	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2010-12-05 16:36 . 2010-11-19 15:49	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2010-12-02 19:23 . 2010-12-02 19:23	--------	d-----w-	c:\program files (x86)\HI-TECH Software
2010-12-02 19:21 . 2000-01-28 17:17	557328	----a-w-	c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2010-12-02 19:18 . 2010-12-02 19:18	--------	d-----w-	c:\program files\National Instruments
2010-12-02 19:14 . 2010-12-10 09:38	--------	d-----w-	c:\programdata\National Instruments
2010-12-02 17:53 . 2010-12-02 19:14	--------	d-----w-	c:\users\***\.netbeans
2010-12-02 17:53 . 2010-12-02 17:53	--------	d-----w-	c:\users\***\.netbeans-registration
2010-12-02 17:17 . 2010-12-02 17:58	--------	d-----w-	c:\users\***\.nbi
2010-12-02 17:15 . 2010-12-02 17:14	521448	----a-w-	c:\windows\system32\deployJava1.dll
2010-11-29 19:15 . 2010-11-29 19:15	--------	d-----w-	c:\users\***\AppData\Roaming\KC Softwares
2010-11-27 20:55 . 2010-11-27 20:55	--------	d-----w-	c:\programdata\createpart
2010-11-27 20:54 . 2010-11-27 20:54	--------	d-----w-	c:\programdata\explauncher
2010-11-27 20:54 . 2010-11-27 20:54	--------	d-----w-	c:\programdata\launcher
2010-11-27 20:20 . 2010-05-20 14:26	37392	----a-w-	c:\windows\system32\drivers\hotcore3.sys
2010-11-25 07:47 . 2010-11-25 07:47	2250568	----a-w-	c:\windows\system32\ooscrsav.scr
2010-11-25 07:46 . 2010-11-25 07:46	349512	----a-w-	c:\windows\system32\oodbs.exe
2010-11-25 07:45 . 2010-11-25 07:45	535880	----a-w-	c:\windows\system32\oodssrs.dll
2010-11-25 07:45 . 2010-11-25 07:45	10056	----a-w-	c:\windows\system32\oodbsrs.dll
2010-11-24 15:08 . 2010-10-19 08:47	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-11-24 15:08 . 2010-10-19 08:10	7680	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll
2010-11-22 20:11 . 2010-11-22 20:14	--------	d-----w-	c:\users\***\AppData\Roaming\DAEMON Tools Lite
2010-11-20 22:11 . 2010-11-22 20:12	--------	d-----w-	c:\programdata\DAEMON Tools Lite
2010-11-20 21:50 . 2010-11-20 21:50	--------	d-----w-	c:\users\***\AppData\Roaming\GrabPro
2010-11-20 21:43 . 2010-11-20 21:45	--------	d-----w-	c:\users\***\AppData\Local\Deployment
2010-11-19 22:51 . 2010-11-19 22:53	--------	d-----w-	c:\users\***\AppData\Roaming\mIRC
2010-11-19 22:46 . 2010-11-19 22:50	--------	d-----w-	c:\users\***\AppData\Roaming\Steganos
2010-11-19 22:42 . 2010-11-19 22:43	--------	d-----w-	c:\users\***\AppData\Roaming\codeblocks
2010-11-19 22:40 . 2010-11-19 22:42	--------	d-----w-	c:\users\***\AppData\Roaming\Process Hacker
2010-11-19 22:24 . 2010-11-19 22:24	62931	----a-w-	c:\users\***\AppData\Roaming\***3SQLite3.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 11:03 . 2010-08-14 08:08	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2010-11-19 15:53 . 2010-10-22 16:33	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2010-11-02 16:38 . 2010-11-02 16:23	235248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2010-11-02 16:38 . 2010-11-02 16:23	235248	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2010-10-30 14:39 . 2010-10-30 14:39	75064	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2010-10-30 14:39 . 2010-10-30 14:39	2373712	----a-w-	c:\windows\SysWow64\pbsvc.exe
2010-10-14 00:36 . 2010-10-14 00:36	15451288	----a-w-	c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36	13642904	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2010-10-08 08:47 . 2010-08-14 08:16	2159720	----a-w-	c:\windows\system32\nvapi64.dll
2010-10-08 08:47 . 2010-08-14 08:16	1718376	----a-w-	c:\windows\SysWow64\nvapi.dll
2010-10-08 01:22 . 2010-10-08 01:22	5891176	----a-w-	c:\windows\system32\nvcpl.dll
2010-10-08 01:21 . 2010-10-08 01:21	2590824	----a-w-	c:\windows\system32\nvsvc64.dll
2010-10-08 01:20 . 2010-10-08 01:20	116328	----a-w-	c:\windows\system32\nvmctray.dll
2010-10-08 01:20 . 2010-10-08 01:20	990312	----a-w-	c:\windows\system32\nvvsvc.exe
2010-10-08 01:20 . 2010-10-08 01:20	1881704	----a-w-	c:\windows\system32\nvsvcr.dll
2010-09-30 17:16 . 2010-09-30 17:16	348160	----a-w-	c:\windows\system32\MSVCR71.dll
2010-09-24 19:26 . 2010-09-24 19:26	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2010-09-24 19:26 . 2010-09-24 19:26	122968	----a-w-	c:\windows\system32\OpenAL32.dll
2010-09-24 19:26 . 2010-09-24 19:26	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2010-09-24 19:26 . 2010-09-24 19:26	109144	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2010-09-22 22:32 . 2010-09-22 22:32	301936	----a-w-	c:\windows\WLXPGSS.SCR
2010-09-22 19:06 . 2010-09-22 19:06	230352	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2010-09-21 12:49 . 2010-09-21 12:49	252800	----a-w-	c:\windows\system32\LIVESSP.DLL
2010-09-21 12:03 . 2010-09-21 12:03	208768	----a-w-	c:\windows\SysWow64\LIVESSP.DLL
2006-05-03 10:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="d:\program files (x86)\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files (x86)\Kaspersky Security Suite CBE 10\avp.exe" [2010-05-06 361120]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderInfo"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\AVP9\mzvkbd3.dll c:\progra~3\AVP9\sbhook.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Bonus.SSR.FR10"="d:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;d:\program files (x86)\FLYFF\GameGuard\dump_wmimmc.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1255736]
R3 X6va003;X6va003;c:\users\***\AppData\Local\Temp\003C138.tmp [x]
R4 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-21 814344]
R4 CGVPNCliSrvc;CyberGhost VPN Client;d:\programme\CyberGhost VPN\CGVPNCliService.exe [2010-06-25 2398856]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 0]
R4 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2010-02-04 29184]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-06-24 341312]
R4 OODefragAgent;O&O Defrag;d:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-20 37392]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-27 828912]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-09 139840]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2010-02-04 1039360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]

.
Inhalt des "geplante Tasks" Ordners

2010-10-22 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
- d:\program files (x86)\TuneUp Utilities 2011\OneClick.exe [2010-11-19 15:54]

2010-10-22 c:\windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job
- c:\windows\explorer.exe [2010-08-14 06:34]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-09 05:40	82648	----a-w-	d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF16794.cfxxe" [X]
"EvtMgr6"="d:\programme\SetPointP\SetPoint.exe" [2010-10-28 1680976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sharewareisland.com
mStart Page = hxxp://www.sharewareisland.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - d:\progra~2\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download aller Links mit IDM - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV-Videoinhalt mit IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download mit IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Nach Microsoft E&xcel exportieren - d:\progra~2\Microsoft Office\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\***\AppData\Local\Temp\003C138.tmp"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="94075E471927A8C8CF34CCED52EF0B247F85530C72E9B7E0DD99396EB8E9F1D8EDBFFC420ED6A304A407B389B7970092FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B9808C038D530D6EB3452EB43448A1F3973AC85FD99D3E47430E553C05F743C0BBFCA3E27EA8D6451EAACDBC3F0AB2EF3C4841DB0E4322EE9518D816A61A2F9B938A85EFCA229F20B041BB2818F7A2992F7119267578948BC71FB9A95998719B9D73676D1A0AF87CFA5FDF782AEEBCBFCF23D3EB5564511711D23E981E42238CEF80AE4325C57243C12B1BBBF010C1951804AFD20EE642B43CAC7BCE349073C6D578D079EF36A0CA5EDE68A28D9F7545ECE4D3424CCFA7A9ED006E5636E5E4AC21281428DA6C54713C3A0FC1EB462882A71AFC53046AE2CA468C83D1D9F65CF2AAFF77CE6DAD921BF7F35A7F6B091026B5C2C1C2650BBACAC34D31D9FCD6BF83997D7A208992CAC1C73D32B7C0DDF5190EAD5255E06F1AD3EB6BB63EF0B55BB3416DB23428ED63B4A55F8A5ED32BBCCB95D8FD223A634A697566B7306919A4E97DB92F25A8B85E4A2BD7ABB7CA8268CB953931B3415F8D1A9DE20334EBBC8AA90FC5E098805FB87B1AAFE97CD1FB66E1BD5EC7644D7CC2C9B00EB0E2809FE1281F1F661FA930D42357D8265FB6597139ACCFE63F91A4E78C5CC34F1671FF185819766FB52F42379217AD55596F386DF2688FB63EFAAB0BCB6BDB15255C46A4E5BAD8C5BA389BBD51ECC1B1C9DE3D67EE4BA6F7CB67CBBC32DACF426ACE5C2750DD91B88F756E7C28680CA720972EC5B2EF9B33850A6CA1B2259DD669D92EC4CC822988D4C054DF0E908B115C102C5280F40F8A3B3644B153E68A1934CFE6EE376F4E0FB12E0A3538BB76E45A598ECD8C76CC6504C93C3C7DC5F4B2FD1835D142FA2A1652EDC392464C97446866106A8CC40F4D47938C80D122CB840B81A65F8C15FDEE2788BEF5E1F5B0C612B27469246E22FCA0DF78682A21B9AD081E3C9713242EE903FA7BCC11CED5163CDDD7AD891DDF6CE4F1FBB8C07E1F6F0A0A4DC9F35C97B8C448C29526D66349D1B1CFD80BEA021837A1B3DCF6E9728B1FDC507EBB5D4857AB93DD05ADA0FF763B69945D213FCD58E3E8070B539365DAAF4504400D2A7DD034B5D67E2DF95358E363655DD052A13193D05D16DFD1F15F65676A54CDE6C2C5215B430BDAD09D5FBA2724970C4C0A8CF8E0470E90594A634668A4E83DFADE997A832857FA5E01B8A7B75CE22AE40BB66BC7CEF5F4CBDBC85DB86F89C10DC68050AE5D3806077989FB187A74A5A8CC412C68F07C80527D3916484EED3DF4EC754B2841EDB2A07B6A42B982B078EE9910B2108806516BE3F039EC492A6EFB980BF8F6777F0013430"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\srvany.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-19  22:16:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-12-19 21:16

Vor Suchlauf: 2.254.254.080 Bytes frei
Nach Suchlauf: 2.338.951.168 Bytes frei

- - End Of File - - D72EB7FEFF54BAE17CE969DEE0BA7EE9
         
Schönen 4.Advent noch^^.

Alt 20.12.2010, 07:29   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]



Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
File::
c:\users\***\AppData\Local\Temp\003C138.tmp

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va003]

Driver::
X6va003
         
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.



6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.12.2010, 20:56   #13
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]



Code:
ATTFilter
ComboFix 10-12-18.02 - *** 22.12.2010  20:37:56.2.1 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.43.1031.18.1024.257 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
Benutzte Befehlsschalter :: c:\users\***\Desktop\CFScript.txt
AV: Kaspersky Security Suite CBE 10 *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Security Suite CBE 10 *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Security Suite CBE 10 *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt

FILE ::
"c:\users\***\AppData\Local\Temp\003C138.tmp"
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Eventuell infizierte Webseiten -----

hxxp://email.***.at (Email meiner Schule)
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_X6VA003
-------\Service_X6va003


(((((((((((((((((((((((   Dateien erstellt von 2010-11-22 bis 2010-12-22  ))))))))))))))))))))))))))))))
.

2010-12-22 19:49 . 2010-12-22 19:49	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-12-21 20:09 . 2010-12-21 20:09	--------	d-----w-	c:\users\***\AppData\Local\TechHit
2010-12-19 18:16 . 2010-05-12 08:42	631616	----a-w-	C:\MSVCP100D.dll
2010-12-19 18:14 . 2010-05-12 08:42	631616	----a-w-	c:\windows\system32\MSVCP100D.dll
2010-12-17 21:28 . 2010-01-06 12:13	506368	----a-w-	c:\windows\SysWow64\sqlite3.dll
2010-12-16 15:53 . 1998-10-09 12:02	75776	----a-w-	c:\windows\SysWow64\DWSPY36.dll
2010-12-16 15:53 . 1998-09-01 00:09	140800	----a-w-	c:\windows\SysWow64\DWSHK36.OCX
2010-12-16 14:22 . 2010-12-16 14:22	--------	d-----w-	C:\_OTL
2010-12-15 20:42 . 2010-12-18 12:06	--------	d-----w-	c:\users\***\AppData\Roaming\IDM
2010-12-15 20:42 . 2010-12-22 19:33	--------	d-----w-	c:\users\***\AppData\Roaming\DMCache
2010-12-15 17:12 . 2010-12-15 17:12	--------	d-----w-	c:\users\***\AppData\Roaming\Apowersoft
2010-12-15 16:33 . 2010-12-15 16:33	--------	d-----w-	c:\users\***\AppData\Roaming\GetRightToGo
2010-12-15 16:21 . 2009-09-27 08:39	369152	----a-w-	c:\windows\SysWow64\avisynth.dll
2010-12-15 16:21 . 2004-02-22 09:11	719872	----a-w-	c:\windows\SysWow64\devil.dll
2010-12-15 16:21 . 2004-01-24 23:00	70656	----a-w-	c:\windows\SysWow64\i420vfw.dll
2010-12-15 16:21 . 2010-12-15 16:21	--------	d-----w-	c:\program files (x86)\AviSynth 2.5
2010-12-15 16:13 . 2010-12-15 16:13	--------	d-----w-	C:\AV_LOGS
2010-12-15 14:39 . 2010-12-15 14:39	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2010-12-15 14:39 . 2010-11-29 16:42	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-15 14:39 . 2010-12-15 14:39	--------	d-----w-	c:\programdata\Malwarebytes
2010-12-15 14:38 . 2010-11-29 16:42	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-14 19:26 . 2010-12-19 20:52	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2010-12-14 15:33 . 2010-12-14 15:33	--------	d-----w-	c:\users\***\AppData\Roaming\.bsnes
2010-12-11 13:14 . 2010-12-11 14:14	--------	d-----w-	c:\windows\system32\oodag
2010-12-11 12:04 . 2010-12-11 12:04	--------	d-----w-	c:\users\***\AppData\Roaming\Verimount
2010-12-11 11:50 . 2010-12-11 11:50	--------	d-----w-	c:\users\***\AppData\Local\O&O
2010-12-11 11:48 . 2010-12-11 11:48	--------	d-----w-	c:\users\***\AppData\Local\Downloaded Installations
2010-12-11 11:38 . 2010-12-11 11:38	--------	d-----w-	C:\downloads
2010-12-10 21:02 . 2010-03-15 10:31	191488	----a-w-	c:\windows\system32\unrar.dll
2010-12-10 21:02 . 2010-11-24 18:00	136704	----a-w-	c:\windows\system32\ff_vfw.dll
2010-12-10 14:58 . 2010-12-10 15:06	--------	d-----w-	c:\users\***\AppData\Local\QuickPar
2010-12-10 11:19 . 2010-12-10 11:19	53248	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-12-10 11:05 . 2010-12-10 11:05	--------	d-----w-	c:\program files (x86)\Common Files\LogiShrd
2010-12-10 11:04 . 2010-12-10 11:04	--------	d-----w-	c:\users\***\AppData\Local\Logishrd
2010-12-10 10:04 . 2008-09-24 19:41	839680	----a-w-	c:\windows\SysWow64\lameACM.acm
2010-12-10 10:04 . 2010-11-24 08:00	108032	----a-w-	c:\windows\SysWow64\ff_vfw.dll
2010-12-10 10:04 . 2010-06-08 17:10	790528	----a-w-	c:\windows\SysWow64\xvidcore.dll
2010-12-10 10:04 . 2010-06-08 17:10	134144	----a-w-	c:\windows\SysWow64\xvidvfw.dll
2010-12-10 10:04 . 2010-01-17 16:18	151552	----a-w-	c:\windows\SysWow64\ac3acm.acm
2010-12-10 10:04 . 2004-01-24 23:00	70656	----a-w-	c:\windows\SysWow64\yv12vfw.dll
2010-12-09 08:02 . 2010-12-09 05:40	139840	----a-w-	c:\windows\system32\drivers\idmwfp.sys
2010-12-05 16:36 . 2010-11-19 15:49	36160	----a-w-	c:\windows\system32\uxtuneup.dll
2010-12-05 16:36 . 2010-11-19 15:49	25920	----a-w-	c:\windows\system32\authuitu.dll
2010-12-05 16:36 . 2010-11-19 15:49	21312	----a-w-	c:\windows\SysWow64\authuitu.dll
2010-12-05 16:36 . 2010-11-19 15:49	29504	----a-w-	c:\windows\SysWow64\uxtuneup.dll
2010-12-02 19:23 . 2010-12-02 19:23	--------	d-----w-	c:\program files (x86)\HI-TECH Software
2010-12-02 19:21 . 2000-01-28 17:17	557328	----a-w-	c:\program files\Common Files\Microsoft Shared\dao\dao360.dll
2010-12-02 19:18 . 2010-12-02 19:18	--------	d-----w-	c:\program files\National Instruments
2010-12-02 19:14 . 2010-12-10 09:38	--------	d-----w-	c:\programdata\National Instruments
2010-12-02 17:53 . 2010-12-02 19:14	--------	d-----w-	c:\users\***\.netbeans
2010-12-02 17:53 . 2010-12-02 17:53	--------	d-----w-	c:\users\***\.netbeans-registration
2010-12-02 17:17 . 2010-12-02 17:58	--------	d-----w-	c:\users\***\.nbi
2010-12-02 17:15 . 2010-12-02 17:14	521448	----a-w-	c:\windows\system32\deployJava1.dll
2010-11-29 19:15 . 2010-11-29 19:15	--------	d-----w-	c:\users\***\AppData\Roaming\KC Softwares
2010-11-27 20:55 . 2010-11-27 20:55	--------	d-----w-	c:\programdata\createpart
2010-11-27 20:54 . 2010-11-27 20:54	--------	d-----w-	c:\programdata\explauncher
2010-11-27 20:54 . 2010-11-27 20:54	--------	d-----w-	c:\programdata\launcher
2010-11-27 20:20 . 2010-05-20 14:26	37392	----a-w-	c:\windows\system32\drivers\hotcore3.sys
2010-11-25 07:47 . 2010-11-25 07:47	2250568	----a-w-	c:\windows\system32\ooscrsav.scr
2010-11-25 07:46 . 2010-11-25 07:46	349512	----a-w-	c:\windows\system32\oodbs.exe
2010-11-25 07:45 . 2010-11-25 07:45	535880	----a-w-	c:\windows\system32\oodssrs.dll
2010-11-25 07:45 . 2010-11-25 07:45	10056	----a-w-	c:\windows\system32\oodbsrs.dll
2010-11-24 15:08 . 2010-10-19 08:47	7680	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-11-24 15:08 . 2010-10-19 08:10	7680	----a-w-	c:\program files (x86)\Internet Explorer\iecompat.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-10 11:03 . 2010-08-14 08:08	18960	----a-w-	c:\windows\system32\drivers\LNonPnP.sys
2010-11-19 22:24 . 2010-11-19 22:24	62931	----a-w-	c:\users\***\AppData\Roaming\***3SQLite3.dll
2010-11-19 15:53 . 2010-10-22 16:33	34624	----a-w-	c:\windows\system32\TURegOpt.exe
2010-11-02 16:38 . 2010-11-02 16:23	235248	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2010-11-02 16:38 . 2010-11-02 16:23	235248	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2010-10-30 14:39 . 2010-10-30 14:39	75064	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2010-10-30 14:39 . 2010-10-30 14:39	2373712	----a-w-	c:\windows\SysWow64\pbsvc.exe
2010-10-14 00:36 . 2010-10-14 00:36	15451288	----a-w-	c:\windows\SysWow64\xlive.dll
2010-10-14 00:36 . 2010-10-14 00:36	13642904	----a-w-	c:\windows\SysWow64\xlivefnt.dll
2010-10-08 08:47 . 2010-11-20 22:35	67176	----a-w-	c:\windows\system32\OpenCL.dll
2010-10-08 08:47 . 2010-11-20 22:35	57960	----a-w-	c:\windows\SysWow64\OpenCL.dll
2010-10-08 08:47 . 2010-11-20 22:35	20280936	----a-w-	c:\windows\system32\nvoglv64.dll
2010-10-08 08:47 . 2010-11-20 22:35	14899816	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2010-10-08 08:47 . 2010-11-20 22:35	1308776	----a-w-	c:\windows\system32\nvgenco642030.dll
2010-10-08 08:47 . 2010-11-20 22:35	12397544	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2010-10-08 08:47 . 2010-11-20 22:35	1500264	----a-w-	c:\windows\system32\nvdispco642050.dll
2010-10-08 08:47 . 2010-11-20 22:35	12787816	----a-w-	c:\windows\system32\nvd3dumx.dll
2010-10-08 08:47 . 2010-11-20 22:35	2911848	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2010-10-08 08:47 . 2010-11-20 22:35	10021992	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2010-10-08 08:47 . 2010-11-20 22:35	3112552	----a-w-	c:\windows\system32\nvcuvid.dll
2010-10-08 08:47 . 2010-11-20 22:35	2934376	----a-w-	c:\windows\system32\nvcuvenc.dll
2010-10-08 08:47 . 2010-11-20 22:35	6470760	----a-w-	c:\windows\system32\nvcuda.dll
2010-10-08 08:47 . 2010-11-20 22:35	4836456	----a-w-	c:\windows\SysWow64\nvcuda.dll
2010-10-08 08:47 . 2010-11-20 22:35	2666088	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2010-10-08 08:47 . 2010-11-20 22:35	13019752	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2010-10-08 08:47 . 2010-11-20 22:35	18597480	----a-w-	c:\windows\system32\nvcompiler.dll
2010-10-08 08:47 . 2010-08-14 08:16	2159720	----a-w-	c:\windows\system32\nvapi64.dll
2010-10-08 08:47 . 2010-08-14 08:16	1718376	----a-w-	c:\windows\SysWow64\nvapi.dll
2010-10-08 01:22 . 2010-10-08 01:22	5891176	----a-w-	c:\windows\system32\nvcpl.dll
2010-10-08 01:21 . 2010-10-08 01:21	2590824	----a-w-	c:\windows\system32\nvsvc64.dll
2010-10-08 01:20 . 2010-10-08 01:20	116328	----a-w-	c:\windows\system32\nvmctray.dll
2010-10-08 01:20 . 2010-10-08 01:20	990312	----a-w-	c:\windows\system32\nvvsvc.exe
2010-10-08 01:20 . 2010-10-08 01:20	1881704	----a-w-	c:\windows\system32\nvsvcr.dll
2010-09-30 17:16 . 2010-09-30 17:16	348160	----a-w-	c:\windows\system32\MSVCR71.dll
2010-09-24 19:26 . 2010-09-24 19:26	466520	----a-w-	c:\windows\system32\wrap_oal.dll
2010-09-24 19:26 . 2010-09-24 19:26	122968	----a-w-	c:\windows\system32\OpenAL32.dll
2010-09-24 19:26 . 2010-09-24 19:26	445016	----a-w-	c:\windows\SysWow64\wrap_oal.dll
2010-09-24 19:26 . 2010-09-24 19:26	109144	----a-w-	c:\windows\SysWow64\OpenAL32.dll
2006-05-03 10:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.

(((((((((((((((((((((((((((((   SnapShot@2010-12-19_21.13.34   )))))))))))))))))))))))))))))))))))))))))
.
- 2010-08-13 20:24 . 2010-12-19 20:59	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-08-13 20:24 . 2010-12-21 17:42	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-17 18:10 . 2010-12-21 17:42	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-17 18:10 . 2010-12-19 20:59	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-21 17:42	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2010-12-19 20:59	32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-21 17:43 . 2010-12-22 19:49	5510              c:\windows\SoftwareDistribution\PostRebootEventCache\{B198D0BD-84DE-49DF-87F6-FF49AEECEDA6}.bin
- 2010-12-19 21:10 . 2010-12-19 21:10	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-22 19:52 . 2010-12-22 19:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-12-22 19:52 . 2010-12-22 19:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-12-19 21:10 . 2010-12-19 21:10	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:34 . 2010-12-22 19:49	10125312              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2010-12-19 21:07	10125312              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-12-22 19:49 . 2010-12-22 19:49	10125312              c:\windows\ERDNT\subs\SCHEMA.DAT
- 2010-12-19 21:07 . 2010-12-19 21:07	10125312              c:\windows\ERDNT\subs\SCHEMA.DAT
- 2010-12-19 20:56 . 2010-12-19 20:56	10125312              c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
+ 2010-12-22 19:36 . 2010-12-22 19:36	10125312              c:\windows\ERDNT\Hiv-backup\SCHEMA.DAT
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WhatPulse"="d:\program files (x86)\WhatPulse\WhatPulse.exe" [2010-08-09 2922496]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2010-09-29 3249504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="d:\program files (x86)\Kaspersky Security Suite CBE 10\avp.exe" [2010-05-06 361120]

c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Produktregistrierung.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableLockWorkstation"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoFolderInfo"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\AVP9\mzvkbd3.dll c:\progra~3\AVP9\sbhook.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Bonus.SSR.FR10"="d:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" /autorun
"BCSSync"="d:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dump_wmimmc;dump_wmimmc;d:\program files (x86)\FLYFF\GameGuard\dump_wmimmc.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-19 50688]
R3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [2008-12-26 21504]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-14 1255736]
R4 ABBYY.Licensing.FineReader.Professional.10.0;ABBYY FineReader 10 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\PE\NetworkLicenseServer.exe [2009-12-21 814344]
R4 CGVPNCliSrvc;CyberGhost VPN Client;d:\programme\CyberGhost VPN\CGVPNCliService.exe [2010-06-25 2398856]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-09 0]
R4 lxduCATSCustConnectService;lxduCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxduserv.exe [2010-02-04 29184]
R4 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R4 NitroDriverReadSpool;NitroPDFDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe [2010-06-24 341312]
R4 OODefragAgent;O&O Defrag;d:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
R4 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 hotcore3;hc3ServiceName;c:\windows\system32\DRIVERS\hotcore3.sys [2010-05-20 37392]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [2009-10-14 40464]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-10-27 828912]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 27152]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2010-12-09 139840]
S2 KMService;KMService;c:\windows\system32\srvany.exe [x]
S2 lxdu_device;lxdu_device;c:\windows\system32\lxducoms.exe [2010-02-04 1039360]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-11-19 1974080]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 21008]
S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2010-02-24 726816]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]

.
Inhalt des "geplante Tasks" Ordners

2010-10-22 c:\windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job
- d:\program files (x86)\TuneUp Utilities 2011\OneClick.exe [2010-11-19 15:54]

2010-10-22 c:\windows\Tasks\{DD552472-A185-4a0c-AC58-90AA40E9E26A}.job
- c:\windows\explorer.exe [2010-08-14 06:34]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2010-12-09 05:40	82648	----a-w-	d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\cofi\CF28308.cfxxe" [X]
"EvtMgr6"="d:\programme\SetPointP\SetPoint.exe" [2010-10-28 1680976]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.sharewareisland.com
mStart Page = hxxp://www.sharewareisland.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.sharewareisland.com/quicksearch.aspx
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: An OneNote s&enden - d:\progra~2\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: Download aller Links mit IDM - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download FLV-Videoinhalt mit IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
IE: Download mit IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Hinzufügen zu Anti-Banner - d:\program files (x86)\Kaspersky Security Suite CBE 10\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - d:\progra~2\Microsoft Office\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="94075E471927A8C8CF34CCED52EF0B247F85530C72E9B7E0DD99396EB8E9F1D8EDBFFC420ED6A304A407B389B7970092FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B5555D575E7D6A3B9808C038D530D6EB3452EB43448A1F3973AC85FD99D3E47430E553C05F743C0BBFCA3E27EA8D6451EAACDBC3F0AB2EF3C4841DB0E4322EE9518D816A61A2F9B938A85EFCA229F20B041BB2818F7A2992F7119267578948BC71FB9A95998719B9D73676D1A0AF87CFA5FDF782AEEBCBFCF23D3EB5564511711D23E981E42238CEF80AE4325C57243C12B1BBBF010C1951804AFD20EE642B43CAC7BCE349073C6D578D079EF36A0CA5EDE68A28D9F7545ECE4D3424CCFA7A9ED006E5636E5E4AC21281428DA6C54713C3A0FC1EB462882A71AFC53046AE2CA468C83D1D9F65CF2AAFF77CE6DAD921BF7F35A7F6B091026B5C2C1C2650BBACAC34D31D9FCD6BF83997D7A208992CAC1C73D32B7C0DDF5190EAD5255E06F1AD3EB6BB63EF0B55BB3416DB23428ED63B4A55F8A5ED32BBCCB95D8FD223A634A697566B7306919A4E97DB92F25A8B85E4A2BD7ABB7CA8268CB953931B3415F8D1A9DE20334EBBC8AA90FC5E098805FB87B1AAFE97CD1FB66E1BD5EC7644D7CC2C9B00EB0E2809FE1281F1F661FA930D42357D8265FB6597139ACCFE63F91A4E78C5CC34F1671FF185819766FB52F42379217AD55596F386DF2688FB63EFAAB0BCB6BDB15255C46A4E5BAD8C5BA389BBD51ECC1B1C9DE3D67EE4BA6F7CB67CBBC32DACF426ACE5C2750DD91B88F756E7C28680CA720972EC5B2EF9B33850A6CA1B2259DD669D92EC4CC822988D4C054DF0E908B115C102C5280F40F8A3B3644B153E68A1934CFE6EE376F4E0FB12E0A3538BB76E45A598ECD8C76CC6504C93C3C7DC5F4B2FD1835D142FA2A1652EDC392464C97446866106A8CC40F4D47938C80D122CB840B81A65F8C15FDEE2788BEF5E1F5B0C612B27469246E22FCA0DF78682A21B9AD081E3C9713242EE903FA7BCC11CED5163CDDD7AD891DDF6CE4F1FBB8C07E1F6F0A0A4DC9F35C97B8C448C29526D66349D1B1CFD80BEA021837A1B3DCF6E9728B1FDC507EBB5D4857AB93DD05ADA0FF763B69945D213FCD58E3E8070B539365DAAF4504400D2A7DD034B5D67E2DF95358E363655DD052A13193D05D16DFD1F15F65676A54CDE6C2C5215B430BDAD09D5FBA2724970C4C0A8CF8E0470E90594A634668A4E83DFADE997A832857FA5E01B8A7B75CE22AE40BB66BC7CEF5F4CBDBC85DB86F89C10DC68050AE5D3806077989FB187A74A5A8CC412C68F07C80527D3916484EED3DF4EC754B2841EDB2A07B6A42B982B078EE9910B2108806516BE3F039EC492A6EFB980BF8F6777F0013430"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\srvany.exe
d:\program files (x86)\Internet Download Manager\IEMonitor.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-12-22  20:59:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-12-22 19:59
ComboFix2.txt  2010-12-19 21:16

Vor Suchlauf: 557.850.624 Bytes frei
Nach Suchlauf: 2.037.235.712 Bytes frei

- - End Of File - - 4AC6F4091147E307B9CA64FDA96E281B
         

Alt 22.12.2010, 21:04   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 26.12.2010, 17:15   #15
bugbugbug
Gesperrt
 
Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Standard

Ausführen Dialog lässt sich nicht öffnen(Win7 x64) [gelöst]



Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-26 18:08:31
Windows 6.1.7600  
Running: k84lboh7.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1                                                                  771343423
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2                                                                  285507792
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0                                                                  1
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x86 0x09 0x9B 0x11 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 d:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xFA 0x03 0x32 0xF6 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xFA 0x4D 0x0E 0x1B ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x86 0x09 0x9B 0x11 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     d:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xFA 0x03 0x32 0xF6 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xFA 0x4D 0x0E 0x1B ...

---- EOF - GMER 1.0.15 ----
         
Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows 7 Ultimate Edition
Windows Information:		 (build 7600), 64-bit
Logical Drives Mask:		0x00040ffd

Kernel Drivers (total 175):
  0x02A13000 \SystemRoot\system32\ntoskrnl.exe
  0x02FEF000 \SystemRoot\system32\hal.dll
  0x00BC7000 \SystemRoot\system32\kdcom.dll
  0x00C30000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
  0x00C3D000 \SystemRoot\system32\PSHED.dll
  0x00C51000 \SystemRoot\system32\CLFS.SYS
  0x00CAF000 \SystemRoot\system32\CI.dll
  0x00EC3000 \SystemRoot\system32\drivers\Wdf01000.sys
  0x00F67000 \SystemRoot\system32\drivers\WDFLDR.SYS
  0x0101E000 \SystemRoot\System32\Drivers\sphc.sys
  0x01145000 \SystemRoot\System32\Drivers\WMILIB.SYS
  0x0114E000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
  0x0117D000 \SystemRoot\system32\DRIVERS\ACPI.sys
  0x011D4000 \SystemRoot\system32\DRIVERS\msisadrv.sys
  0x011DE000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
  0x00F76000 \SystemRoot\system32\DRIVERS\pci.sys
  0x011EB000 \SystemRoot\System32\drivers\partmgr.sys
  0x01000000 \SystemRoot\system32\DRIVERS\volmgr.sys
  0x00E00000 \SystemRoot\System32\drivers\volmgrx.sys
  0x00E5C000 \SystemRoot\system32\DRIVERS\nvraid.sys
  0x00E85000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
  0x01015000 \SystemRoot\system32\DRIVERS\pciide.sys
  0x00FA9000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
  0x00FB9000 \SystemRoot\System32\drivers\mountmgr.sys
  0x00FD3000 \SystemRoot\system32\DRIVERS\atapi.sys
  0x00D6F000 \SystemRoot\system32\DRIVERS\ataport.SYS
  0x00FDC000 \SystemRoot\system32\DRIVERS\amdxata.sys
  0x00D99000 \SystemRoot\system32\drivers\fltmgr.sys
  0x00FE7000 \SystemRoot\system32\drivers\fileinfo.sys
  0x01230000 \SystemRoot\System32\Drivers\Ntfs.sys
  0x014BC000 \SystemRoot\System32\Drivers\msrpc.sys
  0x0151A000 \SystemRoot\System32\Drivers\ksecdd.sys
  0x01534000 \SystemRoot\System32\Drivers\cng.sys
  0x015A7000 \SystemRoot\System32\drivers\pcw.sys
  0x015B8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
  0x0162F000 \SystemRoot\system32\drivers\ndis.sys
  0x01721000 \SystemRoot\system32\drivers\NETIO.SYS
  0x01781000 \SystemRoot\System32\Drivers\ksecpkg.sys
  0x01800000 \SystemRoot\System32\drivers\tcpip.sys
  0x017AC000 \SystemRoot\System32\drivers\fwpkclnt.sys
  0x01600000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
  0x01400000 \SystemRoot\system32\DRIVERS\volsnap.sys
  0x01610000 \SystemRoot\System32\Drivers\spldr.sys
  0x0144C000 \SystemRoot\System32\drivers\rdyboost.sys
  0x01618000 \SystemRoot\System32\Drivers\mup.sys
  0x01486000 \SystemRoot\system32\DRIVERS\klbg.sys
  0x017F6000 \SystemRoot\System32\drivers\hwpolicy.sys
  0x01494000 \SystemRoot\system32\DRIVERS\hotcore3.sys
  0x015C2000 \SystemRoot\System32\DRIVERS\fvevol.sys
  0x014A0000 \SystemRoot\system32\DRIVERS\disk.sys
  0x00C00000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0x03AD2000 \SystemRoot\system32\DRIVERS\klif.sys
  0x03B2F000 \SystemRoot\System32\Drivers\Null.SYS
  0x03B38000 \SystemRoot\System32\Drivers\Beep.SYS
  0x03B3F000 \SystemRoot\System32\drivers\vga.sys
  0x03B4D000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
  0x03B72000 \SystemRoot\System32\drivers\watchdog.sys
  0x03B82000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0x03B8B000 \SystemRoot\system32\drivers\rdpencdd.sys
  0x03B94000 \SystemRoot\system32\drivers\rdprefmp.sys
  0x03B9D000 \SystemRoot\System32\Drivers\Msfs.SYS
  0x03BA8000 \SystemRoot\System32\Drivers\Npfs.SYS
  0x03BB9000 \SystemRoot\system32\DRIVERS\tdx.sys
  0x03BD7000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0x03CCF000 \SystemRoot\system32\DRIVERS\kl1.sys
  0x03C00000 \SystemRoot\system32\drivers\afd.sys
  0x03C8A000 \SystemRoot\System32\DRIVERS\netbt.sys
  0x03BE4000 \SystemRoot\system32\DRIVERS\wfplwf.sys
  0x03A00000 \SystemRoot\system32\DRIVERS\pacer.sys
  0x03A26000 \SystemRoot\system32\DRIVERS\vwififlt.sys
  0x03A3C000 \SystemRoot\system32\DRIVERS\klim6.sys
  0x03A46000 \SystemRoot\system32\DRIVERS\netbios.sys
  0x03A55000 \SystemRoot\system32\DRIVERS\serial.sys
  0x03A72000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0x03A8D000 \SystemRoot\System32\drivers\truecrypt.sys
  0x01213000 \SystemRoot\system32\DRIVERS\termdd.sys
  0x0366E000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0x036BF000 \SystemRoot\system32\drivers\nsiproxy.sys
  0x036CB000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0x036D6000 \SystemRoot\System32\Drivers\ElbyCDIO.sys
  0x036E1000 \SystemRoot\System32\drivers\discache.sys
  0x036F0000 \SystemRoot\system32\drivers\csc.sys
  0x03773000 \SystemRoot\System32\Drivers\dfsc.sys
  0x03791000 \SystemRoot\system32\DRIVERS\blbdrive.sys
  0x037A2000 \SystemRoot\system32\DRIVERS\tunnel.sys
  0x037C8000 \SystemRoot\system32\DRIVERS\amdk8.sys
  0x037DF000 \SystemRoot\system32\DRIVERS\usbohci.sys
  0x03600000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0x03656000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0x04838000 \SystemRoot\system32\drivers\RTKVAC64.SYS
  0x04B8B000 \SystemRoot\system32\drivers\portcls.sys
  0x04BC8000 \SystemRoot\system32\drivers\drmk.sys
  0x04452000 \SystemRoot\system32\drivers\ks.sys
  0x04495000 \SystemRoot\system32\drivers\ksthunk.sys
  0x0449B000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0x044A8000 \SystemRoot\system32\DRIVERS\1394ohci.sys
  0x044E6000 \SystemRoot\system32\DRIVERS\nvm62x64.sys
  0x0562D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
  0x05600000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
  0x042A9000 \SystemRoot\System32\drivers\dxgkrnl.sys
  0x0439D000 \SystemRoot\System32\drivers\dxgmms1.sys
  0x04200000 \SystemRoot\System32\Drivers\a5w89egs.SYS
  0x04245000 \SystemRoot\system32\DRIVERS\fdc.sys
  0x04252000 \SystemRoot\system32\DRIVERS\serenum.sys
  0x0425E000 \SystemRoot\system32\DRIVERS\irsir.sys
  0x0426A000 \SystemRoot\system32\drivers\irenum.sys
  0x04273000 \SystemRoot\system32\DRIVERS\parport.sys
  0x04290000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
  0x043E3000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
  0x05602000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0x0454A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0x04556000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0x04585000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0x045A0000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0x045C1000 \SystemRoot\system32\DRIVERS\rassstp.sys
  0x045DB000 \SystemRoot\system32\DRIVERS\tap0901.sys
  0x045E8000 \SystemRoot\system32\DRIVERS\rdpbus.sys
  0x04400000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0x0440F000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0x0441E000 \SystemRoot\system32\DRIVERS\VClone.sys
  0x043F9000 \SystemRoot\system32\DRIVERS\swenum.sys
  0x0442D000 \SystemRoot\system32\DRIVERS\umbus.sys
  0x04C18000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0x04C72000 \SystemRoot\system32\DRIVERS\flpydisk.sys
  0x04C7D000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0x04C92000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
  0x04CAD000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0x04CAF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0x04CCC000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0x04CDA000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0x04CF3000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0x04CFC000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
  0x04D0C000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0x04D21000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0x0504A000 \SystemRoot\system32\DRIVERS\netr7364.sys
  0x05103000 \SystemRoot\system32\DRIVERS\vwifibus.sys
  0x00050000 \SystemRoot\System32\win32k.sys
  0x05110000 \SystemRoot\System32\drivers\Dxapi.sys
  0x0511C000 \SystemRoot\system32\DRIVERS\cdfs.sys
  0x05139000 \SystemRoot\system32\DRIVERS\monitor.sys
  0x004E0000 \SystemRoot\System32\TSDDD.dll
  0x00780000 \SystemRoot\System32\cdd.dll
  0x05147000 \SystemRoot\System32\Drivers\crashdmp.sys
  0x05155000 \SystemRoot\System32\Drivers\dump_dumpata.sys
  0x05161000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0x0516A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
  0x008B0000 \SystemRoot\System32\ATMFD.DLL
  0x0517D000 \SystemRoot\system32\drivers\WudfPf.sys
  0x0519E000 \SystemRoot\system32\DRIVERS\irda.sys
  0x051C1000 \SystemRoot\system32\DRIVERS\lltdio.sys
  0x04D5A000 \SystemRoot\system32\DRIVERS\nwifi.sys
  0x051D6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0x05000000 \SystemRoot\system32\DRIVERS\rspndr.sys
  0x024A0000 \SystemRoot\system32\drivers\HTTP.sys
  0x02568000 \SystemRoot\system32\DRIVERS\bowser.sys
  0x02586000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0x02400000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
  0x0244E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
  0x02471000 \SystemRoot\system32\DRIVERS\idmwfp.sys
  0x02836000 \SystemRoot\system32\drivers\peauth.sys
  0x028DC000 \SystemRoot\System32\Drivers\secdrv.SYS
  0x028E7000 \SystemRoot\System32\DRIVERS\srvnet.sys
  0x02914000 \SystemRoot\System32\drivers\tcpipreg.sys
  0x02997000 \SystemRoot\System32\DRIVERS\srv2.sys
  0x032BE000 \SystemRoot\System32\DRIVERS\srv.sys
  0x03354000 \??\D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys
  0x0335C000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
  0x0338D000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
  0x03200000 \SystemRoot\System32\Drivers\fastfat.SYS
  0x033B3000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0x033C0000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0x033D4000 \SystemRoot\system32\DRIVERS\klmouflt.sys
  0x77A50000 \Windows\System32\ntdll.dll
  0x47D10000 \Windows\System32\smss.exe
  0xFFD70000 \Windows\System32\apisetschema.dll

Processes (total 39):
       0 System Idle Process
       4 System
     300 C:\Windows\System32\smss.exe
     484 csrss.exe
     532 C:\Windows\System32\wininit.exe
     544 csrss.exe
     592 C:\Windows\System32\services.exe
     600 C:\Windows\System32\lsass.exe
     608 C:\Windows\System32\lsm.exe
     636 C:\Windows\System32\winlogon.exe
     760 C:\Windows\System32\svchost.exe
     844 C:\Windows\System32\svchost.exe
     892 C:\Windows\System32\svchost.exe
    1008 C:\Windows\System32\svchost.exe
     420 C:\Windows\System32\svchost.exe
    1048 C:\Windows\servicing\TrustedInstaller.exe
    1088 C:\Windows\System32\svchost.exe
    1200 C:\Windows\System32\svchost.exe
    1276 C:\Windows\System32\spoolsv.exe
    1304 C:\Windows\System32\svchost.exe
    1416 C:\Windows\SysWOW64\srvany.exe
    1444 C:\Windows\System32\lxducoms.exe
    1460 C:\Windows\System32\conhost.exe
    1692 D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
    1720 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1832 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    2060 C:\Windows\System32\svchost.exe
    2164 WUDFHost.exe
    2800 C:\Windows\System32\dwm.exe
    2848 C:\Windows\explorer.exe
    1928 D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
    1016 D:\Programme\SetPointP\SetPoint.exe
    2496 D:\Program Files (x86)\WhatPulse\WhatPulse.exe
    2904 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
    2936 C:\Windows\System32\svchost.exe
     744 D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    4004 D:\Programme\Opera 10.50 Beta\opera.exe
    3844 C:\Users\Messna\Desktop\MBRCheck.exe
    1404 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`53436200  (NTFS)
\\.\S: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00  (NTFS)

PhysicalDrive0 Model Number: ST3200822AS, Rev: 3.01    
PhysicalDrive1 Model Number: ST3200822AS, Rev: 3.01    

      Size  Device Name          MBR Status
  --------------------------------------------
    186 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
    186 GB  \\.\PhysicalDrive1   Windows 7 MBR code detected
            SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
         
Ich kann den Log für OSAM nicht speichern. Ich klicke auf den Button, aber nichts passiert. Habe es auch schon installiert, funktioniert aber trotzdem nicht.

Antwort

Themen zu Ausführen Dialog lässt sich nicht öffnen(Win7 x64)
bho, browser, computer, desktop, downloader, explorer, firefox, ftp, helper, hkus\s-1-5-18, internet, internet explorer, kaspersky, log, logfile, lsass.exe, microsoft, mozilla, nicht öffnen, nvidia, object, programme, security, senden, software, syswow64, tastatur, wmp



Ähnliche Themen: Ausführen Dialog lässt sich nicht öffnen(Win7 x64)


  1. Avira Antivir lässt sich nicht mehr installieren/ Programme lassen sich nicht öffnen
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2015 (10)
  2. Win7 - Avira lässt sich nicht ausführen / Programm durch Gruppenrichtlinie blockiert
    Log-Analyse und Auswertung - 06.01.2015 (39)
  3. Win7: Firefox verhät sich sehr seltsam (lässt sich z.B. nicht schließen)
    Log-Analyse und Auswertung - 21.11.2014 (11)
  4. Windows 8.1: schwarzer Bildschirm nach Start, Mauszeiger da, FRST lässt sich nicht ausführen
    Plagegeister aller Art und deren Bekämpfung - 27.08.2014 (1)
  5. WindowsUpdate Probleme! PC hängt sich auf! GMER lässt sich nicht ausführen! Virus?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (14)
  6. Windows Firewall lässt sich nicht starten/öffnen/ausführen
    Log-Analyse und Auswertung - 13.02.2014 (21)
  7. Windows Update lässt sich nicht ausführen
    Alles rund um Windows - 18.07.2013 (13)
  8. .exe files lassen sich nicht ausführen, malware lässt sich nicht ausführen, system wiederherstellung nicht möglich
    Log-Analyse und Auswertung - 25.03.2013 (0)
  9. Virenscann lässt sich nicht ausführen!
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (39)
  10. Win-Update und weiteres lässt sich nicht mehr starten/ausführen!
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (26)
  11. Hijckthis lässt sich nicht mehr starten/ausführen
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (18)
  12. OTL.EXE lässt sich nicht ausführen
    Log-Analyse und Auswertung - 06.02.2012 (7)
  13. exe dateien starten nicht, cmd lässt sich nicht öffnen,festplattenübersicht öffnet sich nicht
    Plagegeister aller Art und deren Bekämpfung - 15.10.2011 (1)
  14. Malwarebytes lässt sich nicht öffnen, Fenster minimieren sich nicht auf die Taskleiste...
    Log-Analyse und Auswertung - 14.07.2011 (17)
  15. TFC.exe lässt sich nicht ausführen
    Plagegeister aller Art und deren Bekämpfung - 20.02.2011 (25)
  16. Nichts lässt sich mehr öffnen weder ausführen
    Plagegeister aller Art und deren Bekämpfung - 25.10.2008 (0)
  17. während VNC-Session führt Win-Ausführen-Dialog autom. Commandos aus
    Log-Analyse und Auswertung - 11.11.2007 (9)

Zum Thema Ausführen Dialog lässt sich nicht öffnen(Win7 x64) - Hi Wenn ich auf Ausführen klicke/Windows+e drücke kommt folgende Meldung: Zitat: Der Vorgang wurde aufgrund von aktuellen Beschränkungen auf dem Computer abgebrochen. Wenden Sie sich an den Systemadministrator. Natürlich bin - Ausführen Dialog lässt sich nicht öffnen(Win7 x64)...
Archiv
Du betrachtest: Ausführen Dialog lässt sich nicht öffnen(Win7 x64) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.