Hi,
den OTL Scan habe ich gemacht, jedoch wurde nur eine OTL.txt Datei nachdem Scan geöffnet. Eventuell lag es daran, dass meine Einstellungen bei OTL nicht so waren, wie in diesem Thread? http://www.trojaner-board.de/85104-o...-oldtimer.html
Bei mir ist "Extra Registrierung" auf "Aus" und die beiden Häkchen bei "LOP Prüfung" und "Purity Prüfung" sind nicht gesetzt.
Außerdem ist bei mir noch ein Häkchen gesetzt bei "Use-No-Cpmany-Name Whitelist", was auf dem Bild gar nicht vorhanden ist (denk mal, weil das eine ältere Version ist, auf dem Bild im Thread) Code:
OTL logfile created on: 03.08.2011 13:04:22 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\***\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,76 Gb Available Physical Memory | 68,93% Memory free
8,16 Gb Paging File | 6,84 Gb Available in Paging File | 83,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 916,86 Gb Total Space | 644,36 Gb Free Space | 70,28% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\***\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
PRC - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtWlan.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
PRC - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
========== Modules (SafeList) ==========
MOD - C:\Users\***\Downloads\OTL(1).exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Akamai) -- c:\program files (x86)\common files\akamai\netsession_win_e477fed.dll ()
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (OpenVPNService) -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ETService) -- C:\Programme\PACKARDBELL\Packard Bell Recovery Management\Service\ETService.exe ()
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (AdobeActiveFileMonitor6.0) -- C:\Program Files (x86)\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe ()
SRV - (RealtekUSB) -- C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe (Realtek)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
========== Driver Services (SafeList) ==========
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys ()
DRV:64bit: - (sptd) -- C:\Windows\SysNative\Drivers\sptd.sys ()
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\DRIVERS\tap0901.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV:64bit: - (GearAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (RTL8187B) -- C:\Windows\SysNative\DRIVERS\RTL8187B.sys ()
DRV:64bit: - (RtlProt) -- C:\Windows\SysNative\DRIVERS\rtlprot.sys ()
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\Wbem\ntfs.mof ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (int15) -- C:\Windows\SysWOW64\drivers\int15_64.sys (Acer, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&s=1&o=vp64&d=1108&m=imedia_x5500_ge
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig?hl=de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..network.proxy.backup.ftp: "183.91.87.16"
FF - prefs.js..network.proxy.backup.ftp_port: 80
FF - prefs.js..network.proxy.backup.gopher: "183.91.87.16"
FF - prefs.js..network.proxy.backup.gopher_port: 80
FF - prefs.js..network.proxy.backup.socks: "183.91.87.16"
FF - prefs.js..network.proxy.backup.socks_port: 80
FF - prefs.js..network.proxy.backup.ssl: "183.91.87.16"
FF - prefs.js..network.proxy.backup.ssl_port: 80
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8020
FF - prefs.js..network.proxy.gopher: "localhost"
FF - prefs.js..network.proxy.gopher_port: 8020
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8020
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 8020
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8020
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.com/NxGame: C:\ProgramData\Nexon\NGM\npNxGame.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\***\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.04.12 17:52:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.12 16:19:58 | 000,000,000 | ---D | M]
[2009.05.03 20:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011.07.31 15:20:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3vkjwety.default\extensions
[2009.12.29 22:09:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3vkjwety.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.31 15:20:46 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3vkjwety.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.12 17:01:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2009.05.28 13:30:40 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Program Files (x86)\mozilla firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE}
[2010.08.04 13:10:26 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3VKJWETY.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2006.09.18 23:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O4 - HKCU..\Run: [SmpcSys] C:\Programme\PACKARD BELL\SetUpMyPC\SmpSys.exe (Packard Bell BV)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\PrxerNsp.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\PrxerDrv.dll (Initex Software)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} hxxp://www.n2030.com/atlas_activex.dll (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{19b781b0-013f-11df-ac4f-002268085150}\Shell\AutoRun\command - "" = J:\Get_Started_for_Win.exe
O33 - MountPoints2\{4274d1ec-ad02-11df-945d-e9ebab2ca4fc}\Shell\AutoRun\command - "" = I:\Toshiba\more4youa.exe
O33 - MountPoints2\{9fd16e16-b185-11dd-87d1-806e6f6e6963}\Shell\AutoRun\command - "" = G:\pccompanion\Startme.exe
O33 - MountPoints2\{9fd16e16-b185-11dd-87d1-806e6f6e6963}\Shell\menu1\command - "" = G:\pccompanion\Startme.exe
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Toshiba\more4youa.exe
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\Get_Started_for_Win.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll ()
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
Drivers32:64bit: aux - wdmaud.drv ()
Drivers32:64bit: aux1 - wdmaud.drv ()
Drivers32:64bit: midi - wdmaud.drv ()
Drivers32:64bit: midi1 - wdmaud.drv ()
Drivers32:64bit: midimapper - midimap.dll ()
Drivers32:64bit: mixer - wdmaud.drv ()
Drivers32:64bit: mixer1 - wdmaud.drv ()
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm ()
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm ()
Drivers32:64bit: msacm.msadpcm - msadp32.acm ()
Drivers32:64bit: msacm.msg711 - msg711.acm ()
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm ()
Drivers32:64bit: vidc.i420 - iyuv_32.dll ()
Drivers32:64bit: vidc.iyuv - iyuv_32.dll ()
Drivers32:64bit: vidc.mrle - msrle32.dll ()
Drivers32:64bit: vidc.msvc - msvidc32.dll ()
Drivers32:64bit: vidc.uyvy - msyuv.dll ()
Drivers32:64bit: vidc.yuy2 - msyuv.dll ()
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll ()
Drivers32:64bit: vidc.yvyu - msyuv.dll ()
Drivers32:64bit: wave - wdmaud.drv ()
Drivers32:64bit: wave1 - wdmaud.drv ()
Drivers32:64bit: wavemapper - msacm32.drv ()
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IV41 - C:\Windows\SysWow64\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2011.08.02 22:29:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (10)
[2011.08.02 21:56:55 | 000,000,000 | ---D | C] -- C:\Program Files\Wireshark
[2011.08.02 14:48:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\windows
[2011.07.31 15:20:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.07.06 15:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2011.07.06 15:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\eSellerate
[2011.07.06 15:05:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
[2011.07.06 15:05:57 | 000,000,000 | ---D | C] -- C:\Program Files\NewBlue
[2011.07.06 15:05:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NewBlue
[2010.08.07 20:30:33 | 000,121,770 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Program Files (x86)\Uninstall.exe
[2010.08.06 15:40:26 | 010,064,640 | ---- | C] (TeamSpeak Systems GmbH) -- C:\Program Files (x86)\ts3client_win64.exe
[2010.05.18 14:46:32 | 001,033,216 | ---- | C] (Firelight Technologies) -- C:\Program Files (x86)\fmodex64.dll
[2004.07.09 05:08:36 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxsetup.exe
[2004.07.09 05:08:36 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dxsetup.exe
[2004.07.09 05:08:34 | 002,242,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2004.07.09 05:08:34 | 002,242,560 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\dsetup32.dll
[2004.07.09 04:03:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[2004.07.09 04:03:10 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Program Files (x86)\DSETUP.dll
========== Files - Modified Within 30 Days ==========
[2011.08.03 12:52:10 | 000,089,023 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2011.08.03 12:51:37 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml
[2011.08.03 12:51:36 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.03 12:51:36 | 000,003,344 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.03 12:51:35 | 000,089,023 | ---- | M] () -- C:\ProgramData\nvModes.001
[2011.08.03 12:51:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.03 12:51:28 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.03 00:06:55 | 000,000,373 | ---- | M] () -- C:\Users\***\AppData\Roaming\Current.prx
[2011.08.03 00:05:46 | 000,000,600 | ---- | M] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2011.08.02 21:57:04 | 000,001,513 | ---- | M] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2011.07.31 19:14:44 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.07.31 18:30:53 | 000,149,504 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.31 15:20:38 | 000,001,191 | ---- | M] () -- C:\Users\***\Desktop\Free YouTube to MP3 Converter.lnk
[2011.07.28 22:38:30 | 000,001,697 | ---- | M] () -- C:\WarRock.ini
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] () -- C:\Windows\SysNative\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2011.08.02 21:57:04 | 000,001,513 | ---- | C] () -- C:\Users\Public\Desktop\Wireshark.lnk
[2011.08.02 15:03:06 | 4293,054,464 | -HS- | C] () -- C:\hiberfil.sys
[2011.07.31 15:20:38 | 000,001,191 | ---- | C] () -- C:\Users\***\Desktop\Free YouTube to MP3 Converter.lnk
[2011.07.28 22:38:30 | 000,001,697 | ---- | C] () -- C:\WarRock.ini
[2010.08.06 15:40:14 | 000,427,776 | ---- | C] () -- C:\Program Files (x86)\update.exe
[2010.08.06 15:40:10 | 000,035,116 | ---- | C] () -- C:\Program Files (x86)\apps.ini
[2010.08.06 15:40:10 | 000,001,039 | ---- | C] () -- C:\Program Files (x86)\mirrors.ini
[2010.05.29 16:53:10 | 000,001,665 | ---- | C] () -- C:\Windows\[Urban]Config 1.ini
[2010.05.17 10:29:02 | 010,144,768 | ---- | C] () -- C:\Program Files (x86)\QtGui4.dll
[2010.03.25 11:57:36 | 002,699,264 | ---- | C] () -- C:\Program Files (x86)\QtCore4.dll
[2010.03.22 11:59:00 | 000,934,400 | ---- | C] () -- C:\Program Files (x86)\QtNetwork4.dll
[2010.01.15 19:21:29 | 000,000,373 | ---- | C] () -- C:\Users\***\AppData\Roaming\Current.prx
[2009.12.29 20:01:42 | 000,089,023 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.12.29 20:01:42 | 000,089,023 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.12.21 11:32:02 | 000,000,732 | ---- | C] () -- C:\Users\***\AppData\Local\d3d9caps64.dat
[2009.10.23 16:30:31 | 000,166,638 | ---- | C] () -- C:\Windows\hpoins21.dat
[2009.10.21 17:11:19 | 000,000,600 | ---- | C] () -- C:\Users\***\AppData\Local\PUTTY.RND
[2009.10.01 17:39:06 | 000,000,190 | ---- | C] () -- C:\Windows\WinInit.Ini
[2009.08.13 23:39:36 | 000,001,308 | ---- | C] () -- C:\Windows\Vince'vD3D.ini
[2009.07.05 15:03:34 | 000,000,552 | ---- | C] () -- C:\Users\***\AppData\Local\d3d8caps.dat
[2009.05.22 11:14:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2009.05.22 11:14:39 | 000,008,460 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2009.05.01 18:05:44 | 000,095,688 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2009.02.18 14:50:24 | 000,000,687 | ---- | C] () -- C:\Windows\mozver.dat
[2009.01.15 21:12:18 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Roaming\wklnhst.dat
[2009.01.14 23:34:19 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.01.14 22:53:54 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2009.01.14 22:53:54 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2009.01.14 21:00:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.14 18:44:15 | 000,149,504 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.21 14:08:41 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2008.10.21 13:59:06 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 04:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.09.05 20:26:38 | 000,008,138 | ---- | C] () -- C:\Windows\hpomdl21.dat
[2006.11.02 17:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2004.07.22 11:51:34 | 003,432,656 | ---- | C] () -- C:\Program Files\ManagedDX.CAB
[2004.07.22 11:51:34 | 003,432,656 | ---- | C] () -- C:\Program Files (x86)\ManagedDX.CAB
[2004.07.19 23:58:36 | 001,156,363 | ---- | C] () -- C:\Program Files\BDANT.cab
[2004.07.19 23:58:36 | 001,156,363 | ---- | C] () -- C:\Program Files (x86)\BDANT.cab
[2004.07.19 23:53:26 | 000,976,020 | ---- | C] () -- C:\Program Files\BDAXP.cab
[2004.07.19 23:53:26 | 000,976,020 | ---- | C] () -- C:\Program Files (x86)\BDAXP.cab
[2004.07.09 15:17:16 | 013,265,040 | ---- | C] () -- C:\Program Files\dxnt.cab
[2004.07.09 15:17:16 | 013,265,040 | ---- | C] () -- C:\Program Files (x86)\dxnt.cab
[2004.07.09 10:13:48 | 015,493,481 | ---- | C] () -- C:\Program Files\DirectX.cab
[2004.07.09 10:13:48 | 015,493,481 | ---- | C] () -- C:\Program Files (x86)\DirectX.cab
[2004.07.09 10:13:46 | 000,703,080 | ---- | C] () -- C:\Program Files\BDA.cab
[2004.07.09 10:13:46 | 000,703,080 | ---- | C] () -- C:\Program Files (x86)\BDA.cab
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
========== LOP Check ==========
[2011.08.01 18:13:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple
[2011.03.31 15:38:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\AnvSoft
[2010.11.13 18:15:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.07.31 15:20:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2011.02.15 23:01:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.12 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter
[2011.04.12 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2011.06.27 17:55:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.08.20 20:25:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2009.01.14 15:18:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Packard Bell
[2009.10.26 15:35:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers
[2011.06.10 16:49:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Solveig Multimedia
[2011.06.10 22:46:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010.08.30 19:32:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Creative Software
[2010.10.12 18:28:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2009.12.29 22:09:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Teeworlds
[2009.10.07 18:35:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Template
[2011.02.14 18:31:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client
[2009.11.14 13:35:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.08.02 14:48:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\windows
[2011.08.03 00:11:00 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.10.21 23:12:28 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007.11.07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007.11.07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007.11.07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007.11.07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011.08.03 12:51:28 | 4293,054,464 | -HS- | M] () -- C:\hiberfil.sys
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007.11.07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007.11.07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007.11.07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007.11.07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007.11.07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007.11.07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007.11.07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007.11.07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007.11.07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011.08.03 12:51:27 | 311,705,599 | -HS- | M] () -- C:\pagefile.sys
[2008.10.21 13:57:37 | 000,000,473 | ---- | M] () -- C:\RHDSetup.log
[2007.11.07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007.11.07 08:50:40 | 001,927,956 | ---- | M] () -- C:\VC_RED.cab
[2007.11.07 08:53:12 | 000,242,176 | ---- | M] () -- C:\VC_RED.MSI
[2011.07.28 22:38:30 | 000,001,697 | ---- | M] () -- C:\WarRock.ini
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006.11.02 17:06:41 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 17:06:41 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 17:06:41 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006.11.02 17:06:41 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:35:48 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
< %systemroot%\Fonts\*.ini2 >
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
< %systemroot%\REPAIR\*.bak1 >
< %systemroot%\REPAIR\*.ini >
< %systemroot%\system32\*.jpg >
< %systemroot%\*.scr >
< %systemroot%\*._sy >
< %APPDATA%\Adobe\Update\*.* >
< %ALLUSERSPROFILE%\Favorites\*.* >
< %APPDATA%\Microsoft\*.* >
< %PROGRAMFILES%\*.* >
[2010.08.06 15:40:10 | 000,035,116 | ---- | M] () -- C:\Program Files (x86)\apps.ini
[2004.07.09 10:13:46 | 000,703,080 | ---- | M] () -- C:\Program Files (x86)\BDA.cab
[2004.07.19 23:58:36 | 001,156,363 | ---- | M] () -- C:\Program Files (x86)\BDANT.cab
[2004.07.19 23:53:26 | 000,976,020 | ---- | M] () -- C:\Program Files (x86)\BDAXP.cab
[2010.08.06 15:40:26 | 000,066,106 | ---- | M] () -- C:\Program Files (x86)\changelog.txt
[2008.01.21 05:21:59 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2004.07.09 10:13:48 | 015,493,481 | ---- | M] () -- C:\Program Files (x86)\DirectX.cab
[2004.07.09 04:03:10 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\DSETUP.dll
[2004.07.09 05:08:34 | 002,242,560 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\dsetup32.dll
[2004.07.09 15:17:16 | 013,265,040 | ---- | M] () -- C:\Program Files (x86)\dxnt.cab
[2004.07.09 05:08:36 | 000,472,576 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\dxsetup.exe
[2010.05.18 14:46:32 | 001,033,216 | ---- | M] (Firelight Technologies) -- C:\Program Files (x86)\fmodex64.dll
[2004.07.22 11:51:34 | 003,432,656 | ---- | M] () -- C:\Program Files (x86)\ManagedDX.CAB
[2010.08.06 15:40:10 | 000,001,039 | ---- | M] () -- C:\Program Files (x86)\mirrors.ini
[2010.03.25 11:57:36 | 002,699,264 | ---- | M] () -- C:\Program Files (x86)\QtCore4.dll
[2010.05.17 10:29:02 | 010,144,768 | ---- | M] () -- C:\Program Files (x86)\QtGui4.dll
[2010.03.22 11:59:00 | 000,934,400 | ---- | M] () -- C:\Program Files (x86)\QtNetwork4.dll
[2010.08.06 15:40:26 | 010,064,640 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files (x86)\ts3client_win64.exe
[2010.08.07 20:30:33 | 000,121,770 | ---- | M] (TeamSpeak Systems GmbH) -- C:\Program Files (x86)\Uninstall.exe
[2010.08.06 15:40:14 | 000,427,776 | ---- | M] () -- C:\Program Files (x86)\update.exe
< %APPDATA%\Update\*.* >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\system32\user32.dll /md5 >
[2008.01.21 04:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\system32\user32.dll
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:50:35 | 000,179,200 | ---- | M] (Microsoft Corporation) MD5=B304D47D5744BA20FCB99FB8B2C07B0B -- C:\Windows\system32\ws2_32.dll
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\system32\ws2help.dll
< MD5 for: EXPLORER.EXE >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SysWOW64\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:48:44 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:49:23 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
< MD5 for: WININIT.EXE >
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] () MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
< MD5 for: WINLOGON.EXE >
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] () MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\SysNative\winlogon.exe
[2008.01.21 04:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SysWOW64\winlogon.exe
[2008.01.21 04:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< >
< End of report > Der Suchlauf per GMER konnte auch nicht richtig ausgeführt werden. Zumindest der zweite. Beim ersten kurzen Scan kam nichts. Als ichd en zweiten machen wollte und ein Häkchen für die ganzen Sachen setezen wollte, ging das nicht. Alle waren grau hinterlegt. Ich konnte nur ein Häkchen bei Registry, Services und Files setzen bzw. die waren schon vorher gesetzt, alle anderen waren komischerweise grau.
Deshalb habe ich keinen Scan gemacht.
Frage nebenbei: Wäre ein Scan mit dem Rootkit scanner von KasperSky nicht besser?
Und noch was: Nachdem ich den Scan mit OTL gemacht habe, habe ich auf meinem Desktop zwei "desktop.ini" bemerkt, die ein wenig durchsichtig waren. In einer stand das hier: Code:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183 In der anderne Das hier: Code:
[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799
[LocalizedFileNames]
Microsoft Office - 60 Day Trial.lnk=@C:\PROGRA~2\MICROS~3\mui\oaa.dll,-103 |