Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit (https://www.trojaner-board.de/108646-bundespolizei-ukash-100-trojaner-windows-7-64bit.html)

Bananaphone 26.01.2012 22:26
Bundespolizei Ukash 100€ Trojaner, Windows 7 64bit
 
Hallo alle,

scheinbar gibt es zur Zeit eine richtige Welle von diesen Trojanern... und leider hat's mich auch erwischt und ersuche euch nun um Hilfe. Betroffen ist die Windows 7 Partition meines Laptops(den ich auch fürs Studium nutze :/), diese startet nicht mehr (nur noch im abgesicherten Modus) und es wird nur das übliche Abzock-Bild gezeigt. Meine Windows XP (SP3) Partition funktioniert, zumindest augenscheinlich, noch. Zusätzlich habe ich noch einen alten Rechner zur Verfügung, der unbetroffen ist.
Avira habe ich durchlaufen lassen, hat aber keine Funde geliefert.
Defogger habe ich wie beschrieben ausgeführt.
OTL habe ich durchlaufen lassen.

Über Hilfe wäre ich echt dankbar :),

mfg

OTL.txt:
OTL Logfile:
Code:
OTL logfile created on: 26.01.2012 21:57:56 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\chris2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,75% Memory free
7,93 Gb Paging File | 7,32 Gb Available in Paging File | 92,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 12,86 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
Drive E: | 226,38 Gb Total Space | 79,28 Gb Free Space | 35,02% Space Free | Partition Type: NTFS
Drive G: | 40,00 Gb Total Space | 26,02 Gb Free Space | 65,05% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOLEON | User Name: chris2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.26 21:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.04 02:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.02 11:53:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 10:59:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.12 13:25:17 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.02 11:53:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 11:53:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.24 14:05:00 | 000,144,688 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.01.28 16:07:47 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.04 02:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.10.09 07:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.09 04:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.28 14:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2008.08.28 10:52:56 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.01.10 19:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.08.27 06:30:17 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 D2 37 81 D2 D1 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.14
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6_64\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: E:\Programme\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: E:\Programme\Mozilla Firefox\components [2011.12.21 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.12.21 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2011.09.25 17:15:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins
 
[2011.03.08 11:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Extensions
[2010.10.04 13:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.21 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions
[2012.01.21 13:37:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.21 13:37:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.04.07 22:46:02 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\2020Player@2020Technologies.com
[2010.04.11 14:22:25 | 000,000,000 | ---D | M] (Java Console) -- E:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011.05.23 17:52:07 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:        127.0.0.1      localhost
O1 - Hosts:        ::1            localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6_64\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3C49D00-35F3-45BA-9A00-F4BDB0D646F6}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.11 11:08:26 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\Shell - "" = AutoRun
O33 - MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.26 21:08:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
[2012.01.15 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\chris2\Desktop\gldemo_rock_e
[2012.01.12 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\chris2\Desktop\gldemo_rock
[2012.01.12 17:06:26 | 000,000,000 | ---D | C] -- E:\Documents\Visual Studio 2010
[2012.01.12 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.01.12 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012.01.12 16:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2012.01.12 16:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.01.12 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.01.12 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.01.12 16:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.01.12 16:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.12 16:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2012.01.12 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.12 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2012.01.12 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012.01.12 16:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2012.01.12 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012.01.12 16:50:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2012.01.12 16:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012.01.12 16:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.01.12 16:40:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.09 13:52:48 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\#Start Menu#
[2012.01.07 15:49:16 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Canneverbe Limited
[2012.01.07 15:48:00 | 000,000,000 | ---D | C] -- E:\Documents\CDBurnerXP Projects
[2012.01.07 15:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.01.06 16:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\chris2\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\chris2\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\chris2\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\chris2\AppData\Local\bass.dll
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.26 21:09:36 | 000,000,000 | ---- | M] () -- C:\Users\chris2\defogger_reenable
[2012.01.26 21:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
[2012.01.26 21:08:03 | 000,050,477 | ---- | M] () -- C:\Users\chris2\Desktop\Defogger.exe
[2012.01.26 20:57:20 | 000,655,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.26 20:57:20 | 000,124,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.26 20:52:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.26 20:52:49 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.26 19:38:02 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 19:38:02 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 19:35:48 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.26 17:22:11 | 000,001,051 | ---- | M] () -- C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.5893427876083296.exe.lnk
[2012.01.26 14:20:36 | 000,002,062 | -H-- | M] () -- E:\Documents\Default.rdp
[2012.01.22 23:21:15 | 000,000,600 | ---- | M] () -- C:\Users\chris2\AppData\Roaming\winscp.rnd
[2012.01.22 18:46:23 | 000,075,571 | ---- | M] () -- C:\Users\chris2\Desktop\Postal-v3.4.13.zip
[2012.01.21 13:32:35 | 000,008,209 | ---- | M] () -- C:\Users\chris2\Desktop\grooveshark_unlocker-1.0-fx.zip
[2012.01.19 23:56:42 | 000,000,881 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.01.16 11:36:38 | 000,314,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.15 13:18:23 | 000,000,999 | ---- | M] () -- C:\Users\chris2\Desktop\Microsoft Visual Studio 2010.lnk
[2012.01.13 22:05:05 | 000,075,562 | ---- | M] () -- C:\Users\chris2\Desktop\tagettes.zip
[2012.01.12 21:31:20 | 017,649,835 | ---- | M] () -- C:\Users\chris2\Desktop\gldemo_rock.zip
[2012.01.12 16:48:06 | 000,764,126 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 13:54:22 | 000,000,032 | ---- | M] () -- C:\Windows\a1b2c3.INI
[2012.01.07 15:59:14 | 000,001,086 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\DTLite.exe - Shortcut.lnk
[2012.01.07 15:49:12 | 001,556,992 | ---- | M] () -- C:\Windows\is-2S9V8.exe
[2012.01.07 15:49:12 | 000,021,031 | ---- | M] () -- C:\Windows\is-2S9V8.msg
[2012.01.07 15:49:12 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,331 | ---- | M] () -- C:\Windows\is-2S9V8.lst
[2012.01.06 13:36:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.03 16:50:07 | 000,001,136 | ---- | M] () -- C:\Users\chris2\Desktop\HWMonitor.exe.lnk
[2012.01.03 16:48:25 | 000,001,037 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.26 21:09:36 | 000,000,000 | ---- | C] () -- C:\Users\chris2\defogger_reenable
[2012.01.26 21:08:02 | 000,050,477 | ---- | C] () -- C:\Users\chris2\Desktop\Defogger.exe
[2012.01.26 17:22:06 | 000,001,051 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.5893427876083296.exe.lnk
[2012.01.22 18:46:19 | 000,075,571 | ---- | C] () -- C:\Users\chris2\Desktop\Postal-v3.4.13.zip
[2012.01.21 13:32:35 | 000,008,209 | ---- | C] () -- C:\Users\chris2\Desktop\grooveshark_unlocker-1.0-fx.zip
[2012.01.15 13:18:23 | 000,000,999 | ---- | C] () -- C:\Users\chris2\Desktop\Microsoft Visual Studio 2010.lnk
[2012.01.13 22:05:05 | 000,075,562 | ---- | C] () -- C:\Users\chris2\Desktop\tagettes.zip
[2012.01.12 21:26:22 | 017,649,835 | ---- | C] () -- C:\Users\chris2\Desktop\gldemo_rock.zip
[2012.01.12 16:48:03 | 000,764,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 13:52:54 | 000,000,032 | ---- | C] () -- C:\Windows\a1b2c3.INI
[2012.01.07 15:59:14 | 000,001,086 | ---- | C] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\DTLite.exe - Shortcut.lnk
[2012.01.07 15:49:12 | 001,556,992 | ---- | C] () -- C:\Windows\is-2S9V8.exe
[2012.01.07 15:49:12 | 000,021,031 | ---- | C] () -- C:\Windows\is-2S9V8.msg
[2012.01.07 15:49:12 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,331 | ---- | C] () -- C:\Windows\is-2S9V8.lst
[2012.01.06 13:36:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.03 16:50:07 | 000,001,136 | ---- | C] () -- C:\Users\chris2\Desktop\HWMonitor.exe.lnk
[2012.01.03 16:48:25 | 000,001,037 | ---- | C] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
[2011.11.02 16:01:51 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.19 19:12:17 | 000,000,600 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\winscp.rnd
[2011.08.04 12:57:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.08.04 12:54:51 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.07.22 19:43:21 | 000,001,470 | ---- | C] () -- C:\Users\chris2\AppData\Local\RecConfig.xml
[2011.04.18 21:45:35 | 000,046,790 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\room.dat
[2011.03.18 18:43:59 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2011.03.18 18:43:59 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2010.12.13 23:04:46 | 000,001,063 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\MPQEditor.ini
[2010.12.02 17:22:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.04 15:36:42 | 000,007,605 | ---- | C] () -- C:\Users\chris2\AppData\Local\Resmon.ResmonCfg
[2010.10.04 13:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.04 01:01:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\chris2\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\chris2\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\chris2\AppData\Local\no23xwrapper.dll
[2004.03.30 21:47:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\nl_msgs.dll
[2004.03.30 21:47:41 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\nl_msgc.dll
[2000.05.20 16:23:48 | 000,086,016 | ---- | C] () -- C:\Windows\StartupMonitor.exe
 
========== LOP Check ==========
 
[2011.04.15 23:14:01 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\.minecraft
[2010.12.17 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Amazon
[2012.01.07 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Canneverbe Limited
[2011.12.07 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Canon
[2011.11.12 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\DAEMON Tools Lite
[2011.04.27 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Dev-Cpp
[2012.01.24 08:26:53 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\foobar2000
[2011.05.30 01:05:24 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\gtk-2.0
[2012.01.26 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\ICQ
[2010.10.04 15:47:49 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\ICQLite
[2010.10.08 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\LockTime
[2011.10.31 00:32:52 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\LolClient
[2010.10.04 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Miranda
[2011.10.31 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Notepad++
[2010.12.07 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\OpenOffice.org
[2010.10.04 01:51:54 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Opera
[2010.10.24 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\RayV
[2010.12.08 13:34:43 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Subversion
[2010.12.07 22:39:03 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\syntevo
[2011.10.09 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Thinstall
[2010.10.04 13:55:11 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Thunderbird
[2011.11.06 01:42:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\VBA-M
[2010.11.30 19:12:39 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\wsIRC
[2010.10.05 21:35:41 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Youtube Downloader HD
[2011.11.30 13:28:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.10.04 01:12:47 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.10.04 02:49:10 | 000,000,000 | ---D | M] -- C:\AMD
[2010.10.04 02:55:14 | 000,000,000 | ---D | M] -- C:\ATI
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.10.04 02:33:17 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.12 16:59:10 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.12 16:59:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.01.07 15:47:58 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.11.27 13:05:41 | 000,000,000 | ---D | M] -- C:\Programme
[2010.10.04 01:12:29 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.10.26 20:37:05 | 000,000,000 | -HSD | M] -- C:\RECYCLER
[2010.10.04 16:38:45 | 000,000,000 | ---D | M] -- C:\symbols
[2012.01.26 19:34:46 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.10.04 01:12:38 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.26 17:23:56 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
[2007.01.18 20:09:54 | 000,623,616 | ---- | M] (Ivan Bischof ©2003 - 2005) -- C:\Users\chris2\AppData\Local\No23 Recorder.exe
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 10:23:34 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7631EA83

< End of report >
--- --- ---





Extras.txt:
OTL Logfile:
Code:
OTL Extras logfile created on: 26.01.2012 21:57:56 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\chris2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,75% Memory free
7,93 Gb Paging File | 7,32 Gb Available in Paging File | 92,31% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 12,86 Gb Free Space | 32,14% Space Free | Partition Type: NTFS
Drive E: | 226,38 Gb Total Space | 79,28 Gb Free Space | 35,02% Space Free | Partition Type: NTFS
Drive G: | 40,00 Gb Total Space | 26,02 Gb Free Space | 65,05% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOLEON | User Name: chris2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- E:\Programme\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- E:\Programme\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1DABE61D-DE02-4404-939A-925C202B3721}" = Oracle VM VirtualBox 4.0.10
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{69D65833-4A83-267A-7DB4-9FCBBE72675D}" = ATI Catalyst Install Manager
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{A269F383-3E55-DAFF-F948-655FDB3DB58A}" = ccc-utility64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Aero (Tahoma Font)_is1" = Windows Aero (Tahoma Font)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English
"{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5725E5CA-A91D-C903-99DB-F8C010E0B637}" = Catalyst Control Center InstallProxy
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6BB3D375-1CFC-4E8A-86F9-CC0D7C2AE15B}" = SmartSVN 6.6
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{716DF934-6FDC-47E8-879A-4AD63BFF02F9}" = PHOTORECOVERY for Digital Media DEMO
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB7D24EC-BB5A-E746-C5D2-526BBE6C36AD}" = Catalyst Control Center Graphics Previews Vista
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle.net" = Battle.net
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo" = Diablo
"Fraps" = Fraps (remove only)
"ghsw.info-ams_is1" = ghsw.info Inventarverwaltung 1.1.4
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"GSview 4.9" = GSview 4.9
"HEXwrite_is1" = HEXwrite
"hon" = Heroes of Newerth
"ICQLite" = ICQ 5.1
"Kain 2" = Legacy of Kain: Soul Reaver
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.4
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NClass_is1" = NClass 2.03
"NetLimiter" = NetLimiter 1.30 (remove only)
"Opera 11.60.1185" = Opera 11.60
"Puhbert's Quest Demo" = Puhbert's Quest Demo
"RayV" = DTVblizzcon
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"SpeedFan" = SpeedFan (remove only)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.5
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"xampp" = XAMPP 1.7.4
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BorderLayoutDemo" = BorderLayoutDemo
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"MiG Calendar Demo" = MiG Calendar Demo
"MiG Layout Swing Demo Application" = MiG Layout Swing Demo Application
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2012 13:00:42 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 12.01.2012 13:00:42 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 12.01.2012 13:01:08 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 12.01.2012 13:01:08 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 22.01.2012 18:06:48 | Computer Name = laptoleon | Source = Application Error | ID = 1000
Description = Faulting application name: VirtualBox.exe, version: 4.0.10.0, time
 stamp: 0x4e048ba3  Faulting module name: QtCoreVBox4.dll, version: 4.4.3.0, time
stamp: 0x49d69ee1  Exception code: 0x80000001  Fault offset: 0x00000000001b4f25  Faulting
 process id: 0xd00  Faulting application start time: 0x01ccd951dcc9534f  Faulting application
 path: E:\Programme\Oracle\VirtualBox\VirtualBox.exe  Faulting module path: E:\Programme\Oracle\VirtualBox\QtCoreVBox4.dll
Report
 Id: 6083ddab-4545-11e1-9edf-0024540612a2
 
Error - 22.01.2012 18:07:52 | Computer Name = laptoleon | Source = Application Hang | ID = 1002
Description = The program VirtualBox.exe version 4.0.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: fdc    Start
 Time: 01ccd951e281f683    Termination Time: 10    Application Path: E:\PROGRA~1\Oracle\VIRTUA~1\VirtualBox.exe

Report
 Id: 85571a89-4545-11e1-9edf-0024540612a2 
 
Error - 22.01.2012 18:07:57 | Computer Name = laptoleon | Source = Application Hang | ID = 1002
Description = The program VirtualBox.exe version 4.0.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d00    Start
 Time: 01ccd951dcc9534f    Termination Time: 3    Application Path: E:\Programme\Oracle\VirtualBox\VirtualBox.exe

Report
 Id: 8890e449-4545-11e1-9edf-0024540612a2 
 
Error - 26.01.2012 15:57:17 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 8316. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
Error - 26.01.2012 15:57:17 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD in the Data section contains the error code.
 
Error - 26.01.2012 15:57:20 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 8316. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
[ Cisco AnyConnect VPN Client Events ]
Error - 25.01.2012 09:52:09 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::writeIpc File: .\IPC\IPCDepot.cpp Line: 596 Invoked
 Function: CIpcTransport::writeIpc Return Code: -31522805 (0xFE1F000B) Description:
 SOCKETTRANSPORT_ERROR_WRITE
 
Error - 25.01.2012 09:52:09 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::OnTunnelStateChange File: .\VpnMgr.cpp Line: 4135
Invoked
 Function: CVpnMgr::sendStateTlv Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1257 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 An existing connection was forcibly closed by the remote host. 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1258 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1644 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
 connection was forcibly closed by the remote host. 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
 
Error - 25.01.2012 13:31:14 | Computer Name = laptoleon | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 25.01.2012 13:31:14 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
 1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
 cannot find the file specified. 
 
[ System Events ]
Error - 26.01.2012 16:50:00 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:52:18 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:52:18 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:52:18 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:57:06 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:57:06 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:57:06 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:59:24 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:59:24 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 26.01.2012 16:59:24 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
 
< End of report >
--- --- ---

kira 27.01.2012 10:41
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Achtung!:
Wenn Du nur im abgesicherten Modus starten kannst, dann bitte dort einen Vollscan machen. Danach versuche Malwarebytes nochmal im normalen Modus zu starten-> updaten -> und erneut einen Vollscan durchführen! Jedes Protokoll posten!

Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

2.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\Shell - "" = AutoRun
O33 - MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\Shell\AutoRun\command - "" = F:\autorun.exe
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:7631EA83

:Commands
[purity]
[emptytemp]

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira

Bananaphone 27.01.2012 14:10
Hi kira,

danke für deine Hilfe. Habe nun die einzelnen Schritte ausgeführt, malwarebytes hat scheinbar was gefunden:

Edit1:
Mist, jetzt habe ich ganz vergessen Malwarebytes nochmal im Normal-Modus auszuführen, ich werde das direkt tun/versuchen und den log hier rein editieren.

1. Malwarebytes
Code:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.27.02

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.7601.17514
chris2 :: LAPTOLEON [Administrator]

27.01.2012 10:59:47
mbam-log-2012-01-27 (10-59-47).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 515595
Laufzeit: 1 Stunde(n), 18 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\chris2\AppData\Local\Temp\0.5893427876083296.exe (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\chris2\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33\64962ae1-56006d53 (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.5893427876083296.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
--- --- ---

2. OTL-Fix (Laufwerk F:\ war bei mir ein Daemontools-Laufwerk (habs jetzt erstmal gelöscht), mein normales DVD-Laufwerk D:\ tauchte bislang scheinbar nicht in den logs auf, wollts nur gesagt haben, falls es irgendwie wichtig ist).
Code:
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cbc554e-0d14-11e1-a208-0024540612a2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3cbc554e-0d14-11e1-a208-0024540612a2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3cbc554e-0d14-11e1-a208-0024540612a2}\ not found.
File F:\autorun.exe not found.
ADS C:\ProgramData\TEMP:7631EA83 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: chris2
->Temp folder emptied: 151168553 bytes
->Temporary Internet Files folder emptied: 4307422 bytes
->Java cache emptied: 29716954 bytes
->FireFox cache emptied: 48297617 bytes
->Opera cache emptied: 4134481 bytes
->Flash cache emptied: 42457 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 181008248 bytes
 
Total Files Cleaned = 399,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01272012_130854

Files\Folders moved on Reboot...
File move failed. C:\Users\chris2\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
--- --- ---

3. CCleaner install.txt
Code:
7-Zip 9.20                01.04.2011               
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        03.10.2010        6,00MB        10.1.85.3
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        27.12.2011        6,00MB        11.1.102.55
Adobe Photoshop CS        Adobe Systems, Inc.        01.06.2011                CS
Adobe Shockwave Player 11.6        Adobe Systems, Inc.        26.06.2011                11.6.0.626
Amazon MP3-Downloader 1.0.9                16.12.2010               
ATI Catalyst Install Manager        ATI Technologies, Inc.        03.10.2010        22,3MB        3.0.786.0
Avira AntiVir Personal - Free Antivirus        Avira GmbH        29.10.2011        61,8MB        10.2.0.704
AVM FRITZ!Box USB-Fernanschluss        AVM Berlin        27.01.2011                2.2.1.0
Battle.net                17.03.2011               
BorderLayoutDemo        The Java(tm) Tutorial        18.05.2011               
Canon MP Navigator EX 2.0                06.12.2011               
CanoScan 5600F Scanner Driver                06.12.2011               
CCleaner        Piriform        26.01.2012                3.15
CDBurnerXP        CDBurnerXP        06.01.2012        17,9MB        4.4.0.2905
Cisco AnyConnect VPN Client        Cisco Systems, Inc.        17.10.2010        3,93MB        2.4.1012
DAEMON Tools Lite        DT Soft Ltd        11.11.2011                4.45.1.0236
Debugging Tools for Windows (x64)        Microsoft Corporation        03.10.2010        39,8MB        6.12.2.633
Dev-C++ 5 beta 9 release (4.9.9.2)                26.04.2011               
Diablo                17.03.2011               
DTVblizzcon        RayV        23.10.2010                3.0.0.32
Easy Display Manager        Samsung Electronics Co., Ltd.        10.06.2011                3.0
Fraps (remove only)                02.08.2011               
ghsw.info Inventarverwaltung 1.1.4        Gert Heil        29.12.2010                1.1.4.568
GIMP 2.6.11        The GIMP Team        17.12.2010        106,8MB        2.6.11
GOM Player        Gretech Corporation        07.03.2011                2.1.28.5039
GOMTV Streamer        Gretech Corporation        28.03.2011                1.0.0.25
GSview 4.9                23.03.2011               
Heroes of Newerth        S2 Games        26.11.2011                2.0.33
HEXwrite        Bluefive software        07.01.2011        0,83MB        1.0.7
ICQ 5.1                03.10.2010               
ICQ Update Patch 1.7        murb.com        03.10.2010        0,79MB       
ICQ7.2        ICQ        03.10.2010                7.2
Intel® Matrix Storage Manager        Intel Corporation        18.03.2011               
Java(TM) 6 Update 21        Oracle        05.10.2010        94,9MB        6.0.210
Java(TM) 6 Update 22 (64-bit)        Oracle        05.12.2010        90,7MB        6.0.220
Java(TM) SE Development Kit 6 Update 22 (64-bit)        Oracle        05.12.2010        144,5MB        1.6.0.220
League of Legends        Riot Games        29.10.2011                1.02.0000
Legacy of Kain: Soul Reaver                05.01.2012               
Malwarebytes Anti-Malware Version 1.60.0.1800        Malwarebytes Corporation        26.01.2012        18,6MB        1.60.0.1800
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        11.01.2012        38,8MB        4.0.30319
Microsoft .NET Framework 4 Extended        Microsoft Corporation        11.01.2012        52,0MB        4.0.30319
Microsoft .NET Framework 4 Multi-Targeting Pack        Microsoft Corporation        11.01.2012        83,5MB        4.0.30319
Microsoft ASP.NET MVC 2        Microsoft Corporation        11.01.2012        0,47MB        2.0.50217.0
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools        Microsoft Corporation        11.01.2012        2,25MB        2.0.50217.0
Microsoft Help Viewer 1.0        Microsoft Corporation        11.01.2012        3,97MB        1.0.30319
Microsoft PowerPoint Viewer        Microsoft Corporation        26.04.2011        147,6MB        14.0.4763.1000
Microsoft Silverlight        Microsoft Corporation        11.01.2012        24,9MB        3.0.40818.0
Microsoft Silverlight 3 SDK        Microsoft Corporation        11.01.2012        31,9MB        3.0.40818.0
Microsoft SQL Server 2008 R2 Data-Tier Application Framework        Microsoft Corporation        11.01.2012        0,32MB        10.50.1447.4
Microsoft SQL Server 2008 R2 Data-Tier Application Project        Microsoft Corporation        11.01.2012        11,8MB        10.50.1447.4
Microsoft SQL Server 2008 R2 Management Objects        Microsoft Corporation        11.01.2012        15,3MB        10.50.1447.4
Microsoft SQL Server 2008 R2 Management Objects (x64)        Microsoft Corporation        11.01.2012        10,1MB        10.50.1447.4
Microsoft SQL Server 2008 R2 Transact-SQL Language Service        Microsoft Corporation        11.01.2012        5,34MB        10.50.1447.4
Microsoft SQL Server Compact 3.5 SP2 ENU        Microsoft Corporation        11.01.2012        3,39MB        3.5.8080.0
Microsoft SQL Server Compact 3.5 SP2 x64 ENU        Microsoft Corporation        11.01.2012        4,51MB        3.5.8080.0
Microsoft SQL Server Database Publishing Wizard 1.4        Microsoft Corporation        11.01.2012        10,2MB        10.1.2512.8
Microsoft SQL Server System CLR Types        Microsoft Corporation        11.01.2012        2,53MB        10.50.1447.4
Microsoft SQL Server System CLR Types (x64)        Microsoft Corporation        11.01.2012        0,83MB        10.50.1447.4
Microsoft Sync Framework Runtime v1.0 SP1 (x64)        Microsoft Corporation        11.01.2012        1,01MB        1.0.3010.0
Microsoft Sync Framework SDK v1.0 SP1        Microsoft Corporation        11.01.2012        29,6MB        1.0.3010.0
Microsoft Sync Framework Services v1.0 SP1 (x64)        Microsoft Corporation        11.01.2012        2,85MB        1.0.3010.0
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)        Microsoft Corporation        11.01.2012        0,53MB        2.0.3010.0
Microsoft Team Foundation Server 2010 Object Model - ENU        Microsoft Corporation        11.01.2012                10.0.30319
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        29.12.2010        0,42MB        8.0.56336
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022        Microsoft Corporation        05.12.2010        1,71MB        9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148        Microsoft Corporation        03.10.2010        0,77MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        03.10.2010        0,58MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974        Microsoft Corporation        11.01.2012        0,58MB        9.0.30729.4974
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319        Microsoft Corporation        11.01.2012        0,27MB        10.0.30319
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319        Microsoft Corporation        03.10.2010        13,7MB        10.0.30319
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319        Microsoft Corporation        11.01.2012        33,0MB        10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319        Microsoft Corporation        03.10.2010        11,0MB        10.0.30319
Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319        Microsoft Corporation        11.01.2012        26,0MB        10.0.30319
Microsoft Visual F# 2.0 Runtime        Microsoft Corporation        11.01.2012        5,82MB        10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools        Microsoft Corporation        11.01.2012        33,4MB        10.0.30319
Microsoft Visual Studio 2010 Professional - ENU        Microsoft Corporation        11.01.2012                10.0.30319
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)        Microsoft Corporation        11.01.2012                10.0.30319
Microsoft Visual Studio Macro Tools        Microsoft Corporation        11.01.2012                9.0.30729
Microsoft Windows SDK for Windows 7 (7.1)        Microsoft Corporation        03.10.2010                7.1.7600.0.30514
MiG Calendar Demo        MiG InfoCom AB        20.05.2011               
MiG Layout Swing Demo Application        MiG InfoCom AB        06.05.2011               
MiKTeX 2.9        MiKTeX.org        02.05.2011                2.9
Miranda IM 0.9.4                03.10.2010               
Mozilla Firefox (3.6.25)        Mozilla        20.12.2011                3.6.25 (de)
Mozilla Thunderbird 9.0.1 (x86 de)        Mozilla        18.01.2012        47,2MB        9.0.1
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        19.07.2011        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        19.07.2011        1,33MB        4.20.9876.0
NClass 2.03        Balazs Tihanyi        30.11.2010        3,08MB        2.03
NetBeans IDE 7.0        NetBeans.org        12.05.2011                7.0
NetLimiter 1.30 (remove only)                07.10.2010               
No23 Recorder        No23        21.07.2011        2,44MB        2.1.0.3
OpenOffice.org 3.2        OpenOffice.org        05.12.2010        365MB        3.2.9502
Opera 11.60        Opera Software ASA        09.12.2011                11.60.1185
Oracle VM VirtualBox 4.0.10        Oracle Corporation        30.06.2011        120,4MB        4.0.10
Pando Media Booster        Pando Networks Inc.        29.10.2011        5,47MB        2.3.6.0
PDFCreator        Frank Heindörfer, Philip Chinery        16.12.2010                1.1.0
PHOTORECOVERY for Digital Media DEMO        LC Tech Inc        03.12.2011        3,36MB        2.1.0
POV-Ray for Windows v3.62        Persistence of Vision Raytracer Pty. Ltd.        26.10.2011        21,9MB        3.62
Puhbert's Quest Demo                08.01.2012               
Samsung ML-1640 Series        Samsung Electronics CO.,LTD        01.11.2011               
Skype™ 5.5        Skype Technologies S.A.        24.10.2011        17,0MB        5.5.124
SmartSVN 6.6        syntevo GmbH        05.05.2011        88,2MB        6.6.7
SpeedFan (remove only)                30.11.2011               
StartupMonitor        Mike Lin        03.10.2010        74,00KB        1.0.2.0
Stellar Phoenix Photo Recovery        Stellar Information Systems Ltd        03.12.2011        10,4MB        4.0.0.0
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49        eRightSoft        03.08.2011        42,7MB        v2011.build.49
Synaptics Pointing Device Driver        Synaptics        03.10.2010                11.1.3.2
TeXnicCenter Version 1.0 Stable RC1        TeXnicCenter.org        02.05.2011                Version 1.0 Stable RC1
TortoiseSVN 1.6.12.20536 (32 bit)        TortoiseSVN        07.12.2010        18,4MB        1.6.20536
Visual Studio 2010 Prerequisites - English        Microsoft Corporation        11.01.2012        5,83MB        10.0.30319
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU        Microsoft Corporation        11.01.2012        10,8MB        4.0.8080.0
Web Deployment Tool        Microsoft Corporation        11.01.2012        3,10MB        1.1.0618
Windows Aero (Tahoma Font)        Eric G.        03.10.2010        9,25MB       
Windows Media Player Firefox Plugin        Microsoft Corp        20.12.2011        0,29MB        1.0.0.8
WinRAR                03.10.2010               
WinSCP 4.3.5        Martin Prikryl        18.10.2011        8,69MB        4.3.5
World of Warcraft        Blizzard Entertainment        02.12.2011                4.3.0.15050
World of Warcraft Public Test        Blizzard Entertainment        12.01.2011                0.0.0.0
x264vfw - H.264/MPEG-4 AVC codec (remove only)                03.08.2011               
XAMPP 1.7.4                05.05.2011               
XNResourceEditor 3.0.0.1        Colin Wilson        18.10.2011
--- --- ---

4. OTL scan-logs

OTL.txt:
OTL Logfile:
Code:
OTL logfile created on: 27.01.2012 13:29:21 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\chris2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 87,43% Memory free
7,93 Gb Paging File | 7,45 Gb Available in Paging File | 93,95% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 13,02 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive E: | 226,38 Gb Total Space | 79,69 Gb Free Space | 35,20% Space Free | Partition Type: NTFS
Drive G: | 40,00 Gb Total Space | 26,33 Gb Free Space | 65,82% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOLEON | User Name: chris2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.26 21:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.04 02:51:20 | 000,203,264 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.02 11:53:08 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.01 10:59:43 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.17 23:32:30 | 000,497,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 19:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.12 13:25:17 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.07.02 11:53:08 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 11:53:08 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.06.24 14:05:00 | 000,144,688 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.01.28 16:07:47 | 000,116,096 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmaudio.sys -- (avmaudio)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.08.04 03:22:36 | 007,451,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.04 02:15:44 | 000,268,288 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.10.09 07:50:50 | 000,024,248 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 03:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.09 04:18:20 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DGIVECP.SYS -- (DgiVecp)
DRV:64bit: - [2009.06.04 18:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.28 14:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2008.08.28 10:52:56 | 000,324,656 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2008.01.10 19:34:52 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2011.03.18 17:08:56 | 000,029,592 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)
DRV - [2009.08.27 06:30:17 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B4 D2 37 81 D2 D1 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.14
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\Java\jre6_64\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: E:\Programme\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: E:\Programme\Mozilla Firefox\components [2011.12.21 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: E:\Programme\Mozilla Firefox\plugins [2011.12.21 17:05:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: E:\Programme\Mozilla Thunderbird\components [2011.09.25 17:15:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: E:\Programme\Mozilla Thunderbird\plugins
 
[2011.03.08 11:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Extensions
[2010.10.04 13:55:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.21 13:37:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions
[2012.01.21 13:37:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.01.21 13:37:27 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.04.07 22:46:02 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\chris2\AppData\Roaming\Mozilla\Firefox\Profiles\1u9xfgkt.default\extensions\2020Player@2020Technologies.com
File not found (No name found) -- E:\PROGRAMME\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2011.05.23 17:52:07 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts:        127.0.0.1      localhost
O1 - Hosts:        ::1            localhost
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\Java\jre6_64\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Run StartupMonitor] C:\Windows\StartupMonitor.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - E:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files (x86)\ICQLite\ICQLite.exe (ICQ Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files (x86)\NetLimiter\nl_lsp.dll ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F3C49D00-35F3-45BA-9A00-F4BDB0D646F6}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.11 11:08:26 | 000,000,000 | ---- | M] () - G:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.27 13:16:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.01.27 13:08:54 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.27 11:05:54 | 003,587,688 | ---- | C] (Piriform Ltd) -- C:\Users\chris2\Desktop\ccsetup315.exe
[2012.01.27 10:56:36 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Malwarebytes
[2012.01.27 10:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.27 10:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.27 10:56:30 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.01.27 10:56:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.01.27 10:53:47 | 010,847,608 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\chris2\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.26 21:08:14 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
[2012.01.15 15:06:52 | 000,000,000 | ---D | C] -- C:\Users\chris2\Desktop\gldemo_rock_e
[2012.01.12 21:31:37 | 000,000,000 | ---D | C] -- C:\Users\chris2\Desktop\gldemo_rock
[2012.01.12 17:06:26 | 000,000,000 | ---D | C] -- E:\Documents\Visual Studio 2010
[2012.01.12 16:59:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012.01.12 16:59:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2012.01.12 16:58:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Sync Framework
[2012.01.12 16:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2012.01.12 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.01.12 16:58:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.01.12 16:58:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.01.12 16:58:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.01.12 16:57:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 3 SDK
[2012.01.12 16:57:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.01.12 16:56:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft ASP.NET
[2012.01.12 16:56:14 | 000,000,000 | ---D | C] -- C:\Program Files\IIS
[2012.01.12 16:56:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IIS
[2012.01.12 16:50:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Designer
[2012.01.12 16:50:40 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\1033
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft F#
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.01.12 16:50:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTML Help Workshop
[2012.01.12 16:48:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.01.12 16:48:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\1033
[2012.01.12 16:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012.01.12 16:40:01 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.01.09 13:52:48 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\#Start Menu#
[2012.01.07 15:49:16 | 000,000,000 | ---D | C] -- C:\Users\chris2\AppData\Roaming\Canneverbe Limited
[2012.01.07 15:48:00 | 000,000,000 | ---D | C] -- E:\Documents\CDBurnerXP Projects
[2012.01.07 15:47:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2012.01.06 16:24:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eidos Interactive
[2012.01.06 16:19:17 | 000,328,704 | ---- | C] (InstallShield Software Corporation ) -- C:\Windows\IsUn0407.exe
[2007.08.13 16:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\chris2\AppData\Local\CDRip.dll
[2007.01.18 20:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\chris2\AppData\Local\No23 Recorder.exe
[2006.12.11 18:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\chris2\AppData\Local\basscd.dll
[2006.12.11 18:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\chris2\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.27 13:16:24 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.27 13:10:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.27 13:10:21 | 3193,393,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.27 11:06:25 | 003,587,688 | ---- | M] (Piriform Ltd) -- C:\Users\chris2\Desktop\ccsetup315.exe
[2012.01.27 10:56:48 | 000,786,882 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.27 10:56:48 | 000,655,732 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.27 10:56:48 | 000,124,472 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.27 10:56:31 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.27 10:55:49 | 010,847,608 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\chris2\Desktop\mbam-setup-1.60.0.1800.exe
[2012.01.27 00:57:29 | 107,838,303 | ---- | M] () -- C:\Users\chris2\Desktop\pmagic_2011_12_30.iso
[2012.01.26 21:09:36 | 000,000,000 | ---- | M] () -- C:\Users\chris2\defogger_reenable
[2012.01.26 21:08:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\chris2\Desktop\OTL.exe
[2012.01.26 21:08:03 | 000,050,477 | ---- | M] () -- C:\Users\chris2\Desktop\Defogger.exe
[2012.01.26 19:38:02 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 19:38:02 | 000,016,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.26 14:20:36 | 000,002,062 | -H-- | M] () -- E:\Documents\Default.rdp
[2012.01.22 23:21:15 | 000,000,600 | ---- | M] () -- C:\Users\chris2\AppData\Roaming\winscp.rnd
[2012.01.22 18:46:23 | 000,075,571 | ---- | M] () -- C:\Users\chris2\Desktop\Postal-v3.4.13.zip
[2012.01.21 13:32:35 | 000,008,209 | ---- | M] () -- C:\Users\chris2\Desktop\grooveshark_unlocker-1.0-fx.zip
[2012.01.19 23:56:42 | 000,000,881 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2012.01.16 11:36:38 | 000,314,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.15 13:18:23 | 000,000,999 | ---- | M] () -- C:\Users\chris2\Desktop\Microsoft Visual Studio 2010.lnk
[2012.01.13 22:05:05 | 000,075,562 | ---- | M] () -- C:\Users\chris2\Desktop\tagettes.zip
[2012.01.12 21:31:20 | 017,649,835 | ---- | M] () -- C:\Users\chris2\Desktop\gldemo_rock.zip
[2012.01.12 16:48:06 | 000,764,126 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 13:54:22 | 000,000,032 | ---- | M] () -- C:\Windows\a1b2c3.INI
[2012.01.07 15:59:14 | 000,001,086 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\DTLite.exe - Shortcut.lnk
[2012.01.07 15:49:12 | 001,556,992 | ---- | M] () -- C:\Windows\is-2S9V8.exe
[2012.01.07 15:49:12 | 000,021,031 | ---- | M] () -- C:\Windows\is-2S9V8.msg
[2012.01.07 15:49:12 | 000,000,788 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,331 | ---- | M] () -- C:\Windows\is-2S9V8.lst
[2012.01.06 13:36:12 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.03 16:50:07 | 000,001,136 | ---- | M] () -- C:\Users\chris2\Desktop\HWMonitor.exe.lnk
[2012.01.03 16:48:25 | 000,001,037 | ---- | M] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
 
========== Files Created - No Company Name ==========
 
[2012.01.27 13:16:24 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.01.27 10:56:31 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.01.27 00:50:28 | 107,838,303 | ---- | C] () -- C:\Users\chris2\Desktop\pmagic_2011_12_30.iso
[2012.01.26 21:09:36 | 000,000,000 | ---- | C] () -- C:\Users\chris2\defogger_reenable
[2012.01.26 21:08:02 | 000,050,477 | ---- | C] () -- C:\Users\chris2\Desktop\Defogger.exe
[2012.01.22 18:46:19 | 000,075,571 | ---- | C] () -- C:\Users\chris2\Desktop\Postal-v3.4.13.zip
[2012.01.21 13:32:35 | 000,008,209 | ---- | C] () -- C:\Users\chris2\Desktop\grooveshark_unlocker-1.0-fx.zip
[2012.01.15 13:18:23 | 000,000,999 | ---- | C] () -- C:\Users\chris2\Desktop\Microsoft Visual Studio 2010.lnk
[2012.01.13 22:05:05 | 000,075,562 | ---- | C] () -- C:\Users\chris2\Desktop\tagettes.zip
[2012.01.12 21:26:22 | 017,649,835 | ---- | C] () -- C:\Users\chris2\Desktop\gldemo_rock.zip
[2012.01.12 16:48:03 | 000,764,126 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.01.09 13:52:54 | 000,000,032 | ---- | C] () -- C:\Windows\a1b2c3.INI
[2012.01.07 15:59:14 | 000,001,086 | ---- | C] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\DTLite.exe - Shortcut.lnk
[2012.01.07 15:49:12 | 001,556,992 | ---- | C] () -- C:\Windows\is-2S9V8.exe
[2012.01.07 15:49:12 | 000,021,031 | ---- | C] () -- C:\Windows\is-2S9V8.msg
[2012.01.07 15:49:12 | 000,000,788 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,734 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.01.07 15:49:12 | 000,000,331 | ---- | C] () -- C:\Windows\is-2S9V8.lst
[2012.01.06 13:36:12 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.01.03 16:50:07 | 000,001,136 | ---- | C] () -- C:\Users\chris2\Desktop\HWMonitor.exe.lnk
[2012.01.03 16:48:25 | 000,001,037 | ---- | C] () -- C:\Users\chris2\Application Data\Microsoft\Internet Explorer\Quick Launch\notepad++.exe.lnk
[2011.11.02 16:01:51 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2011.10.19 19:12:17 | 000,000,600 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\winscp.rnd
[2011.08.04 12:57:59 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2011.08.04 12:54:51 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2011.07.22 19:43:21 | 000,001,470 | ---- | C] () -- C:\Users\chris2\AppData\Local\RecConfig.xml
[2011.04.18 21:45:35 | 000,046,790 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\room.dat
[2011.03.18 18:43:59 | 000,086,528 | ---- | C] () -- C:\Windows\bnetunin.exe
[2011.03.18 18:43:59 | 000,061,440 | ---- | C] () -- C:\Windows\diabunin.exe
[2010.12.13 23:04:46 | 000,001,063 | ---- | C] () -- C:\Users\chris2\AppData\Roaming\MPQEditor.ini
[2010.12.02 17:22:32 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.10.04 15:36:42 | 000,007,605 | ---- | C] () -- C:\Users\chris2\AppData\Local\Resmon.ResmonCfg
[2010.10.04 13:55:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.10.04 01:01:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.15 23:28:54 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.13 16:46:00 | 000,155,136 | ---- | C] () -- C:\Users\chris2\AppData\Local\lame_enc.dll
[2006.10.26 00:06:48 | 000,064,000 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbisenc.dll
[2006.10.26 00:06:48 | 000,019,456 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbisfile.dll
[2006.10.26 00:06:46 | 000,143,872 | ---- | C] () -- C:\Users\chris2\AppData\Local\vorbis.dll
[2006.10.26 00:06:36 | 000,015,872 | ---- | C] () -- C:\Users\chris2\AppData\Local\ogg.dll
[2005.08.23 21:34:06 | 000,029,184 | ---- | C] () -- C:\Users\chris2\AppData\Local\no23xwrapper.dll
[2004.03.30 21:47:44 | 000,049,152 | ---- | C] () -- C:\Windows\SysWow64\nl_msgs.dll
[2004.03.30 21:47:41 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\nl_msgc.dll
[2000.05.20 16:23:48 | 000,086,016 | ---- | C] () -- C:\Windows\StartupMonitor.exe
 
========== LOP Check ==========
 
[2011.04.15 23:14:01 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\.minecraft
[2010.12.17 23:34:07 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Amazon
[2012.01.07 15:49:16 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Canneverbe Limited
[2011.12.07 21:26:32 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Canon
[2011.11.12 13:28:19 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\DAEMON Tools Lite
[2011.04.27 21:26:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Dev-Cpp
[2012.01.24 08:26:53 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\foobar2000
[2011.05.30 01:05:24 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\gtk-2.0
[2012.01.26 13:51:58 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\ICQ
[2010.10.04 15:47:49 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\ICQLite
[2010.10.08 20:53:19 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\LockTime
[2011.10.31 00:32:52 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\LolClient
[2010.10.04 16:10:07 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Miranda
[2011.10.31 16:13:10 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Notepad++
[2010.12.07 16:55:12 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\OpenOffice.org
[2010.10.04 01:51:54 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Opera
[2010.10.24 00:54:08 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\RayV
[2010.12.08 13:34:43 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Subversion
[2010.12.07 22:39:03 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\syntevo
[2011.10.09 11:43:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Thinstall
[2010.10.04 13:55:11 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Thunderbird
[2011.11.06 01:42:30 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\VBA-M
[2010.11.30 19:12:39 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\wsIRC
[2010.10.05 21:35:41 | 000,000,000 | ---D | M] -- C:\Users\chris2\AppData\Roaming\Youtube Downloader HD
[2011.11.30 13:28:37 | 000,032,608 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Extras.txt:
OTL Logfile:
Code:
OTL Extras logfile created on: 27.01.2012 13:29:21 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\chris2\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 3,47 Gb Available Physical Memory | 87,43% Memory free
7,93 Gb Paging File | 7,45 Gb Available in Paging File | 93,95% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 40,00 Gb Total Space | 13,02 Gb Free Space | 32,55% Space Free | Partition Type: NTFS
Drive E: | 226,38 Gb Total Space | 79,69 Gb Free Space | 35,20% Space Free | Partition Type: NTFS
Drive G: | 40,00 Gb Total Space | 26,33 Gb Free Space | 65,82% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOLEON | User Name: chris2 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- E:\Programme\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- E:\Programme\Opera\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
https [open] -- "E:\Programme\Opera\opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{034106B5-54B7-467F-B477-5B7DBB492624}" = Microsoft Sync Framework Services v1.0 SP1 (x64)
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4808" = CanoScan 5600F Scanner Driver
"{1AB7EDC5-D891-34C5-9FF1-BE6A85ACC44B}" = Microsoft Team Foundation Server 2010 Object Model - ENU
"{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64)
"{1DABE61D-DE02-4404-939A-925C202B3721}" = Oracle VM VirtualBox 4.0.10
"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5D068141-189F-39E2-A052-E40D4B561256}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{64A3A4F4-B792-11D6-A78A-00B0D0160220}" = Java(TM) SE Development Kit 6 Update 22 (64-bit)
"{662014D2-0450-37ED-ABAE-157C88127BEB}" = Visual Studio 2010 Prerequisites - English
"{69D65833-4A83-267A-7DB4-9FCBBE72675D}" = ATI Catalyst Install Manager
"{8438EC02-B8A9-462D-AC72-1B521349C001}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{A269F383-3E55-DAFF-F948-655FDB3DB58A}" = ccc-utility64
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Team Foundation Server 2010 Object Model - ENU" = Microsoft Team Foundation Server 2010 Object Model - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"nbi-nb-base-7.0.0.0.0" = NetBeans IDE 7.0
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Windows Aero (Tahoma Font)_is1" = Windows Aero (Tahoma Font)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}" = Microsoft Sync Framework SDK v1.0 SP1
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15353551-375C-8E5A-5CAF-A4564C1CC2A5}" = ccc-core-static
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{289338AE-2213-4509-AED2-450414C1260C}_is1" = ICQ Update Patch 1.7
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{485B9C29-6B47-22AF-022A-F9D65292F3A7}" = CCC Help English
"{4893B2BB-5C9B-7E6C-4BAD-BDFBAB33184A}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{5725E5CA-A91D-C903-99DB-F8C010E0B637}" = Catalyst Control Center InstallProxy
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6BB3D375-1CFC-4E8A-86F9-CC0D7C2AE15B}" = SmartSVN 6.6
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{716DF934-6FDC-47E8-879A-4AD63BFF02F9}" = PHOTORECOVERY for Digital Media DEMO
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{76EFAC4F-1712-401F-B2AE-590B170C9BCE}" = StartupMonitor
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92083A9A-549D-4057-88E8-223EA08563FA}" = Cisco AnyConnect VPN Client
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB7D24EC-BB5A-E746-C5D2-526BBE6C36AD}" = Catalyst Control Center Graphics Previews Vista
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{ACCEB7C3-4F3A-4C43-93CA-644951D08B0D}" = TortoiseSVN 1.6.12.20536 (32 bit)
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0CE053E-0E5E-4C12-9BAE-D0F36021E911}" = POV-Ray for Windows v3.62
"{D6B15AE6-B052-363E-B6BB-C4714CBA6509}" = Microsoft Visual Studio 2010 Professional - ENU
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Battle.net" = Battle.net
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Diablo" = Diablo
"Fraps" = Fraps (remove only)
"ghsw.info-ams_is1" = ghsw.info Inventarverwaltung 1.1.4
"GOM Player" = GOM Player
"GomTVStreamer" = GOMTV Streamer
"GSview 4.9" = GSview 4.9
"HEXwrite_is1" = HEXwrite
"hon" = Heroes of Newerth
"ICQLite" = ICQ 5.1
"Kain 2" = Legacy of Kain: Soul Reaver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft Visual Studio 2010 Professional - ENU" = Microsoft Visual Studio 2010 Professional - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"MiKTeX 2.9" = MiKTeX 2.9
"Miranda IM" = Miranda IM 0.9.4
"Mozilla Firefox (3.6.25)" = Mozilla Firefox (3.6.25)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"MP Navigator EX 2.0" = Canon MP Navigator EX 2.0
"NClass_is1" = NClass 2.03
"NetLimiter" = NetLimiter 1.30 (remove only)
"Opera 11.60.1185" = Opera 11.60
"Puhbert's Quest Demo" = Puhbert's Quest Demo
"RayV" = DTVblizzcon
"Samsung ML-1640 Series" = Samsung ML-1640 Series
"SpeedFan" = SpeedFan (remove only)
"Stellar Phoenix Photo Recovery_is1" = Stellar Phoenix Photo Recovery
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.3.5
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"xampp" = XAMPP 1.7.4
"XN Resource Editor_is1" = XNResourceEditor 3.0.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BorderLayoutDemo" = BorderLayoutDemo
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
"MiG Calendar Demo" = MiG Calendar Demo
"MiG Layout Swing Demo Application" = MiG Layout Swing Demo Application
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2012 13:01:08 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 12.01.2012 13:01:08 | Computer Name = laptoleon | Source = .NET Runtime Optimization Service | ID = 1101
Description =
 
Error - 22.01.2012 18:06:48 | Computer Name = laptoleon | Source = Application Error | ID = 1000
Description = Faulting application name: VirtualBox.exe, version: 4.0.10.0, time
 stamp: 0x4e048ba3  Faulting module name: QtCoreVBox4.dll, version: 4.4.3.0, time
stamp: 0x49d69ee1  Exception code: 0x80000001  Fault offset: 0x00000000001b4f25  Faulting
 process id: 0xd00  Faulting application start time: 0x01ccd951dcc9534f  Faulting application
 path: E:\Programme\Oracle\VirtualBox\VirtualBox.exe  Faulting module path: E:\Programme\Oracle\VirtualBox\QtCoreVBox4.dll
Report
 Id: 6083ddab-4545-11e1-9edf-0024540612a2
 
Error - 22.01.2012 18:07:52 | Computer Name = laptoleon | Source = Application Hang | ID = 1002
Description = The program VirtualBox.exe version 4.0.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: fdc    Start
 Time: 01ccd951e281f683    Termination Time: 10    Application Path: E:\PROGRA~1\Oracle\VIRTUA~1\VirtualBox.exe

Report
 Id: 85571a89-4545-11e1-9edf-0024540612a2 
 
Error - 22.01.2012 18:07:57 | Computer Name = laptoleon | Source = Application Hang | ID = 1002
Description = The program VirtualBox.exe version 4.0.10.0 stopped interacting with
 Windows and was closed. To see if more information about the problem is available,
 check the problem history in the Action Center control panel.    Process ID: d00    Start
 Time: 01ccd951dcc9534f    Termination Time: 3    Application Path: E:\Programme\Oracle\VirtualBox\VirtualBox.exe

Report
 Id: 8890e449-4545-11e1-9edf-0024540612a2 
 
Error - 26.01.2012 15:57:17 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 8316. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
Error - 26.01.2012 15:57:17 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
 failed. The first DWORD i%1n the Data section contains the error code.
 
Error - 26.01.2012 15:57:20 | Computer Name = laptoleon | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = The performance counter name string value in the registry is not formatted
 correctly. The malformed string is 8316. The first DWORD in the Data section contains
 the index value to the malformed string while the second and third DWORDs in the
 Data section contain the last valid index values.
 
Error - 26.01.2012 16:14:40 | Computer Name = laptoleon | Source = System Restore | ID = 8193
Description =
 
Error - 27.01.2012 07:48:39 | Computer Name = laptoleon | Source = System Restore | ID = 8193
Description =
 
[ Cisco AnyConnect VPN Client Events ]
Error - 25.01.2012 09:52:09 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::writeIpc File: .\IPC\IPCDepot.cpp Line: 596 Invoked
 Function: CIpcTransport::writeIpc Return Code: -31522805 (0xFE1F000B) Description:
 SOCKETTRANSPORT_ERROR_WRITE
 
Error - 25.01.2012 09:52:09 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CVpnMgr::OnTunnelStateChange File: .\VpnMgr.cpp Line: 4135
Invoked
 Function: CVpnMgr::sendStateTlv Return Code: -31522805 (0xFE1F000B) Description:
SOCKETTRANSPORT_ERROR_WRITE
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1257 Invoked Function: WSAGetOverlappedResult Return Code: 10054 (0x00002746) Description:
 An existing connection was forcibly closed by the remote host. 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::callbackHandler File: .\IPC\SocketTransport.cpp
Line:
 1258 Invoked Function: WSARecv/WSARecvFrom Return Code: 0 (0x00000000) Description:
 unknown
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::OnSocketReadComplete File: .\IPC\IPCTransport.cpp
Line:
 823 Invoked Function: CSocketTransport::readSocket Return Code: -31522801 (0xFE1F000F)
Description:
 SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcDepot::OnIpcMessageReceived File: .\IPC\IPCDepot.cpp Line:
 811 Invoked Function: CIpcTransport::OnSocketReadComplete Return Code: -31522801
(0xFE1F000F) Description: SOCKETTRANSPORT_ERROR_TRANSPORT_FAILURE
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CTcpTransport::writeSocketBlocking File: .\IPC\SocketTransport.cpp
Line:
 1644 Invoked Function: WSASend Return Code: 10054 (0x00002746) Description: An existing
 connection was forcibly closed by the remote host. 
 
Error - 25.01.2012 13:31:11 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: CIpcTransport::terminateIpcConnection File: .\IPC\IPCTransport.cpp
Line:
 385 Invoked Function: CSocketTransport::writeSocketBlocking Return Code: -31522805
 (0xFE1F000B) Description: SOCKETTRANSPORT_ERROR_WRITE
 
Error - 25.01.2012 13:31:14 | Computer Name = laptoleon | Source = vpnagent | ID = 67110873
Description = Termination reason code 5: The user is logging off the system.
 
Error - 25.01.2012 13:31:14 | Computer Name = laptoleon | Source = vpnagent | ID = 67108866
Description = Function: RestoreProxySettingsToBrowser File: .\BrowserProxy.cpp Line:
 1040 Invoked Function: DeleteFile Return Code: 2 (0x00000002) Description: The system
 cannot find the file specified. 
 
[ System Events ]
Error - 27.01.2012 08:20:11 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:24:51 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:24:51 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:24:51 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:27:17 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:27:17 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:27:17 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:31:59 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:31:59 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
Error - 27.01.2012 08:31:59 | Computer Name = laptoleon | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
 to start because of the following error:  %%1068
 
 
< End of report >

kira 29.01.2012 05:58
1.
im Normalen Modus bitte laufen lassen!

** Update Malwarebytes Anti-Malware, lass es nochmal anhand der folgenden Anleitung laufen:
  • per Doppelklick starten.
  • gleich mal die Datenbanken zu aktualisieren - online updaten
  • Vollständiger Suchlauf wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • alle Funde bis auf - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
e

Bananaphone 29.01.2012 13:34
Hier der Bericht vom Suchlauf im Normalen Modus:

Code:
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
chris2 :: LAPTOLEON [Administrator]

29.01.2012 11:26:27
mbam-log-2012-01-29 (11-26-27).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 525262
Laufzeit: 1 Stunde(n), 49 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

kira 30.01.2012 09:14
1.
Neue Version bitte installieren:
Zitat:
Mozilla Firefox (3.6.25)
2.
Deine Javaversion ist nicht aktuell!
→ Downloade nun die Offline-Version von Java Version 6 Update 30 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

3.
reinige dein System mit CCleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

4.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

5.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

6.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

Bananaphone 31.01.2012 10:52
Firefox und Java hab ich jetzt geupdatet, CCleaner ist mal durchgelaufen.
SuperAntiSpyware hat einiges Zeugs gefunden, schätze mal, dass das schon ne kleinere Zeit auf dem Rechner war. Eset hat auch noch bisschen was gefunden. Zum Glück hat aber keiner über meine USB Sticks gemeckert
Mein Rechner verhält sich allerdings seit ich Malwarebytes durchlaufen lassen habe wie vor der Sache.

Hier die logs:
SUPERAntiSpyware:
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/30/2012 at 06:12 PM

Application Version : 5.0.1142

Core Rules Database Version : 8178
Trace Rules Database Version: 5990

Scan type      : Complete Scan
Total Scan Time : 01:40:21

Operating System Information
Windows 7 Professional 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned      : 727
Memory threats detected  : 0
Registry items scanned    : 42727
Registry threats detected : 0
File items scanned        : 125025
File threats detected    : 26

Adware.Tracking Cookie
        C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Cookies\P53VOWDQ.txt [ /c.atdmt.com ]
        C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Cookies\DGAVHQ3F.txt [ /atdmt.com ]
        C:\Users\chris2\AppData\Roaming\Microsoft\Windows\Cookies\1EDAU00N.txt [ /doubleclick.net ]
        C:\USERS\CHRIS2\Cookies\P53VOWDQ.txt [ Cookie:chris2@c.atdmt.com/ ]
        C:\USERS\CHRIS2\Cookies\1EDAU00N.txt [ Cookie:chris2@doubleclick.net/ ]
        cdn2.themis-media.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
        ia.media-imdb.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
        media.scanscout.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
        media.xfire.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
        objects.tremormedia.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
        s0.2mdn.net [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]
        secure-us.imrworldwide.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\3B4PDKLW ]       
        .apmebf.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
        .burstnet.com [ G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\ZQE9441C.DEFAULT\COOKIES.SQLITE ]
        G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\COOKIES\CHRIS2@AT.ATWOLA[1].TXT [ /AT.ATWOLA ]
        G:\DOKUMENTE UND EINSTELLUNGEN\CHRIS2\COOKIES\CHRIS2@ATDMT[2].TXT [ /ATDMT ]

PotentiallyUnwanted.CNETInstaller
        E:\ALTEDESKS\JAN12\CNET_TWEAKSLOGON_ZIP.EXE

Trojan.Agent/Gen-MSFake
        E:\ALTEDESKS\JUL11\SC2CHATCLOUDV0.3\SC2 CHATCLOUD.EXE
        ZIP ARCHIVE( E:\ALTEDESKS\JUL11\SC2CHATCLOUDV0.3.ZIP )/SC2 CHATCLOUD.EXE
        E:\ALTEDESKS\JUL11\SC2CHATCLOUDV0.3.ZIP

Trojan.Agent/Gen-Cryptor[Egun]
        E:\PROGRAMME\FUNKTION V1.18\FUNKTION-07.EXE
        E:\PROGRAMME\FUNKTION V1.18\FUNKTION.EXE
--- --- ---

ESET:
Code:
E:\stud-ip4\bs\gcc-4.6.0.tar.gz        Archbomb.ZIP Trojaner        gelöscht - in Quarantäne kopiert
G:\Dokumente und Einstellungen\Chris2\Lokale Einstellungen\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\4980\icq_update_patch.zip        Win32/Adware.ADON Anwendung        gelöscht - in Quarantäne kopiert
G:\Dokumente und Einstellungen\Chris2\Lokale Einstellungen\Temp\OCS\Downloads\7359c314ded3778c6ecc815e86a1b6f3\4980\icq_update_patch\ICQ Update Patch 1.6 Setup.exe        Win32/Adware.ADON Anwendung        gelöscht - in Quarantäne kopiert

kira 31.01.2012 16:01
► Wenn Du keine Probleme mehr hast, können wir damit dann Deinen Thread schließen?

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
CCleaner
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes:
Alle Systemwiederherstellungspunkte löschen, auch den Letzten

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern (man sollte alle 3-4 Monate machen)
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

5.
► für Windows Updates ziehen:-> - Microsoft Update hält Ihren Computer auf dem neuesten Stand!
Internet Explorer Version 9 ist aktuell!!
Software wie Betriebssysteme, Browser und E-Mail Clients werden laufend weiterentwickelt. Gleichzeitig arbeiten jedoch auch Hacker daran, ständig neue Sicherheitslücken zu finden und auszunutzen. Was heute noch keine Schlupflücke für Viren und Würmer ist, kann morgen bereits zur Gefahr werden, wenn der entsprechende Schädling programmiert wurde. Das führt dazu, dass es relativ häufig zu Meldungen über neue Sicherheitsanfälligkeiten kommt, auch wenn diese noch nicht durch Hacker entdeckt wurden. Denn selbstverständlich suchen auch Sicherheitsspezialisten nach potenziellen Angriffsmöglichkeiten. Updates der Softwareentwickler sorgen dafür, dass der User immer die aktuellste und sicherste Version des Betriebssystems und der installierten Software nutzen kann.

Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen;)) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen;)
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute:)

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira

Bananaphone 31.01.2012 19:36
Hi,

humm, ja ich denke mal schon, scheint ja halbwegs gut gegangen zu sein.
Deine neue Liste werde ich noch abarbeiten, in diesem Sinne bedanke ich mich vielmals für deine Hilfe :)

Mfg, bananaphone


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131