Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Fehlercode 0x80070424 (https://www.trojaner-board.de/112625-fehlercode-0x80070424.html)

gedankenlust 29.03.2012 20:46
Fehlercode 0x80070424
 
Hallo,

bin neu hier und habe keine möglichkeit bei einen bereits bekannten thread was zu posten. gezwungenermaßen erstelle ich ein neues thema.

meine windows firewall streikt ebenso wie bei donnico91 und kosch1

ich hatte vor kurzen einen trojaner drauf und mein virenprogramm hat es gelöscht. (microsoft security essentials)

"C:\Windows\System32\consrv.dll" genau diese datei wie bei kosch1 habe ich entfernt.

vielleicht bekommen wir alle 3 das problem im griff.


gedankenlust

gedankenlust 29.03.2012 23:08
als anhang noch die beiden

markusg 30.03.2012 09:18
hi,
1. nutzt du den pc für onlinebanking, einkäufe, sonstige zahlungsabwicklungen, oder ähnlich wichtiges, wie berufliches?
2.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

gedankenlust 30.03.2012 15:04
OTL Logfile:
Code:
OTL logfile created on: 30.03.2012 15:56:54 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Sky\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 73,50% Memory free
15,96 Gb Paging File | 13,54 Gb Available in Paging File | 84,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 26,75 Gb Free Space | 18,57% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 34,63 Gb Free Space | 24,65% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 0,13 Gb Free Space | 1,70% Space Free | Partition Type: FAT32
 
Computer Name: SKY-PC | User Name: Sky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.03.30 15:53:22 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sky\Downloads\OTL.exe
PRC - [2012.03.21 17:28:32 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.03.18 16:59:24 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.02.17 12:13:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.17 02:15:48 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.12.20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.12.20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.06.10 11:16:26 | 000,226,576 | ---- | M] (PCTV Systems S.à r.l.) -- C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\remoterm.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.03.29 16:22:30 | 008,797,344 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll
MOD - [2012.03.21 17:28:32 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.03.21 17:28:31 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.03.21 17:28:31 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.03.21 17:28:31 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.03.21 17:28:31 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.03.18 16:59:24 | 001,969,080 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.12.16 00:38:21 | 002,895,696 | -HS- | M] () -- \\?\C:\ProgramData\Microsoft\PlayReady\Cache\S-1-5-21-933882367-759515471-3847377126-1000\MSPRindiv01.key
MOD - [2011.10.15 01:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.04.27 18:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 18:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.03.29 16:22:31 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.21 17:28:32 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.17 12:13:34 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 01:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.12.20 19:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010.12.20 19:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.06 23:09:27 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech HD Webcam C270(UVC)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012.01.17 14:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.10 08:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.02 11:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 11:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.04.27 16:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.19 11:23:10 | 001,077,840 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mod7700.sys -- (mod7700)
DRV:64bit: - [2010.11.19 11:23:10 | 000,024,272 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\modrc.sys -- (MODRC)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009.08.24 10:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 26 DB B9 19 64 BB CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_228.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Sky\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Sky\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.03.18 16:59:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.14 10:03:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: d:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.04 05:59:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Plugins: d:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: D:\Program Files (x86)\Mozilla Thunderbird\components [2012.01.04 05:59:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Plugins: D:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.12.15 22:04:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sky\AppData\Roaming\mozilla\Extensions
[2012.03.16 09:30:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sky\AppData\Roaming\mozilla\Firefox\Profiles\m8ahsyic.default\extensions
[2011.12.28 22:33:49 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sky\AppData\Roaming\mozilla\Firefox\Profiles\m8ahsyic.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.03.16 09:30:54 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Sky\AppData\Roaming\mozilla\Firefox\Profiles\m8ahsyic.default\extensions\firefox@ghostery.com
[2011.12.19 17:44:12 | 000,000,933 | ---- | M] () -- C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\m8ahsyic.default\searchplugins\11-suche.xml
[2011.12.19 17:44:12 | 000,002,419 | ---- | M] () -- C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\m8ahsyic.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 17:44:12 | 000,010,525 | ---- | M] () -- C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\m8ahsyic.default\searchplugins\gmx-suche.xml
[2011.12.19 17:44:12 | 000,002,457 | ---- | M] () -- C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\m8ahsyic.default\searchplugins\lastminute.xml
[2011.12.19 17:44:12 | 000,005,508 | ---- | M] () -- C:\Users\Sky\AppData\Roaming\Mozilla\Firefox\Profiles\m8ahsyic.default\searchplugins\webde-suche.xml
[2012.01.02 02:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.12.21 21:02:43 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
() (No name found) -- C:\USERS\SKY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M8AHSYIC.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SKY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M8AHSYIC.DEFAULT\EXTENSIONS\HYPEM@DOWNLOADER.COM.XPI
[2012.03.18 16:59:24 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.26 20:49:56 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.01.02 02:43:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.02 02:43:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.02 02:43:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.18 15:11:56 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.01.02 02:43:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 02:43:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 02:43:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Sky\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [RemoTerm.exe] C:\Program Files (x86)\Common Files\PCTV Systems\RemoTerm\RemoTerm.exe (PCTV Systems S.à r.l.)
O4 - HKCU..\Run: [RGSC] D:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.202
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3753424A-9850-4E0D-9B85-2F14FBB2941A}: DhcpNameServer = 192.168.1.202
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.29 15:57:20 | 000,000,000 | ---D | C] -- C:\Users\Sky\Desktop\GAMEZ
[2012.03.28 22:48:37 | 000,000,000 | -HSD | C] -- C:\Users\Sky\AppData\Local\d0fdfecc
[2012.03.17 22:58:41 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Local\Spotify
[2012.03.17 22:58:36 | 000,000,000 | ---D | C] -- C:\Users\Sky\AppData\Roaming\Spotify
[2012.03.09 15:04:41 | 000,000,000 | ---D | C] -- C:\Users\Sky\Desktop\ntd hype
[2012.02.29 17:07:46 | 000,000,000 | ---D | C] -- C:\Users\Sky\Documents\Star Wars - The Old Republic
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.30 15:41:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933882367-759515471-3847377126-1000UA.job
[2012.03.30 15:22:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.30 15:04:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.30 12:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-933882367-759515471-3847377126-1000Core.job
[2012.03.30 12:03:07 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 12:03:07 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.30 12:01:56 | 001,619,868 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.30 12:01:56 | 000,698,932 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.30 12:01:56 | 000,654,250 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.30 12:01:56 | 000,149,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.30 12:01:56 | 000,122,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.30 11:56:05 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.30 11:55:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.30 11:55:43 | 2132,725,759 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.30 00:00:43 | 000,000,168 | ---- | M] () -- C:\Users\Sky\defogger_reenable
[2012.03.29 22:58:54 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.03.29 22:58:54 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.29 22:58:46 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.03.29 17:30:56 | 000,838,254 | ---- | M] () -- C:\Users\Sky\AppData\Local\census.cache
[2012.03.29 17:30:48 | 000,110,305 | ---- | M] () -- C:\Users\Sky\AppData\Local\ars.cache
[2012.03.29 17:23:17 | 000,000,036 | ---- | M] () -- C:\Users\Sky\AppData\Local\housecall.guid.cache
[2012.03.28 15:27:34 | 001,831,706 | ---- | M] () -- C:\Users\Sky\Desktop\ffff.MP3
[2012.03.21 17:37:08 | 001,596,826 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.17 22:58:41 | 000,001,764 | ---- | M] () -- C:\Users\Sky\Desktop\Spotify.lnk
[2012.03.16 14:51:50 | 000,001,903 | ---- | M] () -- C:\Users\Sky\Desktop\gggg.pls
[2012.03.16 14:38:07 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.03.16 14:24:11 | 000,235,126 | ---- | M] () -- C:\Users\Sky\Desktop\rocckk.MMM
[2012.03.16 14:06:21 | 004,610,090 | ---- | M] () -- C:\Users\Sky\Desktop\funkiesworld.MP3
[2012.03.16 13:47:53 | 000,350,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.29 21:21:24 | 000,042,392 | ---- | M] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.02.29 21:21:24 | 000,028,056 | ---- | M] () -- C:\Windows\SysNative\xfcodec64.dll
 
========== Files Created - No Company Name ==========
 
[2012.03.30 00:00:43 | 000,000,168 | ---- | C] () -- C:\Users\Sky\defogger_reenable
[2012.03.29 17:30:56 | 000,838,254 | ---- | C] () -- C:\Users\Sky\AppData\Local\census.cache
[2012.03.29 17:30:48 | 000,110,305 | ---- | C] () -- C:\Users\Sky\AppData\Local\ars.cache
[2012.03.29 17:23:17 | 000,000,036 | ---- | C] () -- C:\Users\Sky\AppData\Local\housecall.guid.cache
[2012.03.28 22:49:26 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.03.28 15:27:33 | 001,831,706 | ---- | C] () -- C:\Users\Sky\Desktop\ffff.MP3
[2012.03.17 22:58:41 | 000,001,764 | ---- | C] () -- C:\Users\Sky\Desktop\Spotify.lnk
[2012.03.17 22:58:41 | 000,001,750 | ---- | C] () -- C:\Users\Sky\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2012.03.16 14:51:47 | 000,001,903 | ---- | C] () -- C:\Users\Sky\Desktop\gggg.pls
[2012.03.16 14:24:11 | 000,235,126 | ---- | C] () -- C:\Users\Sky\Desktop\rocckk.MMM
[2012.03.16 14:06:19 | 004,610,090 | ---- | C] () -- C:\Users\Sky\Desktop\funkiesworld.MP3
[2012.02.29 21:21:24 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2012.02.29 21:21:24 | 000,028,056 | ---- | C] () -- C:\Windows\SysNative\xfcodec64.dll
[2012.01.22 22:39:00 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mgxasio2.dll
[2012.01.22 22:38:40 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.01.22 22:37:25 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.16 19:02:53 | 000,003,584 | ---- | C] () -- C:\Users\Sky\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.05 11:40:15 | 000,007,601 | ---- | C] () -- C:\Users\Sky\AppData\Local\Resmon.ResmonCfg
[2011.12.16 18:10:42 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.16 18:10:40 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.15 21:57:08 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.12.15 21:57:00 | 000,026,959 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.12.15 21:53:50 | 001,596,826 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.10.15 01:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.04.09 19:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2012.02.18 22:04:43 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\COWON
[2012.02.06 23:08:29 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\DAEMON Tools Lite
[2012.01.16 18:34:03 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\DesktopIconForAmazon
[2011.12.16 14:15:37 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Leadertech
[2012.01.15 15:51:57 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\LolClient
[2012.02.16 19:41:33 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\MAGIX
[2011.12.20 00:59:03 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Need for Speed World
[2011.12.16 17:34:49 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Origin
[2012.01.30 00:46:01 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Sinvise Systems
[2011.12.17 00:17:22 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\SplitMediaLabs
[2012.03.28 22:56:30 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Spotify
[2012.01.04 05:59:36 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Thunderbird
[2012.01.30 17:39:46 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\TS3Client
[2012.01.29 12:06:16 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\ts3overlay
[2011.12.25 18:39:35 | 000,000,000 | ---D | M] -- C:\Users\Sky\AppData\Roaming\Unity
[2012.03.30 12:41:00 | 000,000,898 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-933882367-759515471-3847377126-1000Core.job
[2012.03.30 15:41:00 | 000,000,920 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-933882367-759515471-3847377126-1000UA.job
[2012.03.29 15:22:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2011.12.15 21:47:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.12.16 04:17:01 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.06.22 21:52:20 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.04.05 14:11:54 | 000,000,000 | -HSD | M] -- C:\found.000
[2008.03.28 20:12:56 | 000,000,000 | ---D | M] -- C:\Intel
[2008.03.28 20:45:25 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.12.16 19:32:53 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2012.01.30 00:46:01 | 000,000,000 | ---D | M] -- C:\Program Files
[2012.03.27 21:59:30 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.02.16 21:26:01 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.06.22 21:52:20 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.15 21:46:45 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.03.30 15:57:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.02.23 21:29:55 | 000,000,000 | R--D | M] -- C:\Users
[2012.03.15 21:25:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 05:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 05:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2012.03.30 00:00:43 | 000,000,168 | ---- | M] () -- C:\Users\Sky\defogger_reenable
[2012.03.30 16:01:07 | 002,097,152 | -HS- | M] () -- C:\Users\Sky\ntuser.dat
[2012.03.30 16:01:07 | 000,262,144 | -HS- | M] () -- C:\Users\Sky\ntuser.dat.LOG1
[2011.12.15 21:46:50 | 000,000,000 | -HS- | M] () -- C:\Users\Sky\ntuser.dat.LOG2
[2011.12.15 22:12:57 | 000,065,536 | -HS- | M] () -- C:\Users\Sky\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2011.12.15 22:12:57 | 000,524,288 | -HS- | M] () -- C:\Users\Sky\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2011.12.15 22:12:57 | 000,524,288 | -HS- | M] () -- C:\Users\Sky\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.01.30 01:32:10 | 000,065,536 | -HS- | M] () -- C:\Users\Sky\ntuser.dat{9871aaa6-4a5f-11e1-9e7f-14dae9ebeca0}.TM.blf
[2012.01.30 01:32:10 | 000,524,288 | -HS- | M] () -- C:\Users\Sky\ntuser.dat{9871aaa6-4a5f-11e1-9e7f-14dae9ebeca0}.TMContainer00000000000000000001.regtrans-ms
[2012.01.30 01:32:10 | 000,524,288 | -HS- | M] () -- C:\Users\Sky\ntuser.dat{9871aaa6-4a5f-11e1-9e7f-14dae9ebeca0}.TMContainer00000000000000000002.regtrans-ms
[2011.12.15 21:46:50 | 000,000,020 | -HS- | M] () -- C:\Users\Sky\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 877 bytes -> C:\Users\Sky\Desktop\C261129605 Re  Paket wechseln.eml:OECustomProperty

< End of report >
--- --- ---



OTL Logfile:
Code:
OTL Extras logfile created on: 30.03.2012 15:56:54 - Run 1
OTL by OldTimer - Version 3.2.39.2    Folder = C:\Users\Sky\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,87 Gb Available Physical Memory | 73,50% Memory free
15,96 Gb Paging File | 13,54 Gb Available in Paging File | 84,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 144,04 Gb Total Space | 26,75 Gb Free Space | 18,57% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 34,63 Gb Free Space | 24,65% Space Free | Partition Type: NTFS
Drive H: | 7,45 Gb Total Space | 0,13 Gb Free Space | 1,70% Space Free | Partition Type: FAT32
 
Computer Name: SKY-PC | User Name: Sky | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "d:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B1BBEE3-C10D-44BE-A6BE-EEC867315F87}" = Shutdown Timer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{18F703C3-32EC-4E5C-BC3C-C1BD72D35F5B}" = TVCenter
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 295.73
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0209
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EA6CA8CA-11B1-4240-BBA3-E624955F0C39}" = Image Resizer for Windows (64 bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0f571b70-6401-48cd-945d-45e2e8b559f8}" = Image Resizer for Windows
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{23D41E39-79E7-4029-81CD-F23E6F3B9364}" = MAGIX Music Maker MX Premium
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{39930321-4C58-4B8B-BCBF-342698C9801D}" = Max Payne
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4EAE665D-957A-4D04-9679-3AD582008877}" = NVIDIA PhysX
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6E36A172-06FB-4BC8-B7FC-D30D219E6776}" = Tom Clancy's H.A.W.X
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C684A01-7F9C-40E7-AF94-BFE24BC89C97}" = XSplit
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AF99669B-C6DC-43C4-8523-6758C01731BD}" = MAGIX Speed burnR (MSI)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}" = The Matrix - Path of Neo
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{FB2CB440-BE28-4BF2-BB7A-A98383324356}" = MAGIX Screenshare
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"5513-1208-7298-9440" = JDownloader 0.9
"Battlelog Web Plugins" = Battlelog Web Plugins
"Company of Heroes" = Company of Heroes
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.70
"HQ-CoH.com" = HQ-CoH.com Sprachpaket
"MAGIX_MSI_mm18dlx" = MAGIX Music Maker MX Premium
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"Mozilla Thunderbird 9.0.1 (x86 de)" = Mozilla Thunderbird 9.0.1 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 35450" = Red Orchestra 2: Heroes of Stalingrad
"VLC media player" = VLC media player 1.1.11
"Winamp" = Winamp
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Thunderbird 10.0.2 (x86 de)" = Mozilla Thunderbird 10.0.2 (x86 de)
"Spotify" = Spotify
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 26.03.2012 10:17:08 | Computer Name = Sky-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 27.03.2012 10:09:03 | Computer Name = Sky-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 28.03.2012 06:34:57 | Computer Name = Sky-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 28.03.2012 09:07:02 | Computer Name = Sky-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 28.03.2012 09:07:45 | Computer Name = Sky-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 29.03.2012 09:23:52 | Computer Name = Sky-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 29.03.2012 14:41:41 | Computer Name = Sky-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 30.03.2012 05:57:33 | Computer Name = Sky-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 30.03.2012 08:13:25 | Computer Name = Sky-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
 oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
 in Zeile 2.  Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
 
Error - 30.03.2012 08:14:13 | Computer Name = Sky-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
[ System Events ]
Error - 29.03.2012 09:22:29 | Computer Name = Sky-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 29.03.2012 09:33:40 | Computer Name = Sky-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%858
 
Error - 29.03.2012 14:40:06 | Computer Name = Sky-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 29.03.2012 14:40:06 | Computer Name = Sky-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 29.03.2012 14:40:10 | Computer Name = Sky-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 29.03.2012 14:40:19 | Computer Name = Sky-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
Error - 30.03.2012 05:56:01 | Computer Name = Sky-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IKE- und AuthIP IPsec-Schlüsselerstellungsmodule" ist
von folgendem Dienst abhängig: BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 30.03.2012 05:56:01 | Computer Name = Sky-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "IPsec-Richtlinien-Agent" ist von folgendem Dienst abhängig:
 BFE. Dieser Dienst ist eventuell nicht installiert.
 
Error - 30.03.2012 05:56:04 | Computer Name = Sky-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Computerbrowser" wurde mit folgendem Fehler beendet:  %%1060
 
Error - 30.03.2012 05:56:12 | Computer Name = Sky-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion.    Funktion: %%835    Fehlercode:
0x80004005    Fehlerbeschreibung: Unbekannter Fehler      Ursache: %%842
 
 
< End of report >
--- --- ---


hallo,

erstmal danke für die schnelle antwort. für online banking, pay pal, ebay nutze ich mein rechner auch. habe aber seitdem ich das problem habe nichts von dem angerührt.

gedankenlust

markusg 30.03.2012 15:10
bank bitte anrufen, notfall nummer:
116 116
banking wegen zero access rootkit sperren lassen.
der pc muss neu aufgesetzt und dann abgesichert werden
1. Datenrettung:2. Formatieren, Windows neuinstallieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

gedankenlust 30.03.2012 15:17
bitte was? ich habe angst. was habe ich denn für probleme bzw virus?

markusg 30.03.2012 15:18
war ja nicht so schwierig zu verstehen oder.
steht ja alles soweit da :-)

gedankenlust 30.03.2012 15:28
also, meine daten habe ich eh meist auf der externen festplatte. aber wie man formatiert weiß ich nicht ganz genau. ich kenn das noch aus der schule mit den dos system und format c,...oder so.

pc zusammen gestellt. windows 7 64 bit cd vorhanden.



passwörter kann ich doch erst ändern wenn mein rechner sauber ist, richtig?

das mit autorun verstehe ich nicht ganz?

gedankenlust

markusg 30.03.2012 16:46
genau, passwörter endweder von nem zweit pc aus endern oder wenn er eu instaliert ist.
was genau verstehst du bei autorun nicht, da gibts ja mehrere methoden die du nutzen kannst.
versuch folgendes:
start ausführen
services.msc
enter
shellhardware erkennung, rechtsklick, starttyp deaktiviert, neustart.
dann los legen mit der sicherung.
wenn fertig, sag ich dir wie du formatierst etc.


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132