Trojaner-Board - Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt (https://www.trojaner-board.de/109578-windows-security-center-achtung-computer-wurde-gesperrt.html)

Hatte auch --> Windows Security Center Achtung! Ihr Computer wurde gesperrt

Hallo an alle, über Google stolperte ich über euer Forum nachdem mein Rechner auch das "Windows Security Center Achtung! Ihr Computer wurde gesperrt " hatte. War gestern als das Problem beim surfen im Internet auftrat, Google Bildersuche. Wie bei den von anderen Usern beschrieben, ging auch bei mir nichts. Über Tastatur fuhr ich den Rechner runter (habe da eine Taste mit der das geht). Nach Rechner Neustart war das bekannte Problem wieder da. Bin dann im gesicherten Modus rein, habe dann mit Hilfe von Systemwiederherstellung das Problem beheben können.
Mit Avira im Anschluss kompletten Scan gemacht. 9 Funde, aber nur 5 wurden mit Name angezeigt, die dann in die Quarantäne wanderten.

EXP/Blacole.DU
EXP/2010-0840.LL.1
EXP/2010-0840.AR
EXP/CVE-2011-3544... (mehr zeigte er nicht an)
EXP/JS.Iframe.E

Nun meine Frage, reicht das aus um das Problem zu beheben? Habt ihr Tipps um vorzubeugen?

mfg Rainstorm

Zitat:

Mit Avira im Anschluss kompletten Scan gemacht. 9 Funde, aber nur 5 wurden mit Name angezeigt, die dann in die Quarantäne wanderten.

Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner.

Sry für die späte Antwort. Hatte zwischenzeitlich das gleiche Problem mit einen anderen "Bild". Diesmal ging absicherter Modus nicht, wurde ebenfalls geblockt. hatte beide Vorfaälle mit Firefox Browser Google.
Per Orginal DVD System zuückgesetzt. 2 mal Avira Scan gemacht. Malwarebytes muss ich mir neuinstallieren (zeigt Runtime-error an). Deren Logs folgen morgen.

mfg Rainstorm

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Malwarebytes neuinstaliert und manuell aktualisiert. Ältere Scans habe ich leider nicht. 2 Scans durchgeführt. Im Anschluss der Eset Log.

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=e948eaf538fd8a4a96897e6b4fcf1102

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-02-14 03:53:11

# local_time=2012-02-14 04:53:11 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=1797 16775165 100 94 82993 65766880 75782 0

# compatibility_mode=5892 16776573 100 56 82872 166750365 0 0

# compatibility_mode=8192 67108863 100 0 3880 3880 0 0

# scanned=305042

# found=4

# cleaned=0

# scan_time=8332

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngr.dll        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\datamngrUI.exe        a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

C:\Program Files (x86)\Windows iLivid Toolbar\Datamngr\IEBHO.dll        probably a variant of Win32/Toolbar.SearchSuite application (unable to clean)        00000000000000000000000000000000        I

${Memory}        a variant of Win32/Toolbar.SearchSuite application        00000000000000000000000000000000        I

Vielen Dank für die sehr gute Anleitung! Ohne die wäre ich aufgeschmissen.
mfg Rainstorm

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Quick Scan

Code:

OTL logfile created on: 14.02.2012 17:32:01 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas Flander\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,56% Memory free

7,72 Gb Paging File | 6,09 Gb Available in Paging File | 78,79% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283,42 Gb Total Space | 61,42 Gb Free Space | 21,67% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 8,24 Gb Free Space | 56,24% Space Free | Partition Type: FAT32

 

Computer Name: HOME-PC | User Name: xxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\xxxxxx\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\ArcorOnline\AOButler.exe (Vodafone D2 GmbH)

PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll ()

MOD - C:\Windows\SysWOW64\LXEAsmr.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll ()

MOD - C:\Windows\SysWOW64\LXEAsm.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )

SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 20:49:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 20:49:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.13 16:21:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.04 19:31:34 | 000,000,000 | ---D | M]

 

[2011.07.17 23:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions

[2012.01.06 12:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions

[2011.10.05 22:05:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011.07.17 23:22:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011.06.06 08:17:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml

[2011.12.10 22:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.02.13 16:21:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

() (No name found) -- C:\USERS\ANDREAS FLANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5FJYD40.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.02.04 19:31:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.04 19:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.04 19:31:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.04 19:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.04.06 08:43:24 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.05.03 16:33:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml

[2012.02.04 19:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

[2012.02.04 19:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.04 19:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)

O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)

O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()

O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.)

O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (Übersetzer) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll (PROMT Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3:64bit: - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A4DA66F-9E0F-41CD-B5E8-615E73736BEB}: NameServer = 195.50.140.118 195.50.140.180

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll (Bandoo Media, inc)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O27:64bit: - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.14 14:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.02.14 14:28:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe

[2012.02.13 22:49:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe

[2012.02.13 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\secu

[2012.02.12 00:00:22 | 000,000,000 | ---D | C] -- C:\gPotato.eu

[2012.02.10 13:45:51 | 000,000,000 | ---D | C] -- C:\Download

[2012.02.10 13:45:28 | 000,000,000 | ---D | C] -- C:\Nexon

[2012.02.06 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games

[2012.02.06 19:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games

[2012.02.06 19:40:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\Neuer Ordner (2)

[2012.02.06 18:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainer eXperience

[2012.02.06 18:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev

[2012.02.04 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Venetica

[2012.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica

[2012.02.04 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Venetica

[2012.01.24 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios

[2012.01.24 16:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Sea Studios

[2012.01.24 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Sea Studios

[2012.01.22 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Regnum Coelis 1.1 Final

[2012.01.16 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\RealNetworks

[2012.01.16 20:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

[2012.01.16 20:01:25 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012.01.16 20:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real

[2012.01.15 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Back to the Roots

[2011.04.10 23:10:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll

[2011.04.10 23:10:46 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll

[2011.04.10 23:10:46 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll

[2011.04.10 23:10:45 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll

[2011.04.10 23:10:45 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll

[2011.04.10 23:10:45 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll

[2011.04.10 23:10:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll

[2011.04.10 23:10:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll

[2011.04.10 23:10:44 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe

[2011.04.10 23:10:44 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll

[2011.04.10 23:10:44 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe

[2011.04.10 23:10:43 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe

[2011.03.31 09:46:24 | 000,013,272 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxxxxx\AppData\Local\cmdial32.dll

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.14 17:16:33 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.02.14 17:16:33 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.02.14 17:16:33 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.02.14 17:16:33 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.02.14 17:16:33 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.14 17:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.14 14:28:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe

[2012.02.14 14:24:30 | 000,000,022 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini

[2012.02.13 22:56:51 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.13 22:49:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe

[2012.02.09 17:56:59 | 000,054,784 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.09 17:28:05 | 000,001,460 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat

[2012.02.09 11:41:08 | 000,404,154 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF

[2012.02.09 11:38:29 | 000,986,689 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF

[2012.02.09 11:35:36 | 000,939,645 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF

[2012.02.06 18:30:46 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\SI.bin

[2012.02.04 18:29:09 | 000,001,998 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk

[2012.02.01 17:59:00 | 000,000,172 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL

[2012.01.20 11:59:46 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.16 20:01:25 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.13 22:56:51 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.09 11:41:08 | 000,404,154 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF

[2012.02.09 11:38:28 | 000,986,689 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF

[2012.02.09 11:35:35 | 000,939,645 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF

[2012.02.06 18:30:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin

[2012.02.04 18:29:09 | 000,001,998 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk

[2012.01.30 21:03:52 | 000,000,172 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL

[2011.07.24 02:22:27 | 000,000,022 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini

[2011.05.03 16:32:57 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.05.03 16:32:57 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll

[2011.05.02 15:50:46 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2011.04.30 17:52:36 | 000,024,088 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\UserTile.png

[2011.04.10 23:10:48 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll

[2011.04.10 23:10:47 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll

[2011.04.10 23:10:46 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll

[2011.04.10 23:10:46 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll

[2011.04.10 23:10:46 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll

[2011.04.10 23:10:46 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll

[2011.04.10 23:10:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll

[2011.04.10 23:10:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll

[2011.04.10 23:10:45 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll

[2011.04.10 23:09:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll

[2011.04.10 23:09:35 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll

[2011.04.03 13:23:32 | 000,000,091 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\sversion.ini

[2011.04.03 13:20:53 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe

[2011.04.02 06:25:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.04.02 06:24:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.04.02 06:23:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.04.01 23:58:22 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.04.01 20:20:06 | 000,054,784 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.31 17:08:38 | 000,000,680 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps.dat

[2011.03.31 14:10:25 | 000,000,552 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d8caps.dat

[2011.03.31 09:22:54 | 000,001,460 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2004.09.25 13:38:24 | 000,037,376 | ---- | C] () -- C:\Windows\UnInstall_Teudogar_0815.Exe

 
 ========== LOP Check ==========

 

[2011.05.11 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avnex

[2011.11.23 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\BitZipper

[2012.01.24 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios

[2011.11.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0

[2011.05.07 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\MAGIX

[2011.09.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenOffice.org

[2011.04.30 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PeerNetworking

[2011.05.11 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PROject MT

[2011.04.22 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios

[2011.06.19 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Stardock

[2011.08.17 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TS3Client

[2011.08.17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ts3overlay

[2011.04.03 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software

[2012.02.14 17:09:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

Scan

OTL.Text

Code:

OTL logfile created on: 14.02.2012 17:50:40 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Andreas Flander\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 59,11% Memory free

7,72 Gb Paging File | 6,04 Gb Available in Paging File | 78,13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283,42 Gb Total Space | 61,43 Gb Free Space | 21,67% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 8,24 Gb Free Space | 56,24% Space Free | Partition Type: FAT32

 

Computer Name: HOME-PC | User Name: xxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Andreas Flander\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\ArcorOnline\AOButler.exe (Vodafone D2 GmbH)

PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll ()

MOD - C:\Windows\SysWOW64\LXEAsmr.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll ()

MOD - C:\Windows\SysWOW64\LXEAsm.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )

SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 20:49:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 20:49:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.13 16:21:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.04 19:31:34 | 000,000,000 | ---D | M]

 

[2011.07.17 23:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions

[2012.01.06 12:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions

[2011.10.05 22:05:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011.07.17 23:22:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011.06.06 08:17:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml

[2011.12.10 22:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.02.13 16:21:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

() (No name found) -- C:\USERS\ANDREAS FLANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5FJYD40.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.02.04 19:31:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.04 19:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.04 19:31:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.04 19:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.04.06 08:43:24 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.05.03 16:33:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml

[2012.02.04 19:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

[2012.02.04 19:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.04 19:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)

O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)

O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()

O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.)

O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (Übersetzer) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll (PROMT Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3:64bit: - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1A4DA66F-9E0F-41CD-B5E8-615E73736BEB}: NameServer = 195.50.140.118 195.50.140.180

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll (Bandoo Media, inc)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O27:64bit: - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.14 14:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.02.14 14:28:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe

[2012.02.13 22:49:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe

[2012.02.13 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\secu

[2012.02.12 00:00:22 | 000,000,000 | ---D | C] -- C:\gPotato.eu

[2012.02.10 13:45:51 | 000,000,000 | ---D | C] -- C:\Download

[2012.02.10 13:45:28 | 000,000,000 | ---D | C] -- C:\Nexon

[2012.02.06 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games

[2012.02.06 19:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games

[2012.02.06 19:40:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\Neuer Ordner (2)

[2012.02.06 18:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainer eXperience

[2012.02.06 18:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev

[2012.02.04 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Venetica

[2012.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica

[2012.02.04 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Venetica

[2012.01.24 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios

[2012.01.24 16:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Sea Studios

[2012.01.24 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Sea Studios

[2012.01.22 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Regnum Coelis 1.1 Final

[2012.01.16 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\RealNetworks

[2012.01.16 20:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

[2012.01.16 20:01:44 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll

[2012.01.16 20:01:30 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll

[2012.01.16 20:01:30 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll

[2012.01.16 20:01:25 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012.01.16 20:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real

[2012.01.15 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Back to the Roots

[2011.04.10 23:10:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll

[2011.04.10 23:10:46 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll

[2011.04.10 23:10:46 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll

[2011.04.10 23:10:45 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll

[2011.04.10 23:10:45 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll

[2011.04.10 23:10:45 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll

[2011.04.10 23:10:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll

[2011.04.10 23:10:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll

[2011.04.10 23:10:44 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe

[2011.04.10 23:10:44 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll

[2011.04.10 23:10:44 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe

[2011.04.10 23:10:43 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe

[2011.03.31 09:46:24 | 000,013,272 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxxxxx\AppData\Local\cmdial32.dll

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.14 17:16:33 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.02.14 17:16:33 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.02.14 17:16:33 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.02.14 17:16:33 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.02.14 17:16:33 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.14 17:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.14 14:28:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe

[2012.02.14 14:24:30 | 000,000,022 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini

[2012.02.13 22:56:51 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.13 22:49:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe

[2012.02.09 17:56:59 | 000,054,784 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.09 17:28:05 | 000,001,460 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat

[2012.02.09 11:41:08 | 000,404,154 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF

[2012.02.09 11:38:29 | 000,986,689 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF

[2012.02.09 11:35:36 | 000,939,645 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF

[2012.02.06 18:30:46 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\SI.bin

[2012.02.04 18:29:09 | 000,001,998 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk

[2012.02.01 17:59:00 | 000,000,172 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL

[2012.01.20 11:59:46 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.16 20:01:44 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll

[2012.01.16 20:01:30 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll

[2012.01.16 20:01:30 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll

[2012.01.16 20:01:25 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.13 22:56:51 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.09 11:41:08 | 000,404,154 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF

[2012.02.09 11:38:28 | 000,986,689 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF

[2012.02.09 11:35:35 | 000,939,645 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF

[2012.02.06 18:30:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin

[2012.02.04 18:29:09 | 000,001,998 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk

[2012.01.30 21:03:52 | 000,000,172 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL

[2011.07.24 02:22:27 | 000,000,022 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini

[2011.05.03 16:32:57 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.05.03 16:32:57 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll

[2011.05.02 15:50:46 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2011.04.30 17:52:36 | 000,024,088 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\UserTile.png

[2011.04.10 23:10:48 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll

[2011.04.10 23:10:47 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll

[2011.04.10 23:10:46 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll

[2011.04.10 23:10:46 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll

[2011.04.10 23:10:46 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll

[2011.04.10 23:10:46 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll

[2011.04.10 23:10:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll

[2011.04.10 23:10:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll

[2011.04.10 23:10:45 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll

[2011.04.10 23:09:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll

[2011.04.10 23:09:35 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll

[2011.04.03 13:23:32 | 000,000,091 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\sversion.ini

[2011.04.03 13:20:53 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe

[2011.04.02 06:25:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.04.02 06:24:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.04.02 06:23:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.04.01 23:58:22 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.04.01 20:20:06 | 000,054,784 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.31 17:08:38 | 000,000,680 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps.dat

[2011.03.31 14:10:25 | 000,000,552 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d8caps.dat

[2011.03.31 09:22:54 | 000,001,460 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2004.09.25 13:38:24 | 000,037,376 | ---- | C] () -- C:\Windows\UnInstall_Teudogar_0815.Exe

 
 ========== LOP Check ==========

 

[2011.05.11 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avnex

[2011.11.23 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\BitZipper

[2012.01.24 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios

[2011.11.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0

[2011.05.07 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\MAGIX

[2011.09.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenOffice.org

[2011.04.30 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PeerNetworking

[2011.05.11 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PROject MT

[2011.04.22 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios

[2011.06.19 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Stardock

[2011.08.17 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TS3Client

[2011.08.17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ts3overlay

[2011.04.03 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software

[2012.02.14 17:09:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

Extra.txt

Code:

OTL Extras logfile created on: 14.02.2012 17:50:40 - Run 3

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\xxxxxx\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,22 Gb Available Physical Memory | 59,11% Memory free

7,72 Gb Paging File | 6,04 Gb Available in Paging File | 78,13% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283,42 Gb Total Space | 61,43 Gb Free Space | 21,67% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 8,24 Gb Free Space | 56,24% Space Free | Partition Type: FAT32

 

Computer Name: HOME-PC | User Name: xxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html[@ = ChromeHTML] -- Reg Error: Key error. File not found

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

 

[HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Classes\<extension>]

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

htmlfile [edit] -- Reg Error: Key error.

http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = 9F 9E 16 8C DC 5B C8 01  [binary data]

"VistaSp2" = 88 9E 3C 97 3A F1 CB 01  [binary data]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"oobe_av" = 1

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{27A3CE36-5836-4AB8-A0B4-4D9266E3C341}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 

"{306F8578-A766-40D2-8D9B-9F6B2A49AC3B}" = lport=49159 | protocol=6 | dir=in | name=akamai netsession interface | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0EDF0951-7587-416C-B8F3-3DF0E6DB49A2}" = protocol=17 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 

"{10307B78-42BB-4B79-9B38-D60D12568A8F}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds.exe | 

"{11CD1BD7-F580-4C72-B9C8-262FB6DA3729}" = protocol=6 | dir=in | app=c:\program files (x86)\abbyy finereader 6.0 sprint\scan\scanman6.exe | 

"{50EDE9ED-108A-4A1E-9170-DBC5D4AB4163}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 

"{54087606-C329-4139-9DD1-E3746FDE78DF}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds.exe | 

"{7B43E0B7-B7EF-46D0-B20E-C2F877434DAA}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 

"{8950C381-5839-4F60-89D7-E40F41175E02}" = protocol=17 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds_radeon.exe | 

"{C7FB9F03-CF88-4E67-A8F1-B39FE359E3A4}" = protocol=6 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 

"{D62962E5-63DD-48F6-8AC2-579553708D9E}" = protocol=6 | dir=in | app=c:\program files (x86)\reality pump\two worlds\twoworlds_radeon.exe | 

"{E4EC019E-C3DF-43BF-97D6-A7AA62E72CB2}" = dir=in | app=c:\windows\system32\lxeacoms.exe | 

"{F5A3116C-38D1-4765-9635-1781D033E8EE}" = protocol=17 | dir=in | app=c:\program files (x86)\windows ilivid toolbar\datamngr\toolbar\dtuser.exe | 

"TCP Query User{5E30CE99-60D3-4272-9635-0C8DAF131FD8}C:\users\andreas flander\downloads\maestia-downloader.exe" = protocol=6 | dir=in | app=c:\users\andreas flander\downloads\maestia-downloader.exe | 

"TCP Query User{8D8778A5-182C-4189-AE5D-129DDD385C61}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=6 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe | 

"TCP Query User{AAE721CD-DD0B-4BA6-A219-EC83EF848C69}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 

"UDP Query User{24593FC2-C1FC-4255-9448-176414D183CA}C:\program files (x86)\monte cristo\silverfall\silverfall.exe" = protocol=17 | dir=in | app=c:\program files (x86)\monte cristo\silverfall\silverfall.exe | 

"UDP Query User{D2FD8570-0AA0-476F-AE87-8E065687C64B}C:\users\andreas flander\downloads\maestia-downloader.exe" = protocol=17 | dir=in | app=c:\users\andreas flander\downloads\maestia-downloader.exe | 

"UDP Query User{E7484AF6-32DE-489A-AB25-FCFAF38CFE32}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Lexmark S300-S400 Series" = Lexmark S300-S400 Series

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"NVIDIA Drivers" = NVIDIA Drivers

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades

"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Symbolleiste

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V

"{20587144-2AC1-48AA-B815-3575F68E5A9C}" = Simple Adblock

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011

"{262DA23B-4BAB-463F-B1DC-9B5287CAB5CA}}_is1" = Deinstallation der Arcor Online Software

"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22

"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 26

"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4E47844E-4A18-454B-A977-EC2CCF3F1472}" = X2 - Die Bedrohung (V1.4)

"{4E47844E-4A18-454B-A977-EC2CCFFFFF72}" = X2 - Die Bedrohung DEMO

"{5D4C60AA-84E6-4E1A-8A68-69970D387BE1}" = TuneUp Utilities Language Pack (de-DE)

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{689D6616-9790-431C-989E-E91BB82FB002}" = Knights of Honor Demo

"{68D2A2E2-6B64-4433-8073-0605EB306C1B}" = Gothic 3 Gold

"{6E5BC38E-F22B-4197-00A2-CD8E58EF139D}" = FUSSBALL MANAGER 2005

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74A84478-70A5-4F7A-966C-FA2771FF91A5}_is1" = Patch v2.2

"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas

"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime

"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic

"{883D3FE3-E8BA-4427-B1B8-3E0B5D60AC94}" = @promt Professional EGGE Special Edition

"{8F50EC3D-C482-4445-9E4B-991A766047D5}_is1" = MAESTIA Version 201101

"{90877318-0BD0-4BDE-BFC0-C4BB12DAC86A}_is1" = Rappelz

"{9370105C-71BB-4FF9-A85B-36D79B95457A}_is1" = ALLConverter PRO 1.1

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch

"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint

"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX

"{BFBB91DB-9F0F-4A9C-9669-A97DA3512CF2}" = RealSpeak Solo fur Deutsch - Steffi

"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War

"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia

"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 

"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Ashampoo Media Player+_is1" = Ashampoo Media Player+ 2.03

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BitZipper_is1" = BitZipper 2010

"Die Gilde 2 - Back to the Roots_is1" = Die Gilde 2 - Back to the Roots Patch v1.2

"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition

"DivX Setup.divx.com" = DivX-Setup

"ESET Online Scanner" = ESET Online Scanner v3

"Galactic Civilizations II - Ultimate Edition" = Galactic Civilizations II - Ultimate Edition

"Impulse" = Impulse

"LHTTSGED" = L&H TTS3000 Deutsch

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000

"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.4b

"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)

"MWS Reader 4_is1" = MWS Reader 4

"OpenSubtitlesPlayer_is1" = OpenSubtitlesPlayer V4.X

"RenSim_is1" = RenSim 3

"Robin Hood - Die Legende von Sherwood" = Robin Hood - Die Legende von Sherwood

"Searchqu 406 MediaBar" = Windows iLivid Toolbar

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"Teudogar and the Alliance with Rome" = Teudogar and the Alliance with Rome

"TuneUp Utilities 2011" = TuneUp Utilities 2011

"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine

"Two Worlds" = Two Worlds

"Venetica_is1" = Venetica

"VLC media player" = VLC media player 1.1.8

"WinGimp-2.0_is1" = GIMP 2.6.11

"WinRAR archiver" = WinRAR 4.00 (32-Bit)

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"OpenOffice.org 1.1.2" = OpenOffice.org 1.1.2

"Pirate Galaxy" = Pirate Galaxy

"Regnum Coelis 1.1 Final" = Regnum Coelis 1.1 Final

"Schwert und Speer Ultimat" = Schwert und Speer Ultimat

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13.02.2012 10:57:51 | Computer Name = Home-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 13.02.2012 11:01:51 | Computer Name = Home-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 13.02.2012 11:05:20 | Computer Name = Home-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 13.02.2012 11:08:13 | Computer Name = Home-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 13.02.2012 11:12:54 | Computer Name = Home-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 13.02.2012 11:22:57 | Computer Name = Home-PC | Source = Avira AntiVir | ID = 4109

Description = Die Engine wurde verändert oder zerstört!  Fehlercode: 0x9

 

Error - 13.02.2012 11:22:57 | Computer Name = Home-PC | Source = Avira AntiVir | ID = 4117

Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!

 

Error - 13.02.2012 11:24:05 | Computer Name = Home-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 14.02.2012 04:21:20 | Computer Name = Home-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 14.02.2012 04:22:19 | Computer Name = Home-PC | Source = Windows Search Service | ID = 3013

Description = 

 

[ System Events ]

Error - 13.02.2012 11:24:06 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 13.02.2012 11:24:06 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 13.02.2012 11:26:13 | Computer Name = Home-PC | Source = WinDefend | ID = 2004

Description = 

 

Error - 14.02.2012 04:21:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 14.02.2012 04:21:21 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 14.02.2012 06:07:31 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 14.02.2012 06:07:31 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000

Description = 

 

Error - 14.02.2012 06:11:52 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7022

Description = 

 

Error - 14.02.2012 12:11:29 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7009

Description = 

 

Error - 14.02.2012 12:11:29 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

Zitat:

Der Text, den Sie eingegeben haben, besteht aus 156495 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 100000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!

Zitat:

Fehler beim Hochladen
OTL.Txt s.txt:
Die Datei, die Sie anhängen möchten, ist zu groß. Die maximale Dateigröße für diesen Dateityp beträgt 97,7 KB. Ihre Datei ist 132,7 KB groß.

Teil 2 folgt

Teil 2

CustomScan mit OTL

Code:

OTL logfile created on: 14.02.2012 18:35:04 - Run 4

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\xxxxxx\Desktop

64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,75 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 60,01% Memory free

7,72 Gb Paging File | 6,18 Gb Available in Paging File | 80,04% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 283,42 Gb Total Space | 63,16 Gb Free Space | 22,28% Space Free | Partition Type: NTFS

Drive D: | 14,65 Gb Total Space | 8,24 Gb Free Space | 56,24% Space Free | Partition Type: FAT32

 

Computer Name: HOME-PC | User Name: xxxxxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\xxxxxx\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

PRC - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll ()

MOD - C:\Windows\SysWOW64\LXEAsmr.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll ()

MOD - C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll ()

MOD - C:\Windows\SysWOW64\LXEAsm.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

SRV:64bit: - (lxea_device) -- C:\Windows\SysNative\lxeacoms.exe ( )

SRV:64bit: - (lxeaCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxeaserv.exe ()

SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)

SRV - (npggsvc) -- C:\Windows\SysWow64\GameMon.des (INCA Internet Co., Ltd.)

SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software)

SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (lxea_device) -- C:\Windows\SysWow64\lxeacoms.exe ( )

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\DRIVERS\avipbb.sys (Avira GmbH)

DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\DRIVERS\avgntflt.sys (Avira GmbH)

DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys (TuneUp Software)

DRV - (NPPTNT2) -- C:\Windows\SysWOW64\npptNT2.sys (INCA Internet Co., Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.arcor.de

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q="

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.04.01 20:49:42 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.04.01 20:49:43 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.02.13 16:21:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.04 19:31:34 | 000,000,000 | ---D | M]

 

[2011.07.17 23:22:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Extensions

[2012.01.06 12:52:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions

[2011.10.05 22:05:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011.07.17 23:22:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011.06.06 08:17:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml

[2011.12.10 22:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.02.13 16:21:18 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT

() (No name found) -- C:\USERS\ANDREAS FLANDER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\R5FJYD40.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2012.02.04 19:31:33 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.02.04 19:31:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.02.04 19:31:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.02.04 19:31:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011.04.06 08:43:24 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.05.03 16:33:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml

[2012.02.04 19:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

[2012.02.04 19:31:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.02.04 19:31:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - default_search_provider:  ()

CHR - default_search_provider: search_url = 

CHR - default_search_provider: suggest_url = 

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3_0\

CHR - Extension: No name found = C:\Users\xxxxxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\

 

O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2:64bit: - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblockx64.dll (Simple Adblock)

O2 - BHO: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()

O2 - BHO: (UrlHelper Class) - {A40DC6C5-79D0-4ca8-A185-8FF989AF1115} - C:\PROGRA~2\WI371A~1\Datamngr\IEBHO.dll (Bandoo Media, inc)

O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()

O2 - BHO: (IplexToALLPlayer) - {DF925EF3-7A87-44E4-9CAF-8D7B280BF616} - C:\PROGRA~2\OPENSU~1\Iplex\IPLEXT~1.DLL (ALLCinema Ltd.)

O2 - BHO: (SimpleAdblock Class) - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll (Simple Adblock)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (Übersetzer) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll (PROMT Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3:64bit: - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe ()

O4:64bit: - HKLM..\Run: [lxeamon.exe] C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe ()

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll (Bandoo Media, inc)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O27:64bit: - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27:64bit: - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\impulsedock.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\impulsemini.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O27 - HKLM IFEO\presentationhost.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe (TuneUp Software)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)

 

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: WudfPf - Driver

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.02.14 14:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.02.14 14:28:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe

[2012.02.13 22:49:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe

[2012.02.13 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\secu

[2012.02.12 00:00:22 | 000,000,000 | ---D | C] -- C:\gPotato.eu

[2012.02.10 13:45:51 | 000,000,000 | ---D | C] -- C:\Download

[2012.02.10 13:45:28 | 000,000,000 | ---D | C] -- C:\Nexon

[2012.02.06 19:45:26 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Firaxis Games

[2012.02.06 19:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Firaxis Games

[2012.02.06 19:40:20 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Desktop\Neuer Ordner (2)

[2012.02.06 18:23:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaTrainer eXperience

[2012.02.06 18:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MegaDev

[2012.02.04 18:37:44 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\Documents\Venetica

[2012.02.04 18:29:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Venetica

[2012.02.04 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Venetica

[2012.01.24 16:03:56 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios

[2012.01.24 16:03:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black Sea Studios

[2012.01.24 16:01:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Black Sea Studios

[2012.01.22 11:35:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Regnum Coelis 1.1 Final

[2012.01.16 20:04:42 | 000,000,000 | ---D | C] -- C:\Users\xxxxxx\AppData\Roaming\RealNetworks

[2012.01.16 20:01:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared

[2012.01.16 20:01:25 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[2012.01.16 20:01:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real

[2012.01.15 19:37:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Die Gilde 2 - Back to the Roots

[2011.04.10 23:10:47 | 000,364,544 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeainpa.dll

[2011.04.10 23:10:46 | 000,651,264 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeapmui.dll

[2011.04.10 23:10:46 | 000,344,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaiesc.dll

[2011.04.10 23:10:45 | 001,056,768 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaserv.dll

[2011.04.10 23:10:45 | 000,851,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeausb1.dll

[2011.04.10 23:10:45 | 000,581,632 | ---- | C] ( ) -- C:\Windows\SysWow64\lxealmpm.dll

[2011.04.10 23:10:44 | 000,802,816 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomc.dll

[2011.04.10 23:10:44 | 000,688,128 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeahbn3.dll

[2011.04.10 23:10:44 | 000,602,792 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacoms.exe

[2011.04.10 23:10:44 | 000,376,832 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacomm.dll

[2011.04.10 23:10:44 | 000,328,360 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeaih.exe

[2011.04.10 23:10:43 | 000,369,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxeacfg.exe

[2011.03.31 09:46:24 | 000,013,272 | ---- | C] (Arcor Online GmbH) -- C:\Users\xxxxxx\AppData\Local\cmdial32.dll

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.02.14 17:16:33 | 001,445,310 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012.02.14 17:16:33 | 000,628,504 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012.02.14 17:16:33 | 000,595,798 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012.02.14 17:16:33 | 000,126,248 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012.02.14 17:16:33 | 000,103,872 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.02.14 17:09:58 | 000,003,712 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.02.14 17:09:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.02.14 14:28:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\xxxxxx\Desktop\esetsmartinstaller_enu.exe

[2012.02.14 14:24:30 | 000,000,022 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini

[2012.02.13 22:56:51 | 000,000,952 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.13 22:49:36 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxxxxx\Desktop\OTL.exe

[2012.02.09 17:56:59 | 000,054,784 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2012.02.09 17:28:05 | 000,001,460 | ---- | M] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat

[2012.02.09 11:41:08 | 000,404,154 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF

[2012.02.09 11:38:29 | 000,986,689 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF

[2012.02.09 11:35:36 | 000,939,645 | ---- | M] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF

[2012.02.06 18:30:46 | 000,000,001 | ---- | M] () -- C:\Windows\SysWow64\SI.bin

[2012.02.04 18:29:09 | 000,001,998 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk

[2012.02.01 17:59:00 | 000,000,172 | ---- | M] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL

[2012.01.20 11:59:46 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.01.16 20:01:25 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

[7 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.02.13 22:56:51 | 000,000,952 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.09 11:41:08 | 000,404,154 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;41;05.PDF

[2012.02.09 11:38:28 | 000,986,689 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;38;25.PDF

[2012.02.09 11:35:35 | 000,939,645 | ---- | C] () -- C:\Users\xxxxxx\Documents\09-02-2012 11;35;29.PDF

[2012.02.06 18:30:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin

[2012.02.04 18:29:09 | 000,001,998 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Venetica.lnk

[2012.01.30 21:03:52 | 000,000,172 | ---- | C] () -- C:\Users\xxxxxx\Desktop\Pfiffige Tiere basteln aus Papier Basteln & Gestalten.URL

[2011.07.24 02:22:27 | 000,000,022 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\cmdial32.ini

[2011.05.03 16:32:57 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

[2011.05.03 16:32:57 | 000,258,048 | ---- | C] () -- C:\Windows\SysWow64\libFLAC.dll

[2011.05.02 15:50:46 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe

[2011.04.30 17:52:36 | 000,024,088 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\UserTile.png

[2011.04.10 23:10:48 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\LXEAinst.dll

[2011.04.10 23:10:47 | 000,344,064 | ---- | C] () -- C:\Windows\SysWow64\lxeacomx.dll

[2011.04.10 23:10:46 | 000,323,584 | ---- | C] () -- C:\Windows\SysWow64\lxeains.dll

[2011.04.10 23:10:46 | 000,262,144 | ---- | C] () -- C:\Windows\SysWow64\lxeainsb.dll

[2011.04.10 23:10:46 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\lxeainsr.dll

[2011.04.10 23:10:46 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\lxeacub.dll

[2011.04.10 23:10:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\lxeajswr.dll

[2011.04.10 23:10:46 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\lxeacur.dll

[2011.04.10 23:10:45 | 000,253,952 | ---- | C] () -- C:\Windows\SysWow64\lxeacu.dll

[2011.04.10 23:09:35 | 000,299,008 | ---- | C] () -- C:\Windows\SysWow64\LXEAsm.dll

[2011.04.10 23:09:35 | 000,024,064 | ---- | C] () -- C:\Windows\SysWow64\LXEAsmr.dll

[2011.04.03 13:23:32 | 000,000,091 | ---- | C] () -- C:\Users\xxxxxx\AppData\Roaming\sversion.ini

[2011.04.03 13:20:53 | 000,069,632 | ---- | C] () -- C:\Windows\uinst001.exe

[2011.04.02 06:25:11 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2011.04.02 06:24:24 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin

[2011.04.02 06:23:42 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2011.04.01 23:58:22 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin

[2011.04.01 20:20:06 | 000,054,784 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.03.31 17:08:38 | 000,000,680 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps.dat

[2011.03.31 14:10:25 | 000,000,552 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d8caps.dat

[2011.03.31 09:22:54 | 000,001,460 | ---- | C] () -- C:\Users\xxxxxx\AppData\Local\d3d9caps64.dat

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll

[2008.01.21 03:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini

[2007.04.27 08:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll

[2006.11.02 16:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2004.09.25 13:38:24 | 000,037,376 | ---- | C] () -- C:\Windows\UnInstall_Teudogar_0815.Exe

 
 ========== LOP Check ==========

 

[2011.05.11 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avnex

[2011.11.23 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\BitZipper

[2012.01.24 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios

[2011.11.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0

[2011.05.07 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\MAGIX

[2011.09.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenOffice.org

[2011.04.30 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PeerNetworking

[2011.05.11 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PROject MT

[2011.04.22 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios

[2011.06.19 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Stardock

[2011.08.17 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TS3Client

[2011.08.17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ts3overlay

[2011.04.03 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software

[2012.02.14 17:09:01 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.03.31 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Adobe

[2011.08.10 20:41:12 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avira

[2011.05.11 17:26:11 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Avnex

[2011.11.23 21:11:59 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\BitZipper

[2012.01.24 16:03:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Black Sea Studios

[2011.04.01 21:01:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\DivX

[2011.03.31 11:38:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Google

[2011.11.13 22:19:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\gtk-2.0

[2011.09.20 13:46:09 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Help

[2011.03.31 09:23:07 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Identities

[2011.06.20 16:01:10 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\InstallShield

[2011.03.31 16:04:06 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Macromedia

[2011.05.07 09:14:05 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\MAGIX

[2011.08.10 22:19:02 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Malwarebytes

[2006.11.02 16:07:25 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Media Center Programs

[2011.08.10 20:34:57 | 000,000,000 | --SD | M] -- C:\Users\xxxxxx\AppData\Roaming\Microsoft

[2011.05.07 07:46:15 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Mozilla

[2011.09.11 12:17:58 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\OpenOffice.org

[2011.04.30 17:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PeerNetworking

[2011.05.11 17:25:18 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\PROject MT

[2012.01.16 20:02:26 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Real

[2012.01.16 20:04:42 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\RealNetworks

[2011.04.22 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios

[2011.06.19 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\Stardock

[2011.08.17 21:51:47 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TS3Client

[2011.08.17 18:40:56 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\ts3overlay

[2011.04.03 15:26:01 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\TuneUp Software

[2012.02.09 17:36:24 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\vlc

[2011.04.03 22:21:08 | 000,000,000 | ---D | M] -- C:\Users\xxxxxx\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

[2011.07.21 08:14:01 | 000,010,134 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{4E47844E-4A18-454B-A977-EC2CCF3F1472}\ARPPRODUCTICON.exe

[2011.07.17 21:34:38 | 000,010,134 | R--- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{4E47844E-4A18-454B-A977-EC2CCFFFFF72}\ARPPRODUCTICON.exe

[2011.07.17 21:34:38 | 000,045,056 | R--- | M] (InstallShield Software Corp.) -- C:\Users\xxxxxx\AppData\Roaming\Microsoft\Installer\{4E47844E-4A18-454B-A977-EC2CCFFFFF72}\NewShortcut2_4E47844E4A18454BA977EC2CCF3F1472_1.exe

[2011.11.15 22:14:41 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe

[2011.10.22 18:18:12 | 026,533,840 | ---- | M] (RealNetworks, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_data\RealPlayer_de.exe

[2011.10.22 18:14:35 | 000,676,624 | ---- | M] (RealNetworks, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\stub_exe\RealPlayer_de.exe

[2011.04.22 17:12:01 | 000,327,487 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\Launcher.exe

[2011.03.03 18:40:02 | 000,250,931 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\Repair.exe

[2011.04.22 17:09:57 | 000,060,648 | ---- | M] (Splitscreen Studios GmbH) -- C:\Users\Andreas Flander\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\uninstall.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\java-rmi.exe

[2010.03.12 11:05:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\java.exe

[2010.03.12 11:05:12 | 000,059,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\javacpl.exe

[2010.03.12 11:05:12 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\javaw.exe

[2010.03.12 11:05:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\javaws.exe

[2010.03.12 11:05:12 | 000,079,648 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\jbroker.exe

[2010.03.12 11:05:12 | 000,023,328 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\jp2launcher.exe

[2010.03.12 11:05:12 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\jqs.exe

[2010.03.12 11:05:12 | 000,055,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\jqsnotify.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\keytool.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\kinit.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\klist.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\ktab.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\orbd.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\pack200.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\policytool.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\rmid.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\rmiregistry.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\servertool.exe

[2010.03.12 11:05:12 | 000,030,496 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\ssvagent.exe

[2010.03.12 11:05:12 | 000,033,568 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\tnameserv.exe

[2010.03.12 11:05:12 | 000,132,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\xxxxxx\AppData\Roaming\Splitscreen Studios\Pirate Galaxy\java_vm\bin\unpack200.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2009.05.08 09:14:27 | 000,258,048 | ---- | M] () -- C:\config.exe

[2009.05.08 09:14:27 | 000,081,920 | ---- | M] () -- C:\errorlog.exe

[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

[2009.05.08 09:14:27 | 000,593,920 | ---- | M] (Ymir Entertainment) -- C:\metin2.exe

[2009.05.08 09:14:27 | 000,131,072 | ---- | M] () -- C:\PatchUpdater.exe

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\SysNative\drivers\AGP440.sys

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_163188bf770e4ab0\AGP440.sys

[2008.01.21 03:46:51 | 000,064,568 | ---- | M] (Microsoft Corporation) MD5=F6F6793B7F17B550ECFDBD3B229173F7 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_181d01cb743015fc\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.01.21 03:46:50 | 000,022,584 | ---- | M] (Microsoft Corporation) MD5=1898FAE8E07D97F2F6C2D5326C633FAC -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_3956c39dd9e73fd2\atapi.sys

[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\SysNative\drivers\atapi.sys

[2009.04.11 08:15:00 | 000,020,952 | ---- | M] (Microsoft Corporation) MD5=E68D9B3A3905619732F7FE039466A623 -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_3b423ca9d7090b1e\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\SysNative\cngaudit.dll

[2006.11.02 12:16:48 | 000,014,848 | ---- | M] (Microsoft Corporation) MD5=21322B1A2AD337C579F4A65EA0D25193 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_424bc4aceb06de1c\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\SysWOW64\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2008.01.21 03:46:59 | 000,290,872 | ---- | M] (Intel Corporation) MD5=3E3BF3627D886736D0B4E90054F929F6 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_0b2fedfc40256bc5\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2008.01.21 03:51:03 | 000,716,800 | ---- | M] (Microsoft Corporation) MD5=5D0A4891F8CD0E9E64FF57A6A34044F5 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_59d652c6f057598d\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SysWOW64\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_6616762521d9e6d4\netlogon.dll

[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\SysNative\netlogon.dll

[2009.04.11 08:11:16 | 000,717,312 | ---- | M] (Microsoft Corporation) MD5=A3F1B171702CA04744EE514243B45BFB -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_5bc1cbd2ed7924d9\netlogon.dll

[2008.01.21 03:48:28 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_642afd1924b81b88\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\SysNative\drivers\nvstor.sys

[2008.01.21 03:46:54 | 000,054,328 | ---- | M] (NVIDIA Corporation) MD5=F7EA0FE82842D05EDA3EFDD376DBFDBA -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_95f95eab775c159d\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:50:28 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_9e812831c5d9a243\scecli.dll

[2008.01.21 03:49:49 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=35F1DD99F9903BC267C2AF16B09F9BF7 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_942c7ddf9178e048\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SysWOW64\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_a06ca13dc2fb6d8f\scecli.dll

[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\SysNative\scecli.dll

[2009.04.11 08:11:23 | 000,235,520 | ---- | M] (Microsoft Corporation) MD5=9922ADB6DCA8F0F5EA038BEFF339C08B -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_9617f6eb8e9aab94\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 03:48:29 | 000,820,224 | ---- | M] (Microsoft Corporation) MD5=32B87D215905F648EBE36A621978442C -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_295707c525b9f068\user32.dll

[2008.01.21 03:49:14 | 000,648,192 | ---- | M] (Microsoft Corporation) MD5=3D691030DBD3BD75DE1501BE54F0D425 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_33abb2175a1ab263\user32.dll

[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\SysWOW64\user32.dll

[2009.04.11 07:26:45 | 000,648,704 | ---- | M] (Microsoft Corporation) MD5=D29FDB5DEDBDC1BD882164DC6DC4DD53 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_35972b23573c7daf\user32.dll

[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysNative\user32.dll

[2009.04.11 08:11:27 | 000,820,224 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_2b4280d122dbbbb4\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe

[2008.01.21 03:50:36 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe

[2008.01.21 03:49:46 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe

[2008.01.21 03:48:04 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe

[2008.01.21 03:50:23 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe

[2009.04.11 08:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe

[2008.01.21 03:49:47 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:50:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2008.01.21 03:49:42 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=8A900348370E359B6BFF6A550E4649E1 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_aba53c58802b1777\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 <           >

 
 <           >
 

< End of report >

mfg Rainstorm

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.arcor.de

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ostpl&s={searchTerms}&f=4

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.arcor.de

IE - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/

FF - prefs.js..browser.search.order.1: "Search Results"

FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=de&q="

[2011.10.05 22:05:18 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}

[2011.07.17 23:22:36 | 000,000,000 | ---D | M] (Searchqu Toolbar) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}

[2011.06.06 08:17:34 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\xxxxxx\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}

[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Users\xxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml

[2011.04.06 08:43:24 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

[2011.05.03 16:33:17 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml

[2012.02.04 19:31:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.07.17 23:22:32 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml

O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll ()

O3 - HKLM\..\Toolbar: (Übersetzer) - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll (PROMT Ltd.)

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\ShellBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3 - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Lexmark Symbolleiste) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files (x86)\Lexmark Toolbar\toolband.dll ()

O3:64bit: - HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll (Bandoo Media, inc)

O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll) - C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll (Bandoo Media, inc)

O20 - AppInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll (Bandoo Media, inc)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Script ausgeführt.

Code:

All processes killed

========== OTL ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\First Home Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!

HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!

HKU\S-1-5-21-3502602205-1791007940-1928591322-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Prefs.js: "Search Results" removed from browser.search.order.1

Prefs.js: "hxxp://www.google.com/search?sourceid=navclient&hl=de&q=" removed from keyword.URL

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\META-INF folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\lib folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\preferences folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\custombuttons folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\contenthandling folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults\components folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\defaults folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\chrome folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\components folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\searchbar folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\options folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\panels folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton\icons folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\weatherbutton folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\uwa folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\images folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio\css folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\radio folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\images folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\scripts folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\images folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default\css folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\default folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels\css folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib\panels folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin\lib folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\skin folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\scripts folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\images folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin\css folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\skin folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\js folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\images folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook\css folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.MyStartFacebook folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\scripts folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\images folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin\css folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\skin folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\js folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\images folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2\css folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\net.vmn.www.Coupons_v2 folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox\thumbs folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets\com.djboxservice.dj.DJBox folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\widgets folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\modules folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\lib folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data\search folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content\data folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome\content folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}\chrome folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7} folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\defaults\preferences folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\defaults folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\components folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\translators folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\services folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\options folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\flags-s folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\flags folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\domains folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin\addit folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\skin folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\zh-TW\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\zh-TW folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\zh-CN\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\zh-CN folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\tr\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\tr folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sv\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sv folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sr\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sr folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sk\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\sk folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ru\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ru folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ro\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ro folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\pt-BR\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\pt-BR folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\pl\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\pl folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\nl\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\nl folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ja\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ja folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\it\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\it folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\id\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\id folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\hu\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\hu folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\he\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\he folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\gl\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\gl folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\fr\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\fr folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\es-ES\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\es-ES folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\en-US\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\en-US folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\de\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\de folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\da\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\da folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\cs\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\cs folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ca\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ca folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ar\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\ar folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\af\foxlingo folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale\af folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\locale folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome\content folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\chrome folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\mozilla\Firefox\Profiles\r5fjyd40.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} folder moved successfully.

C:\Users\Andreas Flander\AppData\Roaming\Mozilla\Firefox\Profiles\r5fjyd40.default\searchplugins\SearchResults.xml moved successfully.

File C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml not found.

C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchostpl.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml moved successfully.

C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.

C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.

C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ deleted successfully.

C:\Program Files (x86)\Lexmark Toolbar\toolband.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

File C:\PROGRA~2\WI371A~1\Datamngr\ToolBar\searchqudtx.dll not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{FF284F5C-7CF9-4682-8701-D467C1DBB99F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FF284F5C-7CF9-4682-8701-D467C1DBB99F}\ deleted successfully.

C:\Program Files (x86)\PRMT6\PRMTIE\prmtie.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.

File C:\Program Files (x86)\Lexmark Toolbar\toolband.dll not found.

Registry value HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.

File C:\Program Files (x86)\Lexmark Toolbar\toolband.dll not found.

64bit-Registry value HKEY_USERS\S-1-5-21-3502602205-1791007940-1928591322-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

File C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll deleted successfully.

C:\PROGRA~2\WI371A~1\Datamngr\x64\datamngr.dll moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll deleted successfully.

C:\PROGRA~2\WI371A~1\Datamngr\x64\IEBHO.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wi371a~1\datamngr\datamngr.dll deleted successfully.

File pInit_DLLs: (c:\progra~2\wi371a~1\datamngr\datamngr.dll) -c:\progra~2\wi371a~1\datamngr\datamngr.dll not found.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\wi371a~1\datamngr\iebho.dll deleted successfully.

File pInit_DLLs: (c:\progra~2\wi371a~1\datamngr\iebho.dll) -c:\progra~2\wi371a~1\datamngr\iebho.dll not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97d9131d-5b6b-11e0-9f57-806e6f6e6963}\ not found.

File E:\start.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: xxxxxx

->Temp folder emptied: 12052342 bytes

->Temporary Internet Files folder emptied: 614801346 bytes

->Java cache emptied: 966724 bytes

->FireFox cache emptied: 62552959 bytes

->Google Chrome cache emptied: 6602295 bytes

->Flash cache emptied: 393537 bytes

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 262048 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 347743112 bytes

 

Total Files Cleaned = 997,00 mb

 

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 02142012_215412
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

He da kennt einer seine Papenheimer recht gut. Lagst richtig mit xxxxxx beim Austausch mit dem eigenen Namen. :pfeiff:

mfg Rainstorm

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Hab beim download von Avira eine Warnung bekommen.

----
Guard: Malware gefunden
Datum/Uhrzeit: 14.02.2012,
22:23:23 Typ: Fund

In der Datei 'C:Users\xxxxxx\Downloads\tdsskiller.exe ' wurde ein Virus oder unerwünschtes Programm 'TR/Crypt.ULPM.Gen' gefunden.

Der Zugriff auf diese Datei wurde verweigert.

Bitte wählen sie weitere Aktionen:

Entfernen oder Details

----
*Dummfrag* Was soll ich machen?

mfg Rainstorm

Das ist ein Fehlalarm!

Musste Avira für Scan deaktivieren. Kein Fund.

Code:

22:42:11.0721 3848        TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52

22:42:11.0861 3848        ============================================================

22:42:11.0861 3848        Current date / time: 2012/02/14 22:42:11.0861

22:42:11.0861 3848        SystemInfo:

22:42:11.0861 3848        

22:42:11.0861 3848        OS Version: 6.0.6002 ServicePack: 2.0

22:42:11.0861 3848        Product type: Workstation

22:42:11.0861 3848        ComputerName: HOME-PC

22:42:11.0862 3848        UserName: xxxxxx

22:42:11.0862 3848        Windows directory: C:\Windows

22:42:11.0862 3848        System windows directory: C:\Windows

22:42:11.0862 3848        Running under WOW64

22:42:11.0862 3848        Processor architecture: Intel x64

22:42:11.0862 3848        Number of processors: 2

22:42:11.0862 3848        Page size: 0x1000

22:42:11.0862 3848        Boot type: Normal boot

22:42:11.0862 3848        ============================================================

22:42:12.0963 3848        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:42:12.0983 3848        \Device\Harddisk0\DR0:

22:42:12.0984 3848        MBR used

22:42:12.0984 3848        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x236D9800

22:42:13.0007 3848        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x236DA03F, BlocksNum 0x1D53682

22:42:13.0052 3848        Initialize success

22:42:13.0052 3848        ============================================================

22:42:57.0101 2456        ============================================================

22:42:57.0101 2456        Scan started

22:42:57.0101 2456        Mode: Manual; SigCheck; TDLFS; 

22:42:57.0101 2456        ============================================================

22:42:57.0464 2456        ACPI            (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

22:42:57.0567 2456        ACPI - ok

22:42:57.0611 2456        adp94xx         (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

22:42:57.0632 2456        adp94xx - ok

22:42:57.0666 2456        adpahci         (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

22:42:57.0684 2456        adpahci - ok

22:42:57.0703 2456        adpu160m        (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

22:42:57.0715 2456        adpu160m - ok

22:42:57.0747 2456        adpu320         (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

22:42:57.0759 2456        adpu320 - ok

22:42:57.0813 2456        AFD             (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys

22:42:57.0921 2456        AFD - ok

22:42:57.0977 2456        agp440          (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

22:42:57.0991 2456        agp440 - ok

22:42:58.0018 2456        aic78xx         (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

22:42:58.0033 2456        aic78xx - ok

22:42:58.0058 2456        aliide          (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

22:42:58.0069 2456        aliide - ok

22:42:58.0091 2456        amdide          (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

22:42:58.0103 2456        amdide - ok

22:42:58.0129 2456        AmdK8           (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

22:42:58.0284 2456        AmdK8 - ok

22:42:58.0397 2456        arc             (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

22:42:58.0407 2456        arc - ok

22:42:58.0453 2456        arcsas          (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

22:42:58.0465 2456        arcsas - ok

22:42:58.0494 2456        AsyncMac        (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

22:42:58.0549 2456        AsyncMac - ok

22:42:58.0584 2456        atapi           (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

22:42:58.0596 2456        atapi - ok

22:42:58.0638 2456        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

22:42:58.0848 2456        avgntflt - ok

22:42:58.0966 2456        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

22:42:58.0976 2456        avipbb - ok

22:42:59.0070 2456        blbdrive        (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

22:42:59.0122 2456        blbdrive - ok

22:42:59.0164 2456        bowser          (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

22:42:59.0230 2456        bowser - ok

22:42:59.0249 2456        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

22:42:59.0358 2456        BrFiltLo - ok

22:42:59.0415 2456        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

22:42:59.0455 2456        BrFiltUp - ok

22:42:59.0476 2456        Brserid         (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

22:42:59.0648 2456        Brserid - ok

22:42:59.0720 2456        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

22:42:59.0793 2456        BrSerWdm - ok

22:42:59.0838 2456        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

22:42:59.0912 2456        BrUsbMdm - ok

22:42:59.0940 2456        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

22:43:00.0004 2456        BrUsbSer - ok

22:43:00.0039 2456        BTHMODEM        (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

22:43:00.0107 2456        BTHMODEM - ok

22:43:00.0143 2456        cdfs            (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

22:43:00.0192 2456        cdfs - ok

22:43:00.0232 2456        cdrom           (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

22:43:00.0281 2456        cdrom - ok

22:43:00.0318 2456        circlass        (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

22:43:00.0365 2456        circlass - ok

22:43:00.0412 2456        CLFS            (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

22:43:00.0430 2456        CLFS - ok

22:43:00.0480 2456        cmdide          (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

22:43:00.0489 2456        cmdide - ok

22:43:00.0547 2456        Compbatt        (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

22:43:00.0556 2456        Compbatt - ok

22:43:00.0584 2456        crcdisk         (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

22:43:00.0595 2456        crcdisk - ok

22:43:00.0640 2456        DfsC            (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

22:43:00.0702 2456        DfsC - ok

22:43:00.0739 2456        disk            (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

22:43:00.0750 2456        disk - ok

22:43:00.0788 2456        drmkaud         (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

22:43:00.0829 2456        drmkaud - ok

22:43:00.0883 2456        dump_wmimmc - ok

22:43:00.0932 2456        DXGKrnl         (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

22:43:00.0983 2456        DXGKrnl - ok

22:43:01.0028 2456        E1G60           (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

22:43:01.0070 2456        E1G60 - ok

22:43:01.0078 2456        EagleX64 - ok

22:43:01.0128 2456        Ecache          (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

22:43:01.0141 2456        Ecache - ok

22:43:01.0219 2456        elxstor         (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

22:43:01.0238 2456        elxstor - ok

22:43:01.0265 2456        ErrDev          (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

22:43:01.0313 2456        ErrDev - ok

22:43:01.0380 2456        exfat           (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

22:43:01.0423 2456        exfat - ok

22:43:01.0455 2456        fastfat         (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

22:43:01.0499 2456        fastfat - ok

22:43:01.0535 2456        fdc             (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

22:43:01.0568 2456        fdc - ok

22:43:01.0590 2456        FileInfo        (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

22:43:01.0602 2456        FileInfo - ok

22:43:01.0633 2456        Filetrace       (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

22:43:01.0686 2456        Filetrace - ok

22:43:01.0711 2456        flpydisk        (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

22:43:01.0741 2456        flpydisk - ok

22:43:01.0780 2456        FltMgr          (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

22:43:01.0796 2456        FltMgr - ok

22:43:01.0825 2456        Fs_Rec          (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys

22:43:01.0877 2456        Fs_Rec - ok

22:43:01.0900 2456        gagp30kx        (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

22:43:01.0913 2456        gagp30kx - ok

22:43:01.0967 2456        HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

22:43:02.0031 2456        HdAudAddService - ok

22:43:02.0067 2456        HDAudBus        (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:43:02.0154 2456        HDAudBus - ok

22:43:02.0195 2456        HidBth          (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

22:43:02.0261 2456        HidBth - ok

22:43:02.0285 2456        HidIr           (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

22:43:02.0356 2456        HidIr - ok

22:43:02.0404 2456        HidUsb          (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

22:43:02.0452 2456        HidUsb - ok

22:43:02.0480 2456        HpCISSs         (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

22:43:02.0490 2456        HpCISSs - ok

22:43:02.0528 2456        HTTP            (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

22:43:02.0615 2456        HTTP - ok

22:43:02.0630 2456        i2omp           (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

22:43:02.0642 2456        i2omp - ok

22:43:02.0662 2456        i8042prt        (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

22:43:02.0686 2456        i8042prt - ok

22:43:02.0715 2456        iaStorV         (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

22:43:02.0730 2456        iaStorV - ok

22:43:02.0776 2456        iirsp           (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

22:43:02.0787 2456        iirsp - ok

22:43:02.0855 2456        IntcAzAudAddService (f9c251a94f76231d9ee946401060eee1) C:\Windows\system32\drivers\RTKVHD64.sys

22:43:02.0942 2456        IntcAzAudAddService - ok

22:43:02.0967 2456        intelide        (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

22:43:02.0978 2456        intelide - ok

22:43:03.0005 2456        intelppm        (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

22:43:03.0057 2456        intelppm - ok

22:43:03.0109 2456        IpFilterDriver  (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:43:03.0149 2456        IpFilterDriver - ok

22:43:03.0162 2456        IpInIp - ok

22:43:03.0192 2456        IPMIDRV         (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

22:43:03.0223 2456        IPMIDRV - ok

22:43:03.0248 2456        IPNAT           (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

22:43:03.0294 2456        IPNAT - ok

22:43:03.0324 2456        IRENUM          (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

22:43:03.0377 2456        IRENUM - ok

22:43:03.0412 2456        isapnp          (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

22:43:03.0423 2456        isapnp - ok

22:43:03.0458 2456        iScsiPrt        (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

22:43:03.0472 2456        iScsiPrt - ok

22:43:03.0501 2456        iteatapi        (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

22:43:03.0511 2456        iteatapi - ok

22:43:03.0539 2456        iteraid         (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

22:43:03.0549 2456        iteraid - ok

22:43:03.0572 2456        kbdclass        (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

22:43:03.0582 2456        kbdclass - ok

22:43:03.0599 2456        kbdhid          (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys

22:43:03.0655 2456        kbdhid - ok

22:43:03.0707 2456        KSecDD          (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys

22:43:03.0745 2456        KSecDD - ok

22:43:03.0781 2456        ksthunk         (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

22:43:03.0836 2456        ksthunk - ok

22:43:03.0897 2456        lltdio          (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

22:43:03.0947 2456        lltdio - ok

22:43:04.0140 2456        LSI_FC          (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

22:43:04.0152 2456        LSI_FC - ok

22:43:04.0194 2456        LSI_SAS         (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

22:43:04.0205 2456        LSI_SAS - ok

22:43:04.0237 2456        LSI_SCSI        (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

22:43:04.0248 2456        LSI_SCSI - ok

22:43:04.0272 2456        luafv           (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

22:43:04.0323 2456        luafv - ok

22:43:04.0366 2456        megasas         (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

22:43:04.0377 2456        megasas - ok

22:43:04.0429 2456        MegaSR          (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

22:43:04.0451 2456        MegaSR - ok

22:43:04.0480 2456        Modem           (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

22:43:04.0530 2456        Modem - ok

22:43:04.0559 2456        monitor         (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

22:43:04.0590 2456        monitor - ok

22:43:04.0606 2456        mouclass        (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

22:43:04.0616 2456        mouclass - ok

22:43:04.0638 2456        mouhid          (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

22:43:04.0693 2456        mouhid - ok

22:43:04.0725 2456        MountMgr        (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

22:43:04.0736 2456        MountMgr - ok

22:43:04.0763 2456        mpio            (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

22:43:04.0773 2456        mpio - ok

22:43:04.0794 2456        mpsdrv          (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

22:43:04.0841 2456        mpsdrv - ok

22:43:04.0872 2456        Mraid35x        (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

22:43:04.0883 2456        Mraid35x - ok

22:43:04.0932 2456        MRxDAV          (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

22:43:04.0981 2456        MRxDAV - ok

22:43:05.0021 2456        mrxsmb          (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:43:05.0046 2456        mrxsmb - ok

22:43:05.0082 2456        mrxsmb10        (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:43:05.0123 2456        mrxsmb10 - ok

22:43:05.0133 2456        mrxsmb20        (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:43:05.0159 2456        mrxsmb20 - ok

22:43:05.0204 2456        msahci          (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys

22:43:05.0216 2456        msahci - ok

22:43:05.0261 2456        msdsm           (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

22:43:05.0272 2456        msdsm - ok

22:43:05.0309 2456        Msfs            (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

22:43:05.0356 2456        Msfs - ok

22:43:05.0384 2456        msisadrv        (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

22:43:05.0395 2456        msisadrv - ok

22:43:05.0430 2456        MSKSSRV         (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

22:43:05.0477 2456        MSKSSRV - ok

22:43:05.0512 2456        MSPCLOCK        (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

22:43:05.0560 2456        MSPCLOCK - ok

22:43:05.0591 2456        MSPQM           (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

22:43:05.0638 2456        MSPQM - ok

22:43:05.0687 2456        MsRPC           (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

22:43:05.0704 2456        MsRPC - ok

22:43:05.0723 2456        mssmbios        (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

22:43:05.0733 2456        mssmbios - ok

22:43:05.0756 2456        MSTEE           (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

22:43:05.0804 2456        MSTEE - ok

22:43:05.0836 2456        Mup             (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

22:43:05.0848 2456        Mup - ok

22:43:05.0928 2456        NativeWifiP     (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

22:43:05.0966 2456        NativeWifiP - ok

22:43:06.0014 2456        NDIS            (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

22:43:06.0050 2456        NDIS - ok

22:43:06.0080 2456        NdisTapi        (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

22:43:06.0122 2456        NdisTapi - ok

22:43:06.0147 2456        Ndisuio         (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

22:43:06.0203 2456        Ndisuio - ok

22:43:06.0238 2456        NdisWan         (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

22:43:06.0288 2456        NdisWan - ok

22:43:06.0320 2456        NDProxy         (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

22:43:06.0359 2456        NDProxy - ok

22:43:06.0389 2456        NetBIOS         (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

22:43:06.0443 2456        NetBIOS - ok

22:43:06.0489 2456        netbt           (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

22:43:06.0541 2456        netbt - ok

22:43:06.0595 2456        nfrd960         (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

22:43:06.0605 2456        nfrd960 - ok

22:43:06.0642 2456        Npfs            (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

22:43:06.0688 2456        Npfs - ok

22:43:06.0700 2456        NPPTNT2 - ok

22:43:06.0757 2456        nsiproxy        (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

22:43:06.0812 2456        nsiproxy - ok

22:43:06.0886 2456        Ntfs            (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

22:43:06.0964 2456        Ntfs - ok

22:43:06.0993 2456        Null            (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

22:43:07.0040 2456        Null - ok

22:43:07.0102 2456        NVENETFD        (e132423e77fdcd11880bab7a8dbac8aa) C:\Windows\system32\DRIVERS\nvmfdx64.sys

22:43:07.0179 2456        NVENETFD - ok

22:43:07.0446 2456        nvlddmkm        (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:43:08.0259 2456        nvlddmkm - ok

22:43:08.0359 2456        nvraid          (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

22:43:08.0370 2456        nvraid - ok

22:43:08.0420 2456        nvstor          (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

22:43:08.0431 2456        nvstor - ok

22:43:08.0470 2456        nv_agp          (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

22:43:08.0482 2456        nv_agp - ok

22:43:08.0498 2456        NwlnkFlt - ok

22:43:08.0513 2456        NwlnkFwd - ok

22:43:08.0550 2456        ohci1394        (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys

22:43:08.0602 2456        ohci1394 - ok

22:43:08.0637 2456        Parport         (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys

22:43:08.0694 2456        Parport - ok

22:43:08.0735 2456        partmgr         (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys

22:43:08.0749 2456        partmgr - ok

22:43:08.0772 2456        pci             (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

22:43:08.0785 2456        pci - ok

22:43:08.0800 2456        pciide          (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

22:43:08.0812 2456        pciide - ok

22:43:08.0849 2456        pcmcia          (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

22:43:08.0861 2456        pcmcia - ok

22:43:08.0897 2456        PEAUTH          (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

22:43:08.0995 2456        PEAUTH - ok

22:43:09.0095 2456        PptpMiniport    (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

22:43:09.0140 2456        PptpMiniport - ok

22:43:09.0186 2456        Processor       (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

22:43:09.0247 2456        Processor - ok

22:43:09.0297 2456        PSched          (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

22:43:09.0323 2456        PSched - ok

22:43:09.0369 2456        ql2300          (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

22:43:09.0441 2456        ql2300 - ok

22:43:09.0466 2456        ql40xx          (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

22:43:09.0478 2456        ql40xx - ok

22:43:09.0521 2456        QWAVEdrv        (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

22:43:09.0561 2456        QWAVEdrv - ok

22:43:09.0573 2456        RasAcd          (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

22:43:09.0622 2456        RasAcd - ok

22:43:09.0671 2456        Rasl2tp         (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:43:09.0714 2456        Rasl2tp - ok

22:43:09.0760 2456        RasPppoe        (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

22:43:09.0801 2456        RasPppoe - ok

22:43:09.0841 2456        RasSstp         (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

22:43:09.0871 2456        RasSstp - ok

22:43:09.0908 2456        rdbss           (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

22:43:09.0960 2456        rdbss - ok

22:43:09.0987 2456        RDPCDD          (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:43:10.0024 2456        RDPCDD - ok

22:43:10.0055 2456        rdpdr           (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys

22:43:10.0110 2456        rdpdr - ok

22:43:10.0139 2456        RDPENCDD        (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

22:43:10.0192 2456        RDPENCDD - ok

22:43:10.0242 2456        RDPWD           (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys

22:43:10.0268 2456        RDPWD - ok

22:43:10.0310 2456        rspndr          (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

22:43:10.0343 2456        rspndr - ok

22:43:10.0367 2456        sbp2port        (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

22:43:10.0380 2456        sbp2port - ok

22:43:10.0453 2456        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:43:10.0525 2456        secdrv - ok

22:43:10.0588 2456        Serenum         (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

22:43:10.0638 2456        Serenum - ok

22:43:10.0663 2456        Serial          (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

22:43:10.0717 2456        Serial - ok

22:43:10.0755 2456        sermouse        (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

22:43:10.0814 2456        sermouse - ok

22:43:10.0875 2456        sffdisk         (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

22:43:10.0931 2456        sffdisk - ok

22:43:10.0960 2456        sffp_mmc        (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

22:43:11.0019 2456        sffp_mmc - ok

22:43:11.0050 2456        sffp_sd         (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

22:43:11.0105 2456        sffp_sd - ok

22:43:11.0129 2456        sfloppy         (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

22:43:11.0184 2456        sfloppy - ok

22:43:11.0285 2456        SiSRaid2        (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

22:43:11.0295 2456        SiSRaid2 - ok

22:43:11.0326 2456        SiSRaid4        (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

22:43:11.0345 2456        SiSRaid4 - ok

22:43:11.0423 2456        Smb             (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

22:43:11.0485 2456        Smb - ok

22:43:11.0559 2456        spldr           (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

22:43:11.0571 2456        spldr - ok

22:43:11.0858 2456        srv             (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

22:43:11.0942 2456        srv - ok

22:43:12.0350 2456        srv2            (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

22:43:12.0410 2456        srv2 - ok

22:43:12.0524 2456        srvnet          (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

22:43:12.0539 2456        srvnet - ok

22:43:12.0591 2456        swenum          (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

22:43:12.0603 2456        swenum - ok

22:43:12.0643 2456        Symc8xx         (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

22:43:12.0654 2456        Symc8xx - ok

22:43:12.0681 2456        Sym_hi          (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

22:43:12.0694 2456        Sym_hi - ok

22:43:12.0713 2456        Sym_u3          (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

22:43:12.0725 2456        Sym_u3 - ok

22:43:12.0809 2456        Tcpip           (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys

22:43:12.0885 2456        Tcpip - ok

22:43:12.0931 2456        Tcpip6          (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys

22:43:12.0993 2456        Tcpip6 - ok

22:43:13.0027 2456        tcpipreg        (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

22:43:13.0081 2456        tcpipreg - ok

22:43:13.0107 2456        TDPIPE          (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

22:43:13.0158 2456        TDPIPE - ok

22:43:13.0182 2456        TDTCP           (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

22:43:13.0234 2456        TDTCP - ok

22:43:13.0285 2456        tdx             (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

22:43:13.0339 2456        tdx - ok

22:43:13.0384 2456        TermDD          (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

22:43:13.0400 2456        TermDD - ok

22:43:13.0517 2456        tssecsrv        (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:43:13.0570 2456        tssecsrv - ok

22:43:13.0637 2456        TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys

22:43:13.0646 2456        TuneUpUtilitiesDrv - ok

22:43:13.0698 2456        tunmp           (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

22:43:13.0739 2456        tunmp - ok

22:43:13.0769 2456        tunnel          (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys

22:43:13.0810 2456        tunnel - ok

22:43:13.0832 2456        uagp35          (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

22:43:13.0844 2456        uagp35 - ok

22:43:13.0883 2456        udfs            (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

22:43:13.0933 2456        udfs - ok

22:43:13.0974 2456        uliagpkx        (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

22:43:13.0984 2456        uliagpkx - ok

22:43:14.0013 2456        uliahci         (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

22:43:14.0028 2456        uliahci - ok

22:43:14.0049 2456        UlSata          (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

22:43:14.0062 2456        UlSata - ok

22:43:14.0088 2456        ulsata2         (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

22:43:14.0103 2456        ulsata2 - ok

22:43:14.0125 2456        umbus           (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

22:43:14.0156 2456        umbus - ok

22:43:14.0208 2456        usbccgp         (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

22:43:14.0244 2456        usbccgp - ok

22:43:14.0412 2456        usbcir          (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

22:43:14.0478 2456        usbcir - ok

22:43:14.0516 2456        usbehci         (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

22:43:14.0565 2456        usbehci - ok

22:43:14.0597 2456        usbhub          (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

22:43:14.0647 2456        usbhub - ok

22:43:14.0679 2456        usbohci         (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys

22:43:14.0724 2456        usbohci - ok

22:43:14.0768 2456        usbprint        (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

22:43:14.0800 2456        usbprint - ok

22:43:14.0841 2456        usbscan         (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

22:43:14.0873 2456        usbscan - ok

22:43:14.0898 2456        USBSTOR         (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:43:14.0923 2456        USBSTOR - ok

22:43:14.0954 2456        usbuhci         (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

22:43:14.0999 2456        usbuhci - ok

22:43:15.0045 2456        vga             (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

22:43:15.0097 2456        vga - ok

22:43:15.0122 2456        VgaSave         (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

22:43:15.0175 2456        VgaSave - ok

22:43:15.0206 2456        viaide          (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

22:43:15.0216 2456        viaide - ok

22:43:15.0242 2456        volmgr          (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

22:43:15.0254 2456        volmgr - ok

22:43:15.0293 2456        volmgrx         (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

22:43:15.0312 2456        volmgrx - ok

22:43:15.0333 2456        volsnap         (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

22:43:15.0354 2456        volsnap - ok

22:43:15.0375 2456        vsmraid         (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

22:43:15.0387 2456        vsmraid - ok

22:43:15.0417 2456        WacomPen        (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

22:43:15.0486 2456        WacomPen - ok

22:43:15.0523 2456        Wanarp          (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

22:43:15.0569 2456        Wanarp - ok

22:43:15.0575 2456        Wanarpv6        (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

22:43:15.0603 2456        Wanarpv6 - ok

22:43:15.0634 2456        Wd              (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

22:43:15.0650 2456        Wd - ok

22:43:15.0697 2456        Wdf01000        (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

22:43:15.0741 2456        Wdf01000 - ok

22:43:15.0865 2456        WmiAcpi         (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys

22:43:15.0904 2456        WmiAcpi - ok

22:43:15.0962 2456        ws2ifsl         (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

22:43:16.0011 2456        ws2ifsl - ok

22:43:16.0063 2456        WUDFRd          (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:43:16.0096 2456        WUDFRd - ok

22:43:16.0135 2456        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

22:43:16.0274 2456        \Device\Harddisk0\DR0 - ok

22:43:16.0279 2456        Boot (0x1200)   (641c5de7720416d95b50aae721a89aa3) \Device\Harddisk0\DR0\Partition0

22:43:16.0280 2456        \Device\Harddisk0\DR0\Partition0 - ok

22:43:16.0305 2456        Boot (0x1200)   (70aad6f692094ec246c33c3eae269898) \Device\Harddisk0\DR0\Partition1

22:43:16.0305 2456        \Device\Harddisk0\DR0\Partition1 - ok

22:43:16.0306 2456        ============================================================

22:43:16.0306 2456        Scan finished

22:43:16.0306 2456        ============================================================

22:43:16.0331 0628        Detected object count: 0

22:43:16.0331 0628        Actual detected object count: 0

mfg Rainstorm

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.