Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Internet Explorer öffnet unaufgefordert Werbung (https://www.trojaner-board.de/91560-internet-explorer-oeffnet-unaufgefordert-werbung.html)

knutfh 07.10.2010 17:44
Internet Explorer öffnet unaufgefordert Werbung
 
Hallo,

Mein Internet Explorer (den ich nicht als Standardbrowser aktiviert habe) öffnet von Zeit zu Zeit immer wieder neue Werbefenster. Habe schonmal AntiVir über mein System laufen lassen aber dadurch hat sich das Problem nicht lösen lassen. Ein weiteres Problem ist, dass sich die CPU-Auslastung meines Laptops um ca. 10% erhöht hat (beim "Nichtstun")
Habe natürlich schon gegooglet usw. aber habe das Gefühl, dass dieses Problem ziemlich individuell von der Logfile abhängt.
Würde meine Logfile auch gerne posten wenn mir kurz jemand erklären würde mit welchem Programm das funktioniert usw.
Ist mein Windows noch zu retten?
Vielen Dank im Voraus,

Knut

markusg 07.10.2010 18:45
ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten

knutfh 07.10.2010 19:21
Okay, Danke schonmal! Hier sind die beiden Dateien:

OTL Logfile:
Code:
OTL Extras logfile created on: 07.10.2010 19:49:53 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\***\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,01 Gb Total Space | 19,42 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 90,71 Gb Total Space | 1,45 Gb Free Space | 1,60% Space Free | Partition Type: HFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2B7054B-EC2E-4E96-8666-FD6ED77678B2}" = Boot Camp-Dienste
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"01D845C666B4FC04566E16B923F638B2A404807C" = Windows-Treiberpaket - Intel Net  (11/07/2007 8.10.1.0)
"0CB233C04CEB3FB45CEDFFEA9146B77B4B783FDA" = Windows-Treiberpaket - Intel Net  (06/13/2008 9.52.9.0)
"1864DCF02A292C57953B91D537026F4F1CA60D91" = Windows-Treiberpaket - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)
"269C8F82CDD61B0400CE8D6768EC084C59C63079" = Windows-Treiberpaket - Intel Net  (02/06/2008 9.12.18.0)
"294FF9FB7AF744F64B12EC12F83D8661CD9AD532" = Windows-Treiberpaket - Intel (e1express) Net  (02/06/2008 9.12.17.0)
"2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"3A8900CC8E77F2BF2269FEFF364561BDF86B9F27" = Windows-Treiberpaket - Intel (E1G60) Net  (01/08/2008 8.3.9.0)
"5CC5D940D9F4B779FAAF12E7F75A212618ABEB7D" = Windows-Treiberpaket - Intel Net  (08/05/2008 10.3.49.0)
"5F644CE2A56EE4D17B3AAE682066E516DCF7BEB3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"618BD83C189013D12612FDA77CC932F0A42D3EFD" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
"67AC3877F6F0F5CAD2A6F4E10A825DE338B48404" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
"70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows-Treiberpaket - Broadcom (BCM43XX) Net  (10/22/2008 5.10.38.26)
"76830D11874044260C923425E7F5A72F25EDA758" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/02/2010 6.6001.1.21)
"7F0B4363C39DDEBAAB5F04EE7FB7B2DD0D8B60B1" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
"831BF8DFEC5520D988361807D534A2041AE4AAB3" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"91F52A595A7B2112937CED490A8C682CD03F945E" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A81BD2D80645E49BC704289A78504CD085287F10" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"AB15AB4CCF6B85925973ED9DB360D8BAAB10690C" = Windows-Treiberpaket - Broadcom (b57nd60a) Net  (05/28/2009 12.2.0.3)
"B3F27F12C500003EFE44A668CE685DE4B46A735C" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"B5F4B8404EB7E69E8CEC89A0B5970B2316C68AB0" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"BC8A2C86B6012DE19263F42B9F3D35763A712328" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (01/19/2009 2.1.2.1)
"C6EE9CD0ED6B98A9727DEE7DA213859B639F3FD6" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"C840EA8E99FB237CC57769BB041F070E4F370C32" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.10.3.9)
"C9952C95B4A2ACCCBC684FC6E8182A3210DEDC13" = Windows-Treiberpaket - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)
"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows-Treiberpaket - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3)
"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"D6E8EA419C953B3514051D715F98B377B0D6FD70" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (11/23/2009 3.0.0.4)
"D701F1A58CF3028E88DA512D1423EC3DD6D7BE86" = Windows-Treiberpaket - Intel Net  (07/22/2008 10.3.45.0)
"DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (04/29/2009 6.6001.1.8)
"E073A3AB46FE59FEF6E150EFD33F2B484BBBAD2C" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0)
"E43E2A40D22886250D739AEE91E9C7E9ABDD52DA" = Windows-Treiberpaket - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)
"E5AEAAF07505D71E430CCA10496FAE61597B81A2" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows-Treiberpaket - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)
"F5E7472CCD6B3C1A568AEE4486C4BA0813A7D7AC" = Windows-Treiberpaket - Apple Inc. System  (08/22/2008 2.1.1.1)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"ICQToolbar" = ICQ Toolbar
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"StarCraft II" = StarCraft II
"Uninstall_is1" = Uninstall 1.0.0.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2010 07:19:33 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Videodeluxe.exe, Version 10.0.1.14 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: fa4    Startzeit: 01cb62ecabdfa620    Endzeit: 121    Anwendungspfad:
C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\Videodeluxe.exe

Berichts-ID:
 
 
Error - 03.10.2010 19:01:47 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Videodeluxe.exe, Version 10.0.1.14 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: f28    Startzeit: 01cb63394afd9ea0    Endzeit: 343    Anwendungspfad:
C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\Videodeluxe.exe

Berichts-ID:
 
 
Error - 03.10.2010 20:14:17 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 86c    Startzeit: 01cb6309149e47e0    Endzeit: 1872    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: 4babdfcd-cf4c-11df-a3a9-002608d45dd2 
 
Error - 06.10.2010 16:31:55 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b802  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004cf54
ID
 des fehlerhaften Prozesses: 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01cb657577924220
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: c21074a0-d188-11df-9c7b-002608d45dd2
 
Error - 06.10.2010 16:32:23 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.7600.16475,
 Zeitstempel: 0x4b162d87  Ausnahmecode: 0xc000041d  Fehleroffset: 0x000000000001cef3
ID
 des fehlerhaften Prozesses: 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01cb657577924220
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\System32\jscript.dll  Berichtskennung: d2cd1fa0-d188-11df-9c7b-002608d45dd2
 
Error - 07.10.2010 11:24:30 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Yjipia.exe, Version: 1.0.0.1, Zeitstempel:
 0x4c98c673  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5bdb3b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00016c64  ID des fehlerhaften Prozesses:
 0x990c  Startzeit der fehlerhaften Anwendung: 0x01cb6633bb76cf10  Pfad der fehlerhaften
 Anwendung: C:\Windows\Yjipia.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll
Berichtskennung:
 fa6f7190-d226-11df-bb9a-002608d45dd2
 
Error - 07.10.2010 11:50:52 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll".  Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.10.2010 11:50:52 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll".  Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.10.2010 11:50:52 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll".  Die abhängige
 Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.10.2010 11:50:52 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll".  Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 07.10.2010 12:09:18 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:19 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:19 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:19 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:19 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:46 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:46 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:46 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:46 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:25:47 | Computer Name = *** | Source = VDS Basic Provider | ID = 33554433
Description =
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 07.10.2010 19:49:53 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\***\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,01 Gb Total Space | 19,42 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 90,71 Gb Total Space | 1,45 Gb Free Space | 1,60% Space Free | Partition Type: HFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\***~1\DOWNLO~1\Look2Me-Destroyer.exe (Atribune.org)
PRC - C:\Users\***\AppData\Local\Temp\Yql.exe (Simon Tatham)
PRC - C:\Windows\Yjipia.exe (Simon Tatham)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppleOSSMgr) -- C:\Windows\SysNative\AppleOSSMgr.exe ()
SRV:64bit: - (AppleTimeSrv) -- C:\Windows\SysNative\AppleTimeSrv.exe (Apple Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_062a651.dll ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MacHALDriver) -- C:\Windows\SysNative\drivers\MacHALDriver.sys (Apple Inc.)
DRV:64bit: - (KeyAgent) -- C:\Windows\SysNative\drivers\KeyAgent.sys (Apple Inc.)
DRV:64bit: - (CirrusFilter) -- C:\Windows\SysNative\drivers\CS420x64.sys (Cirrus Logic)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (applemtp) -- C:\Windows\SysNative\drivers\applemtp.sys (Apple Inc.)
DRV:64bit: - (applemtm) -- C:\Windows\SysNative\drivers\applemtm.sys (Apple Inc.)
DRV:64bit: - (IRRemoteFlt) -- C:\Windows\SysNative\drivers\IRFilter.sys (Apple Inc.)
DRV:64bit: - (KeyMagic) -- C:\Windows\SysNative\drivers\KeyMagic.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
 
 
 
 
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 EE 5A 7F 2E 49 CB 01  [binary data]
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.28 11:37:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.22 17:37:43 | 000,000,000 | ---D | M]
 
[2010.09.03 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.06 20:43:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1bmlbslk.default\extensions
[2010.09.22 23:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1bmlbslk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.06 20:43:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.23 20:58:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.05 20:48:56 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe (MAGIX AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [fheydbueyj.exe] C:\fheydbueyj.exe\fheydbueyj.exe ()
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [KOO9RV9K4Z] C:\Users\***\AppData\Local\Temp\Yql.exe (Simon Tatham)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [Metropolis] C:\Windows\SysWow64\sshnas21.DLL (Simon Tatham)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [SMH2B46TDP] C:\Windows\Yjipia.exe (Simon Tatham)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2511345-b511-11df-b6a4-002608d45dd2}\Shell - "" = AutoRun
O33 - MountPoints2\{d2511345-b511-11df-b6a4-002608d45dd2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.07 16:24:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DBControl
[2010.10.07 01:19:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.10.07 00:01:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.10.06 23:57:26 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.10.06 23:57:26 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.06 23:57:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.10.06 23:57:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.10.06 23:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.06 23:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.10.06 23:51:44 | 000,241,664 | ---- | C] (Simon Tatham) -- C:\Windows\Yjipia.exe
[2010.10.06 23:51:32 | 000,284,160 | ---- | C] (Simon Tatham) -- C:\Windows\SysWow64\sshnas21.dll
[2010.10.06 18:36:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA
[2010.10.06 16:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.10.06 16:56:57 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.10.06 16:55:22 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.10.06 16:55:22 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.10.06 16:55:22 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.10.06 16:55:22 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.10.06 16:55:20 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.10.06 16:55:20 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.10.06 16:55:20 | 000,382,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010.10.06 16:55:20 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010.10.06 16:55:18 | 012,471,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.10.06 16:55:18 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.10.06 16:55:18 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.10.06 16:55:18 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.10.06 16:55:16 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.10.06 16:55:16 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.10.06 16:55:16 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.10.06 16:55:16 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.10.06 16:55:14 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.10.06 16:55:14 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.10.06 16:55:14 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010.10.06 16:55:14 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.10.06 16:55:09 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.10.06 16:47:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.10.06 16:45:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2010.10.06 16:45:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PACE Anti-Piracy
[2010.10.06 16:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010.10.06 16:45:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PACE Anti-Piracy
[2010.10.06 16:45:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Adobe
[2010.10.06 16:36:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010.10.06 16:30:48 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010.10.06 16:30:48 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010.10.06 16:30:48 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010.10.06 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010.10.06 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010.10.06 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010.10.06 16:29:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.10.06 02:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010.10.03 12:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010.10.03 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.10.03 12:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010.09.30 03:02:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010.09.29 13:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010.09.28 13:14:14 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Screenshare
[2010.09.28 13:14:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\3D_Maker_embeded
[2010.09.28 13:13:30 | 000,909,312 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2010.09.28 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Speed2_burnR_mxcdr
[2010.09.28 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xara
[2010.09.28 13:12:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2010.09.28 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Video_deluxe_16_Plus_Download-Version
[2010.09.28 13:11:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2010.09.28 13:10:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.09.28 12:10:14 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_MusicEditor
[2010.09.28 12:10:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Xara
[2010.09.28 12:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2010.09.28 01:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Youtube
[2010.09.26 15:47:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Adobe Scripts
[2010.09.26 15:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.09.25 19:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No23 Recorder
[2010.09.24 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.09.23 21:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.09.23 20:59:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\skypePM
[2010.09.23 20:59:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2010.09.23 20:58:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2010.09.23 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.09.23 20:58:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.09.23 20:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.09.23 20:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.09.23 02:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2010.09.22 23:29:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.22 23:29:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.09.22 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.09.22 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.09.22 17:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.09.22 17:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.09.22 17:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.09.22 15:17:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX
[2010.09.22 15:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2010.09.22 15:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2010.09.22 15:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2010.09.22 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX Downloads
[2010.09.22 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.09.18 11:39:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2010.09.15 03:01:03 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.09.13 18:28:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ
[2010.09.09 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PokerStars
[2010.09.09 01:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2010.09.08 16:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.08 16:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.09.08 16:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.09.08 16:34:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.07 19:54:00 | 001,835,008 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.10.07 19:51:03 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.10.07 19:25:03 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.07 18:22:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.10.07 18:15:49 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.07 18:15:49 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.07 18:13:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.07 18:13:45 | 000,645,740 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.07 18:13:45 | 000,607,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.07 18:13:45 | 000,127,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.07 18:13:45 | 000,104,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.07 18:07:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.07 18:07:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.07 18:06:10 | 003,523,841 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.10.07 12:29:38 | 004,903,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.06 23:57:36 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.06 23:55:32 | 000,097,768 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.10.06 23:51:35 | 000,241,664 | ---- | M] (Simon Tatham) -- C:\Windows\Yjipia.exe
[2010.10.06 23:51:32 | 000,284,160 | ---- | M] (Simon Tatham) -- C:\Windows\SysWow64\sshnas21.dll
[2010.10.06 23:47:09 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 17 Premium Download-Version.lnk
[2010.10.06 16:45:54 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010.10.03 12:29:12 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.10.02 20:18:44 | 000,000,540 | ---- | M] () -- C:\Windows\win.ini
[2010.10.02 18:32:51 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.09.28 01:19:43 | 000,001,251 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.25 19:09:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2010.09.23 20:59:59 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.23 20:58:34 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.09.22 17:37:36 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.13 14:45:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.09.08 16:36:56 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2010.10.07 18:21:37 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.10.07 18:08:03 | 000,000,254 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.10.07 16:24:58 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\googleupdate.log
[2010.10.06 23:57:36 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.06 23:51:40 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.06 23:47:09 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 17 Premium Download-Version.lnk
[2010.10.06 16:55:22 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.10.06 16:45:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010.10.03 12:29:12 | 000,828,912 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.09.26 16:02:43 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.09.25 19:09:40 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2010.09.23 20:59:59 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.23 20:58:34 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.09.22 23:29:34 | 000,001,251 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 17:37:36 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.13 14:45:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.09.08 16:36:56 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2010.10.03 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.09.28 01:19:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.07 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.10.01 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.10.06 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2010.10.06 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.10.07 18:22:00 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009.07.14 07:08:49 | 000,027,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.10.07 19:25:03 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.07 19:51:03 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.06 22:42:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.10.07 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.10.03 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.09.28 01:19:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.07 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.08.31 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.09.03 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.10.01 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010.10.06 16:30:54 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.09.03 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.10.06 18:36:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2010.10.06 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2010.09.28 20:03:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2010.09.28 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.10.06 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.09.28 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.06 16:30:54 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.01.12 21:42:09 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.01.12 21:42:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.01.12 21:42:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.01.12 21:42:09 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID
@Alternate Data Stream - 1169 bytes -> C:\Users\***\AppData\Local\Temp:5IIMUXfBhhUjROjpsJEalTofz
@Alternate Data Stream - 1156 bytes -> C:\ProgramData\Microsoft:8QoTfzl9YuCmjnpbq4ud2
@Alternate Data Stream - 1007 bytes -> C:\ProgramData\Microsoft:LREacIsglgcatLLTyX7yKyG
< End of report >
--- --- ---

knutfh 07.10.2010 19:24
okay, werd ich dann mal machen...

knutfh 07.10.2010 19:25
irgendwie konnte ich grad nicht antworten?!

knutfh 07.10.2010 19:30
OTL Logfile:
Code:
OTL Extras logfile created on: 07.10.2010 19:49:53 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\***\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,01 Gb Total Space | 19,42 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 90,71 Gb Total Space | 1,45 Gb Free Space | 1,60% Space Free | Partition Type: HFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant *S-1-5-32-544:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B2B7054B-EC2E-4E96-8666-FD6ED77678B2}" = Boot Camp-Dienste
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"01D845C666B4FC04566E16B923F638B2A404807C" = Windows-Treiberpaket - Intel Net  (11/07/2007 8.10.1.0)
"0CB233C04CEB3FB45CEDFFEA9146B77B4B783FDA" = Windows-Treiberpaket - Intel Net  (06/13/2008 9.52.9.0)
"1864DCF02A292C57953B91D537026F4F1CA60D91" = Windows-Treiberpaket - Intel (e1kexpress) Net  (07/22/2008 10.3.45.0)
"269C8F82CDD61B0400CE8D6768EC084C59C63079" = Windows-Treiberpaket - Intel Net  (02/06/2008 9.12.18.0)
"294FF9FB7AF744F64B12EC12F83D8661CD9AD532" = Windows-Treiberpaket - Intel (e1express) Net  (02/06/2008 9.12.17.0)
"2CD6536AAFFF9B465A871060CF483EC9F3341D29" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1)
"3A8900CC8E77F2BF2269FEFF364561BDF86B9F27" = Windows-Treiberpaket - Intel (E1G60) Net  (01/08/2008 8.3.9.0)
"5CC5D940D9F4B779FAAF12E7F75A212618ABEB7D" = Windows-Treiberpaket - Intel Net  (08/05/2008 10.3.49.0)
"5F644CE2A56EE4D17B3AAE682066E516DCF7BEB3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112)
"618BD83C189013D12612FDA77CC932F0A42D3EFD" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0)
"67AC3877F6F0F5CAD2A6F4E10A825DE338B48404" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0)
"70C7CBB0824BF74552A2F28F5FFBF62A15053DA8" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0)
"75B57AFB407D191B0DAEF05EE9665A5A86701A9A" = Windows-Treiberpaket - Broadcom (BCM43XX) Net  (10/22/2008 5.10.38.26)
"76830D11874044260C923425E7F5A72F25EDA758" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1)
"7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (01/02/2010 6.6001.1.21)
"7F0B4363C39DDEBAAB5F04EE7FB7B2DD0D8B60B1" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0)
"831BF8DFEC5520D988361807D534A2041AE4AAB3" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0)
"91F52A595A7B2112937CED490A8C682CD03F945E" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2)
"A0A897639A1D288A8B472FE790EBF9DB71E52ACF" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1)
"A81BD2D80645E49BC704289A78504CD085287F10" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112)
"AB15AB4CCF6B85925973ED9DB360D8BAAB10690C" = Windows-Treiberpaket - Broadcom (b57nd60a) Net  (05/28/2009 12.2.0.3)
"B3F27F12C500003EFE44A668CE685DE4B46A735C" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6)
"B5F4B8404EB7E69E8CEC89A0B5970B2316C68AB0" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0)
"BC8A2C86B6012DE19263F42B9F3D35763A712328" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (01/19/2009 2.1.2.1)
"C6EE9CD0ED6B98A9727DEE7DA213859B639F3FD6" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1)
"C840EA8E99FB237CC57769BB041F070E4F370C32" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net  (01/11/2008 3.10.3.9)
"C9952C95B4A2ACCCBC684FC6E8182A3210DEDC13" = Windows-Treiberpaket - Intel (e1qexpress) Net  (08/05/2008 10.3.49.0)
"CDD703ED0B390A5643DB748EBFA5BD55FEEC0D8A" = Windows-Treiberpaket - Marvell (yukonx64) Net  (12/06/2007 10.51.1.3)
"D5BB697E7D0C75712F3AD00AB1B85412CB5C0FD3" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0)
"D6E8EA419C953B3514051D715F98B377B0D6FD70" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth (11/23/2009 3.0.0.4)
"D701F1A58CF3028E88DA512D1423EC3DD6D7BE86" = Windows-Treiberpaket - Intel Net  (07/22/2008 10.3.45.0)
"DCEFA559AE3275AB4F80389685E1BD3D978A5707" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA  (04/29/2009 6.6001.1.8)
"E073A3AB46FE59FEF6E150EFD33F2B484BBBAD2C" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0)
"E0EAD0CEA9119B77350ED4DE28D9A82E57014D94" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0)
"E2708073906571A0B56F17FD825EF19281ECE29B" = Windows-Treiberpaket - Intel System  (07/20/2007 1.2.76.0)
"E43E2A40D22886250D739AEE91E9C7E9ABDD52DA" = Windows-Treiberpaket - Intel (e1yexpress) Net  (07/16/2008 9.52.10.0)
"E5AEAAF07505D71E430CCA10496FAE61597B81A2" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net  (11/18/2009 8.0.0.258)
"E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows-Treiberpaket - Broadcom (BCM43XX) Net  (08/21/2009 5.60.18.8)
"F5E7472CCD6B3C1A568AEE4486C4BA0813A7D7AC" = Windows-Treiberpaket - Apple Inc. System  (08/22/2008 2.1.1.1)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{494420A9-5F25-457B-9BBF-228E6A73B94B}" = MAGIX Speed burnR (MSI)
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6DED41BC-C9EF-4330-B4E5-46CB2C5C6E2D}" = No23 Recorder
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EF276E0-1D97-4B9D-BB29-013165F567CA}" = MAGIX Video deluxe 17 Premium Download-Version
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{BC41C09D-FAA9-4346-9FE6-1E0017BC551A}" = Adobe Flash Player 10 Plugin
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAD6325D-55CF-4D30-9DB9-2ADFE02D0777}" = MAGIX Screenshare
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.9
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"ICQToolbar" = ICQ Toolbar
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX_MSI_Videodeluxe17_premium" = MAGIX Video deluxe 17 Premium Download-Version
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"StarCraft II" = StarCraft II
"Uninstall_is1" = Uninstall 1.0.0.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.10.2010 07:19:33 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Videodeluxe.exe, Version 10.0.1.14 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: fa4    Startzeit: 01cb62ecabdfa620    Endzeit: 121    Anwendungspfad:
C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\Videodeluxe.exe

Berichts-ID:
 
 
Error - 03.10.2010 19:01:47 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Videodeluxe.exe, Version 10.0.1.14 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in
 der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen.    Prozess-ID: f28    Startzeit: 01cb63394afd9ea0    Endzeit: 343    Anwendungspfad:
C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\Videodeluxe.exe

Berichts-ID:
 
 
Error - 03.10.2010 20:14:17 | Computer Name = *** | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7600.16450 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 86c    Startzeit: 01cb6309149e47e0    Endzeit: 1872    Anwendungspfad:
 C:\Windows\Explorer.EXE    Berichts-ID: 4babdfcd-cf4c-11df-a3a9-002608d45dd2 
 
Error - 06.10.2010 16:31:55 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559,
 Zeitstempel: 0x4ba9b802  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000004cf54
ID
 des fehlerhaften Prozesses: 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01cb657577924220
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: c21074a0-d188-11df-9c7b-002608d45dd2
 
Error - 06.10.2010 16:32:23 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmprph.exe, Version: 12.0.7600.16385,
 Zeitstempel: 0x4a5bd018  Name des fehlerhaften Moduls: jscript.dll, Version: 5.8.7600.16475,
 Zeitstempel: 0x4b162d87  Ausnahmecode: 0xc000041d  Fehleroffset: 0x000000000001cef3
ID
 des fehlerhaften Prozesses: 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01cb657577924220
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmprph.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\System32\jscript.dll  Berichtskennung: d2cd1fa0-d188-11df-9c7b-002608d45dd2
 
Error - 07.10.2010 11:24:30 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Yjipia.exe, Version: 1.0.0.1, Zeitstempel:
 0x4c98c673  Name des fehlerhaften Moduls: RPCRT4.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5bdb3b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00016c64  ID des fehlerhaften Prozesses:
 0x990c  Startzeit der fehlerhaften Anwendung: 0x01cb6633bb76cf10  Pfad der fehlerhaften
 Anwendung: C:\Windows\Yjipia.exe  Pfad des fehlerhaften Moduls: C:\Windows\syswow64\RPCRT4.dll
Berichtskennung:
 fa6f7190-d226-11df-bb9a-002608d45dd2
 
Error - 07.10.2010 11:50:52 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll".  Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.10.2010 11:50:52 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll".  Die
 abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.10.2010 11:50:52 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll".  Die abhängige
 Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.10.2010 11:50:52 | Computer Name = *** | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\common files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll".  Die
abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 07.10.2010 12:09:18 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:19 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:19 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:19 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:19 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:46 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:46 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:46 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:09:46 | Computer Name = *** | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus
 lautet: 10.
 
Error - 07.10.2010 12:25:47 | Computer Name = *** | Source = VDS Basic Provider | ID = 33554433
Description =
 
 
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 07.10.2010 19:49:53 - Run 1
OTL by OldTimer - Version 3.2.14.1    Folder = C:\Users\***\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free
3,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,01 Gb Total Space | 19,42 Gb Free Space | 33,47% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 90,71 Gb Total Space | 1,45 Gb Free Space | 1,60% Space Free | Partition Type: HFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\NILSRE~1\DOWNLO~1\Look2Me-Destroyer.exe (Atribune.org)
PRC - C:\Users\***\AppData\Local\Temp\Yql.exe (Simon Tatham)
PRC - C:\Windows\Yjipia.exe (Simon Tatham)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AppleOSSMgr) -- C:\Windows\SysNative\AppleOSSMgr.exe ()
SRV:64bit: - (AppleTimeSrv) -- C:\Windows\SysNative\AppleTimeSrv.exe (Apple Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_062a651.dll ()
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (MacHALDriver) -- C:\Windows\SysNative\drivers\MacHALDriver.sys (Apple Inc.)
DRV:64bit: - (KeyAgent) -- C:\Windows\SysNative\drivers\KeyAgent.sys (Apple Inc.)
DRV:64bit: - (CirrusFilter) -- C:\Windows\SysNative\drivers\CS420x64.sys (Cirrus Logic)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (applemtp) -- C:\Windows\SysNative\drivers\applemtp.sys (Apple Inc.)
DRV:64bit: - (applemtm) -- C:\Windows\SysNative\drivers\applemtm.sys (Apple Inc.)
DRV:64bit: - (IRRemoteFlt) -- C:\Windows\SysNative\drivers\IRFilter.sys (Apple Inc.)
DRV:64bit: - (KeyMagic) -- C:\Windows\SysNative\drivers\KeyMagic.sys (Apple Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
 
 
 
 
 
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 EE 5A 7F 2E 49 CB 01  [binary data]
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.09.28 11:37:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.09.22 17:37:43 | 000,000,000 | ---D | M]
 
[2010.09.03 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.10.06 20:43:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1bmlbslk.default\extensions
[2010.09.22 23:29:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1bmlbslk.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.10.06 20:43:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.09.23 20:58:50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.05 20:48:56 | 000,000,852 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Video_deluxe_17_Premium_Download-Version\TrayServer.exe (MAGIX AG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [fheydbueyj.exe] C:\fheydbueyj.exe\fheydbueyj.exe ()
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [KOO9RV9K4Z] C:\Users\***\AppData\Local\Temp\Yql.exe (Simon Tatham)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [Metropolis] C:\Windows\SysWow64\sshnas21.DLL (Simon Tatham)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [SMH2B46TDP] C:\Windows\Yjipia.exe (Simon Tatham)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d2511345-b511-11df-b6a4-002608d45dd2}\Shell - "" = AutoRun
O33 - MountPoints2\{d2511345-b511-11df-b6a4-002608d45dd2}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.07 16:24:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\DBControl
[2010.10.07 01:19:16 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.10.07 00:01:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.10.06 23:57:26 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.10.06 23:57:26 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.06 23:57:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.10.06 23:57:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.10.06 23:57:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.06 23:57:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.10.06 23:51:44 | 000,241,664 | ---- | C] (Simon Tatham) -- C:\Windows\Yjipia.exe
[2010.10.06 23:51:32 | 000,284,160 | ---- | C] (Simon Tatham) -- C:\Windows\SysWow64\sshnas21.dll
[2010.10.06 18:36:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA
[2010.10.06 16:57:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2010.10.06 16:56:57 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.10.06 16:55:22 | 005,107,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2010.10.06 16:55:22 | 000,065,128 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2010.10.06 16:55:22 | 000,056,936 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2010.10.06 16:55:22 | 000,011,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvBridge.kmd
[2010.10.06 16:55:20 | 019,114,088 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2010.10.06 16:55:20 | 014,092,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2010.10.06 16:55:20 | 000,382,568 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2010.10.06 16:55:20 | 000,314,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2010.10.06 16:55:18 | 012,471,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2010.10.06 16:55:18 | 003,089,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2010.10.06 16:55:18 | 002,892,904 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2010.10.06 16:55:18 | 002,761,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2010.10.06 16:55:16 | 010,267,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2010.10.06 16:55:16 | 006,116,968 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2010.10.06 16:55:16 | 004,553,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2010.10.06 16:55:16 | 002,506,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2010.10.06 16:55:14 | 014,513,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2010.10.06 16:55:14 | 001,625,192 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2010.10.06 16:55:14 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod1922.dll
[2010.10.06 16:55:14 | 000,260,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcod.dll
[2010.10.06 16:55:09 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010.10.06 16:47:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.10.06 16:45:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2010.10.06 16:45:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PACE Anti-Piracy
[2010.10.06 16:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2010.10.06 16:45:53 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\PACE Anti-Piracy
[2010.10.06 16:45:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Adobe
[2010.10.06 16:36:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2010.10.06 16:30:48 | 000,055,280 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2010.10.06 16:30:48 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2010.10.06 16:30:48 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2010.10.06 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2010.10.06 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2010.10.06 16:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2010.10.06 16:29:46 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.10.06 02:17:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2010.10.03 12:28:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Pro
[2010.10.03 12:28:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.10.03 12:28:12 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010.09.30 03:02:07 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ks.sys
[2010.09.29 13:02:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Hewlett-Packard
[2010.09.28 13:14:14 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Screenshare
[2010.09.28 13:14:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\3D_Maker_embeded
[2010.09.28 13:13:30 | 000,909,312 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2010.09.28 13:13:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Speed2_burnR_mxcdr
[2010.09.28 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xara
[2010.09.28 13:12:58 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2010.09.28 13:12:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_Video_deluxe_16_Plus_Download-Version
[2010.09.28 13:11:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2010.09.28 13:10:49 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.09.28 12:10:14 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX_MusicEditor
[2010.09.28 12:10:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Xara
[2010.09.28 12:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2010.09.28 01:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Youtube
[2010.09.26 15:47:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Adobe Scripts
[2010.09.26 15:17:08 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.09.25 19:09:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No23 Recorder
[2010.09.24 15:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.09.23 21:04:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2010.09.23 20:59:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\skypePM
[2010.09.23 20:59:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2010.09.23 20:58:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2010.09.23 20:58:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2010.09.23 20:58:34 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.09.23 20:58:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.09.23 20:58:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.09.23 02:33:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2010.09.22 23:29:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.09.22 23:29:33 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.09.22 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.09.22 23:29:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.09.22 17:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.09.22 17:37:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.09.22 17:36:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.09.22 15:17:51 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX
[2010.09.22 15:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2010.09.22 15:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2010.09.22 15:10:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services
[2010.09.22 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\MAGIX Downloads
[2010.09.22 15:05:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.09.18 11:39:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2010.09.15 03:01:03 | 002,441,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iertutil.dll
[2010.09.13 18:28:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ
[2010.09.09 01:42:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PokerStars
[2010.09.09 01:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars
[2010.09.08 16:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010.09.08 16:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.09.08 16:36:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.09.08 16:34:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2010.09.08 11:17:46 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.07 19:54:00 | 001,835,008 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.10.07 19:51:03 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.10.07 19:25:03 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.07 18:22:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.10.07 18:15:49 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.07 18:15:49 | 000,013,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.07 18:13:45 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.07 18:13:45 | 000,645,740 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.07 18:13:45 | 000,607,728 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.07 18:13:45 | 000,127,028 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.07 18:13:45 | 000,104,106 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.07 18:07:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.10.07 18:07:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.07 18:06:10 | 003,523,841 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.10.07 12:29:38 | 004,903,496 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.06 23:57:36 | 000,002,078 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.06 23:55:32 | 000,097,768 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.10.06 23:51:35 | 000,241,664 | ---- | M] (Simon Tatham) -- C:\Windows\Yjipia.exe
[2010.10.06 23:51:32 | 000,284,160 | ---- | M] (Simon Tatham) -- C:\Windows\SysWow64\sshnas21.dll
[2010.10.06 23:47:09 | 000,001,148 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 17 Premium Download-Version.lnk
[2010.10.06 16:45:54 | 000,000,021 | ---- | M] () -- C:\Windows\SurCode.INI
[2010.10.03 12:29:12 | 000,828,912 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.10.02 20:18:44 | 000,000,540 | ---- | M] () -- C:\Windows\win.ini
[2010.10.02 18:32:51 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.09.28 01:19:43 | 000,001,251 | ---- | M] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.25 19:09:40 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2010.09.23 20:59:59 | 000,000,056 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.23 20:58:34 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.09.22 17:37:36 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.13 14:45:43 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.09.08 16:36:56 | 000,002,022 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.09.08 11:17:46 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.09.08 11:17:46 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2010.10.07 18:21:37 | 000,000,398 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.10.07 18:08:03 | 000,000,254 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.10.07 16:24:58 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\googleupdate.log
[2010.10.06 23:57:36 | 000,002,078 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.06 23:51:40 | 000,000,302 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.06 23:47:09 | 000,001,148 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 17 Premium Download-Version.lnk
[2010.10.06 16:55:22 | 000,012,264 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2010.10.06 16:45:54 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2010.10.03 12:29:12 | 000,828,912 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.09.26 16:02:43 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.09.25 19:09:40 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk
[2010.09.23 20:59:59 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.09.23 20:58:34 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.09.22 23:29:34 | 000,001,251 | ---- | C] () -- C:\Users\***\Desktop\DVDVideoSoft Free Studio.lnk
[2010.09.22 17:37:36 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.09.13 14:45:43 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.09.08 16:36:56 | 000,002,022 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
 
========== LOP Check ==========
 
[2010.10.03 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.09.28 01:19:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.07 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.10.01 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2010.10.06 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2010.10.06 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.10.07 18:22:00 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2009.07.14 07:08:49 | 000,027,846 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.10.07 19:25:03 | 000,000,302 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.07 19:51:03 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.06 22:42:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2010.10.07 00:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2010.10.03 12:32:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Pro
[2010.09.28 01:19:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.07 18:44:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ
[2010.08.31 18:59:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2010.09.03 21:03:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.10.01 17:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX
[2009.07.14 20:18:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010.10.06 16:30:54 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.09.03 20:59:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.10.06 18:36:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NVIDIA
[2010.10.06 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2010.09.28 20:03:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2010.09.28 17:42:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM
[2010.10.06 16:47:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.09.28 13:11:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.10.06 16:30:54 | 000,010,134 | R--- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Installer\{024521CF-C07E-4F8E-8481-0D75695E03AF}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysWow64\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysWow64\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SysWOW64\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2010.01.12 21:42:09 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2010.01.12 21:42:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2010.01.12 21:42:09 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2010.01.12 21:42:09 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysWow64\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysWow64\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\dxtrans.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 81 bytes -> C:\Program Files (x86)\Cake Poker:MID
@Alternate Data Stream - 1169 bytes -> C:\Users\***\AppData\Local\Temp:5IIMUXfBhhUjROjpsJEalTofz
@Alternate Data Stream - 1156 bytes -> C:\ProgramData\Microsoft:8QoTfzl9YuCmjnpbq4ud2
@Alternate Data Stream - 1007 bytes -> C:\ProgramData\Microsoft:LREacIsglgcatLLTyX7yKyG
< End of report >
--- --- ---


die untere ist die OTL-Datei aber wirst Du ja wahrscheinlich blind erkennen :)

markusg 07.10.2010 19:34
• Starte bitte die OTL.exe.
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\***\AppData\Local\Temp\Yql.exe (Simon Tatham)
PRC - C:\Windows\Yjipia.exe (Simon Tatham)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [AdobeBridge] File not found
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [fheydbueyj.exe] C:\fheydbueyj.exe\fheydbueyj.exe ()
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [KOO9RV9K4Z] C:\Users\***\AppData\Local\Temp\Yql.exe (Simon Tatham)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [Metropolis] C:\Windows\SysWow64\sshnas21.DLL (Simon Tatham)
O4 - HKU\S-1-5-21-3362069649-3304277367-1124529519-1001..\Run: [SMH2B46TDP] C:\Windows\Yjipia.exe (Simon Tatham)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found
O33 - MountPoints2\{d2511345-b511-11df-b6a4-002608d45dd2}\Shell\AutoRun\command - ""
[2010.10.07 19:51:03 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job= F:\LaunchU3.exe -- File not found
[2010.10.07 19:25:03 | 000,000,302 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.10.07 18:22:00 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.10.06 23:51:32 | 000,284,160 | ---- | M] (Simon Tatham) -- C:\Windows\SysWow64\sshnas21.dll
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
:FILES
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten


öffne mein computer, c:\_OTL rechtsklick auf moved files und zu moved files.rar oder zip hinzufügen.
archiv zu uns hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

knutfh 07.10.2010 19:53
Zitat:
All processes killed
========== OTL ==========
Process Yql.exe killed successfully!
Process Yjipia.exe killed successfully!
Registry value HKEY_USERS\S-1-5-21-3362069649-3304277367-1124529519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3362069649-3304277367-1124529519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\fheydbueyj.exe deleted successfully.
C:\fheydbueyj.exe\fheydbueyj.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3362069649-3304277367-1124529519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\KOO9RV9K4Z deleted successfully.
C:\Users\***\AppData\Local\Temp\Yql.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3362069649-3304277367-1124529519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Metropolis deleted successfully.
C:\Windows\SysWOW64\sshnas21.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-3362069649-3304277367-1124529519-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SMH2B46TDP deleted successfully.
C:\Windows\Yjipia.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d2511345-b511-11df-b6a4-002608d45dd2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2511345-b511-11df-b6a4-002608d45dd2}\ not found.
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\At1.job moved successfully.
File C:\Windows\SysWow64\sshnas21.dll not found.
C:\install.exe moved successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: ***
->Flash cache emptied: 31829 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 490391696 bytes
->Temporary Internet Files folder emptied: 59685220 bytes
->Java cache emptied: 8302 bytes
->FireFox cache emptied: 113991297 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8130115 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 641,00 mb


OTL by OldTimer - Version 3.2.14.1 log created on 10072010_203721

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Windows\temp\~DF56A2CB6A5B5475A9.TMP moved successfully.

Registry entries deleted on Reboot...
So, das ist die Text-Datei (muss hier iwas schreiben weil er sagt mein Text muss länger als 10 Zeichen sein?!)

knutfh 07.10.2010 19:54
habe das ganze leider 2 mal durchgeführt, deswegen gibt es alles zweimal. aber ich denke, dass die jeweils erste Datei ausschlaggebend ist. sorry dafür nochmal

markusg 07.10.2010 19:59
nun warte ich noch auf das _OTL-archiv

knutfh 07.10.2010 19:59
Okay, die Dateien sind jetzt auch hochgeladen

markusg 07.10.2010 20:00
a ok dann warte ich nicht mehr :d
nutze den kaspersky tdss killer und poste das ergebniss
Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bek&#228;mpft?

knutfh 07.10.2010 20:12
Wenn ich tdsskiller.exe in einen seperaten Ordner extrahieren will, kommt folgende Fehlermeldung: TDSS rootkit removing tool funktioniert nicht mehr

Bei der Suche nach einer Lösung findet er nichts. Was tun? Die Einstellungen von vor dem Hochladen der Datei wieder übernehmen?

markusg 07.10.2010 20:42
nein die einstellungen bleiben.
ok erst mal malwarebytes:
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

wie läuft der pc?

knutfh 07.10.2010 22:24
Der PC lief so weit so gut auch vor Malwarescan schon wieder ganz okay.

Allerdings kriege ich immer nen bluescreen nach ca. 100k gescannten dateien und der pc stürzt ab (zwei mal schon passiert). zudem hört man, dass der Prozessor auch ohne Ausführung irgendwelcher Programme noch arbeitet (CPU-Auslastung noch leicht erhöht). noch ne idee? Òó

markusg 08.10.2010 09:17
wie siehts aus, kannst du den scan im abgesicherten modus ausführen? ist bei den meisten pcs durch betätigen der f8-taste und dann abges.modus zu erreichen

knutfh 08.10.2010 14:33
nein, da kommt auch ein bluescreen

markusg 08.10.2010 14:34
wie siehts mit dem tdss killer aus läuft der im abgesicherten modus? starte ihn mit rechtsklick, als admin ausführen.

knutfh 08.10.2010 18:31
Nein, läuft auch nicht. das Problem habe ich aber schon beim Entpacken der Datei, da bleibt win.rar bei 80% stehen und sagt mir, dass das Programm nicht funktioniert.

markusg 08.10.2010 18:49
kannst dus mal mit 7zip entpacken?
7-Zip

knutfh 08.10.2010 23:44
gleiches problem wie vorher

markusg 09.10.2010 10:22
versuche cureit
http://www.trojaner-board.de/59299-a...eb-cureit.html
anders als in der anleitung, lasse es im normalen modus laufen.
bitte breche den scan ab, der automatisch startet.
dann übernimm die konfiguration.
schalte nun alles an laufenden programmen aus, auch antivirus, trenne die internetverbindung, starte den scan.
arbeite nicht am pc.
meist ist das log ziemlich groß, also lads hoch:
File-Upload.net
und poste den link

knutfh 09.10.2010 23:19
Habe Windows per bootcamp auf meinem MacBook installiert. Der dr Web Scanner hat die Windows Partition durch, scannt aber jetzt noch die Mac-Festplatte mit ner Geschwindigkeit von 8kb/s. So würde der Scan noch locker über 30 Stunden dauern. Trotzdem durchlaufen lassen oder abrechen? Der scan hat schon aktionen mit 11 verdächtigen dateien durchgefuhrt. Kann im Moment halt nichts anderes mit dem Laptop machen solang der Scan läuft. Habe diesen Beitrag von meinem Handy geschrieben..

markusg 10.10.2010 11:30
naja ich wusste ja nicht das du die platte abhängst, dann reicht natürlich die windows platte. aber ich muss halt wissen was gefunden wurde und was damit getan wurde :-)

knutfh 10.10.2010 11:43
Geschwindigkeit ist wieder gestiegen. Scan sollte dann heute abgeschlossen werden. Melde mich sobald er soweit ist ^^

knutfh 10.10.2010 14:29
Scan ist beendet. Wenn ich das Programm schließen will fragt er mich, ob ich es wirklich schließen will: die Liste der detektierten Bedrohungen enthalt Objekte, für welche keine Aktionen vorgenommen wurden. Es ist empfehlenswert, diese zu neutralisieren, bevor sie die Anwendung schließen.

Was tun? Wo finde ich den log? Danke :)

markusg 10.10.2010 14:38
du musst die gefundenen objekte erst mal entfernen lassen

knutfh 10.10.2010 14:45
Sorry für die dumme Frage aber wie geht das? Markieren -> löschen? ^^

knutfh 10.10.2010 14:47
Und was ist mit denen, die beim scannen verschoben worden oder nicht desinfizierbar sind?

markusg 10.10.2010 14:54
hast du denn nach anleitung eingestellt, eigendlich müsste er es automatisch machen, ich weis nicht wie man das macht wenns nicht automatisch eingestellt ist, musst mal im ergebniss fenster schauen und nachlesen, evtl. mit rechtsklick auf die dateien oder es gibt schaltflächen

markusg 10.10.2010 15:59
wie läufter jetzt

knutfh 10.10.2010 16:18
Noch nicht getestet aber war ja schon vorher wieder etwas besser(jedenfalls CPU-Auslastung fast wieder normal und keine werbefenster mehr). Bin grad unterwegs. Was mache ich denn mit den Dateien, die im Quarantäne-Ordner sind (vom drweb)

markusg 10.10.2010 16:22
da lassen und nachher drweb löschen. aber erst mal den pc starten und schauen wies läuft.

knutfh 10.10.2010 17:36
läuft wieder gut. Was mir noch zu sagen bleibt: :dankeschoen::party:

knutfh 10.10.2010 17:37
oder muss ich noch mehr machen^^? nicht dass ich zu voreilig bin. wie kann man denn viren usw. vorbeugen (möglichst freeware)

markusg 10.10.2010 17:50
n bissel machen wir noch, zur optimierung /absicherung.
download den ccleaner slim:
Piriform - Builds
instaliere ihn, klicke extras, liste der instalierte programme.
diese als txt speichern.
dann liste öffnen.
hinter jedes programm, welches du benötigtst, schreibe benötigt.
hinter jedes, von dir nicht benötigte programm, schreibe unnötig.
hinter jedes, dir unbekanntes programm, schreibe unbekannt.
poste diese liste

knutfh 10.10.2010 23:07
Zitat:
7-Zip 4.65 08.10.2010 unnötig
Adobe Flash Player 10 ActiveX Adobe Systems, Inc. 05.10.2010 2,42MB 10.1.52.14 benötigt
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 03.09.2010 6,00MB 10.1.82.76 benötigt
Adobe Flash Player 10 Plugin Adobe Systems, Inc. 05.10.2010 2,39MB 10.1.52.14 benötigt
Adobe Flash Player 10 Plugin Adobe Systems Incorporated 24.09.2010 6,00MB benötigt
Adobe Reader 9.3.4 - Deutsch Adobe Systems Incorporated 07.09.2010 241,4MB 9.3.4 benötigt
Adobe Shockwave Player 11.5 Adobe Systems, Inc. 30.08.2010 11.5.1.601 benötigt
Akamai NetSession Interface 05.10.2010 unbekannt
Apple Application Support Apple Inc. 21.09.2010 42,8MB 1.3.2 benötigt
Apple Software Update Apple Inc. 30.08.2010 2,16MB 2.1.1.116 benötigt
Avira AntiVir Personal - Free Antivirus Avira GmbH 05.10.2010 61,8MB 10.0.0.567 benötigt
Boot Camp-Dienste Apple Inc. 03.09.2010 3.1.0 benötigt
CCleaner Piriform 09.10.2010 2.36 benötigt
Firebird SQL Server - MAGIX Edition MAGIX AG 21.09.2010 10,1MB 2.1.27.0 benötigt
Free Audio CD Burner version 1.4 DVDVideoSoft Limited. 21.09.2010 8,09MB unnötig
Free YouTube Download 2.9 DVDVideoSoft Limited. 27.09.2010 25,5MB benötigt
Free YouTube to MP3 Converter version 3.8 DVDVideoSoft Limited. 21.09.2010 32,1MB benötigt
ICQ Toolbar ICQ 02.09.2010 3.0.0 unnötig
ICQ7.2 ICQ 02.09.2010 7.2 benötigt
Java(TM) 6 Update 17 Sun Microsystems, Inc. 30.08.2010 97,7MB 6.0.170 benötigt
Java(TM) 6 Update 17 (64-bit) Sun Microsystems, Inc. 31.08.2010 6.0.170 benötigt
MAGIX 3D Maker (embeded) MAGIX AG 27.09.2010 6.0.0.8 unbekannt (wurde denke ich mit dem MAGIX-Paket installiert, weiss nicht ob man das braucht)
MAGIX Screenshare MAGIX AG 21.09.2010 1,43MB 4.3.6.1987 unbekannt
MAGIX Screenshare MAGIX AG 28.09.2010 4.3.6.1987 unbekannt
MAGIX Speed burnR MAGIX AG 27.09.2010 6.0.1.4 unbekannt
MAGIX Speed burnR (MSI) MAGIX AG 21.09.2010 53,0MB 7.0.2.6 unbekannt
MAGIX Video deluxe 17 Premium Download-Version MAGIX AG 05.10.2010 10.0.1.14 benötigt
Malwarebytes' Anti-Malware Malwarebytes Corporation 06.10.2010 8,51MB (noch) benötigt
Microsoft Silverlight Microsoft Corporation 30.08.2010 14,9MB 3.0.40818.0 unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 21.09.2010 2,70MB 8.0.59193 benötigt
Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 31.08.2010 8.0.59192 benötigt
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 31.08.2010 9.0.30729.4148 benötigt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 03.09.2010 1,42MB 9.0.21022 benötigt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 21.09.2010 0,23MB 9.0.30729 benötigt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 30.08.2010 0,58MB 9.0.30729.4148 benötigt
Mozilla Firefox (3.6.10) Mozilla 16.09.2010 3.6.10 (de) benötigt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 23.09.2010 1,28MB 4.20.9870.0 unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 23.09.2010 1,33MB 4.20.9876.0 unbekannt
No23 Recorder No23 24.09.2010 3,17MB 2.1.0.3 benötigt
NVIDIA Display Control Panel NVIDIA Corporation 06.10.2010 6.14.12.5896 benötigt
NVIDIA Drivers NVIDIA Corporation 06.10.2010 1.10.62.40 benötigt
QuickTime Apple Inc. 21.09.2010 73,7MB 7.68.75.0 benötigt
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 02.09.2010 6.0.1.5936 benötigt
Skype Toolbars Skype Technologies S.A. 22.09.2010 6,09MB 1.0.4051 unnötig
Skype™ 4.2 Skype Technologies S.A. 22.09.2010 19,5MB 4.2.187 benötigt
StarCraft II Blizzard Entertainment 27.09.2010 1.1.1.16605 benötigt
TeamSpeak 3 Client TeamSpeak Systems GmbH 09.10.2010 benötigt
Uninstall 1.0.0.1 27.09.2010 10,6MB unbekannt
UxStyle Core Beta The Within Network, LLC 31.08.2010 0.2.1.1 unbekannt
Windows XP Mode Microsoft Corporation 31.08.2010 1.3.7600.16422 benötigt
Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.10.3.9) Apple Inc. 31.08.2010 01/11/2008 3.10.3.9 benötigt
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (01/19/2009 2.1.2.1) Apple Inc. 31.08.2010 01/19/2009 2.1.2.1 benötigt
Windows-Treiberpaket - Apple Inc. Apple Bluetooth (11/23/2009 3.0.0.4) Apple Inc. 03.09.2010 11/23/2009 3.0.0.4 benötigt
Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) Apple Inc. 31.08.2010 06/27/2007 2.0.0.1 benötigt
Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1) Apple Inc. 03.09.2010 11/23/2009 3.1.0.1 benötigt
Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) Apple Inc. 31.08.2010 10/25/2007 2.0.1.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) Apple Inc. 31.08.2010 01/23/2009 3.0.0.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) Apple Inc. 31.08.2010 02/21/2008 2.0.4.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple Keyboard (03/05/2009 3.0.0.0) Apple Inc. 31.08.2010 03/05/2009 3.0.0.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0) Apple Inc. 03.09.2010 04/06/2009 3.0.0.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112) Apple Inc. 31.08.2010 03/25/2009 2.1.2.112 benötigt
Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) Apple Inc. 03.09.2010 09/10/2009 3.0.0.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112) Apple Inc. 31.08.2010 03/25/2009 2.1.2.112 benötigt
Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0) Apple Inc. 03.09.2010 09/10/2009 3.0.0.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) Apple Inc. 31.08.2010 01/17/2008 2.0.2.2 benötigt
Windows-Treiberpaket - Apple Inc. Apple Trackpad (03/05/2009 3.0.0.0) Apple Inc. 31.08.2010 03/05/2009 3.0.0.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) Apple Inc. 03.09.2010 07/13/2009 3.0.0.1 benötigt
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (02/19/2009 3.0.0.0) Apple Inc. 31.08.2010 02/19/2009 3.0.0.0 benötigt
Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) Apple Inc. 03.09.2010 07/13/2009 3.0.0.1 benötigt
Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) Apple Inc. 03.09.2010 11/30/2009 3.0.0.6 benötigt
Windows-Treiberpaket - Apple Inc. System (08/22/2008 2.1.1.1) Apple Inc. 31.08.2010 08/22/2008 2.1.1.1 benötigt
Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258) Atheros Communications Inc. 03.09.2010 11/18/2009 8.0.0.258 benötigt
Windows-Treiberpaket - Broadcom (b57nd60a) Net (05/28/2009 12.2.0.3) Broadcom 03.09.2010 05/28/2009 12.2.0.3 benötigt
Windows-Treiberpaket - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8) Broadcom 03.09.2010 08/21/2009 5.60.18.8 benötigt
Windows-Treiberpaket - Broadcom (BCM43XX) Net (10/22/2008 5.10.38.26) Broadcom 31.08.2010 10/22/2008 5.10.38.26 benötigt
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21) Cirrus Logic, Inc. 03.09.2010 01/02/2010 6.6001.1.21 benötigt
Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (04/29/2009 6.6001.1.8) Cirrus Logic, Inc. 31.08.2010 04/29/2009 6.6001.1.8 benötigt
Windows-Treiberpaket - Intel (e1express) Net (02/06/2008 9.12.17.0) Intel 31.08.2010 02/06/2008 9.12.17.0 benötigt
Windows-Treiberpaket - Intel (E1G60) Net (01/08/2008 8.3.9.0) Intel 31.08.2010 01/08/2008 8.3.9.0 benötigt
Windows-Treiberpaket - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) Intel 31.08.2010 07/22/2008 10.3.45.0 benötigt
Windows-Treiberpaket - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) Intel 31.08.2010 08/05/2008 10.3.49.0 benötigt
Windows-Treiberpaket - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) Intel 31.08.2010 07/16/2008 9.52.10.0 benötigt
Windows-Treiberpaket - Intel Net (02/06/2008 9.12.18.0) Intel 31.08.2010 02/06/2008 9.12.18.0 benötigt
Windows-Treiberpaket - Intel Net (06/13/2008 9.52.9.0) Intel 31.08.2010 06/13/2008 9.52.9.0 benötigt
Windows-Treiberpaket - Intel Net (07/22/2008 10.3.45.0) Intel 31.08.2010 07/22/2008 10.3.45.0 benötigt
Windows-Treiberpaket - Intel Net (08/05/2008 10.3.49.0) Intel 31.08.2010 08/05/2008 10.3.49.0 benötigt
Windows-Treiberpaket - Intel Net (11/07/2007 8.10.1.0) Intel 31.08.2010 11/07/2007 8.10.1.0 benötigt
Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) Intel 31.08.2010 07/20/2007 1.2.76.0 benötigt
Windows-Treiberpaket - Marvell (yukonx64) Net (12/06/2007 10.51.1.3) Marvell 31.08.2010 12/06/2007 10.51.1.3 unbekannt
WinRAR 28.09.2010 benötigt
10 Zeichen muss ich noch schreiben, damit der das hier postet ^^

markusg 11.10.2010 10:46
ok los gehts.
deinstaliere deine flash player versionen und update.
Flash Player - Download - CHIP Online
eventuelle zusatzmodule wie mcafee securety scan nicht instalieren.
Adobe Reader 9.3.4
deinstalieren und ersetzen durch:
Adobe - Adobe Reader herunterladen - Alle Versionen
bitte hake nicht an, mcafee securety scan +
öffne dann den reader, bearbeiten, voreinstellungen, javascript, dort den haken raus, internet, ebenfalls alle haken raus.
so werden keine pdfs mehr automatisch geladen und es kann dir kein schadcode mehr auf diese weise untergeschoben werden.
bitte noch unnötige plugins verschieben:
Adobe Reader schneller starten
behalte aber:
EScript.api
Escript.deu
Search.api
Search.DEU

Deinstaliere.
Akamai NetSession Interface
Firebird SQL Server du betreibst wirklich nen sql server? falls nein, weg damit
Free Audio CD Burner
ICQ Toolbar
ICQ7.2
sollte man durch einen werbefreien und, wie ich finde, besseren multimessenger ersetzem.
Miranda Fusion
falls du icq unbedingt behalten wilsst, aber updaten.
http://forum.avira.com/wbb/index.php?page=PMList
deinstaliere deine java versionen und update
Download der kostenlosen Java-Software
weiter:
MAGIX Screenshare
MAGIX Screenshare
MAGIX Speed burnR
MAGIX Speed burnR
Microsoft Silverlight
Skype Toolbars
UxStyle Core Beta The Within Network,
danach dateien + registry bereinigen.
wie läufts?

knutfh 11.10.2010 11:30
hxxp://forum.avira.com/wbb/index.php?page=PMList diese link schickt mich zu meinem avira forum posteingang. ist das richtig?

Zitat:
weiter:
MAGIX Screenshare
MAGIX Screenshare
MAGIX Speed burnR
MAGIX Speed burnR
Microsoft Silverlight
Skype Toolbars
UxStyle Core Beta The Within Network,
danach dateien + registry bereinigen.
wie läufts?
was soll ich mit den programmen machen? deinstallieren wahrscheinlich oder? wie bereinige ich dateien und die registry? Danke :)

markusg 11.10.2010 11:37
ja deinstalieren, sorry.
hier ne anleitung
für den cleaner
http://www.trojaner-board.de/51464-a...-ccleaner.html

knutfh 11.10.2010 11:58
Zitat:
hxxp://forum.avira.com/wbb/index.php?page=PMList diese link schickt mich zu meinem avira forum posteingang. ist das richtig?
10 zeichen schreiben olé :)

knutfh 11.10.2010 12:10
habe nun alles durchgeführt. pc läuft gut: normale cpu-auslastung und die werbefenster sind schon seit anfang unserer "sitzung" weg

markusg 11.10.2010 12:26
a sorry ich hatte den falschen link in der zwischenablage
ich wollte eigendlich zu icq verlinken
http://filepony.de/download-icq/a

knutfh 11.10.2010 12:29
habe icq jetzt deinstalliert und durch miranda ersetzt. mal schauen was mir besser gefällt. wie gehts weiter?

markusg 11.10.2010 12:44
ok
die uac sollte auf maximum stehen.
klicke auf start, ausführen (suchen) tippe
uac
enter
nachfrage bestätigen, regler auf höchste stufe.
so ist es schwiriger heimlich etwas auf dem pc zu instalieren.
dep aktivieren:
dep für alle prozesse:
Datenausführungsverhinderung (DEP)
• "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:".
wenn es zu problemen kommen sollte, kann man die betroffenen prozesse aus der Überwachung entfernen.
SEHOP aktivieren:
Aktivieren von SEHOP &#40;Structured Exception Handling Overwrite Protection&#41; in Windows-Betriebssystemen
klicke auf "Feature automatisch aktivieren"
und folge den anweisungen
dieser tipp, gilt auch für windows 7
als adon noscript, es werden dadurch einige scripts (java) zb blockiert, du kannst diese dann frei geben, in dem du auf der seite, die freigegeben werden
soll, nen rechtsklick machst, noscript wählst, und temporär alle berectigungen aufheben wählst, somit werden sie für den besuch aufgehoben, oder alle beschrenkungen
aufheben, somit wird die seite freigegeben. das kann man natürlich wieder rückgängig machen.
http://filepony.de/download-noscript//
adblock+ um werbung zu blockieren:
http://filepony.de/download-adblock_firefox//
hier gibt es noch filterlisten:
Bekannte Filterlisten für Adblock Plus
hier würde ich 2 oder 3 deutsche filter auswählen.
unter sonstiges die malware blocklist.

um das surfen sicherer zu machen, würde ich sandboxie empfehlen.
Download:
Sandboxie Download
anleitung:
drop.io
(als pdf)
hier noch ein paar zusatzeinstellungen, nicht verunsichern lassen, wenn ihr das programm instaliert habt, werden sie klar.
den direkten datei zugriff bitte auf firefox.exe und plugin-container.exe
beschrenken, hier kannst du auch noscript und andere plugins eintragen.
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\prefs.js
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\bookmarks.html
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\sessionstore.js
OpenFilePath=firefox.exe,%AppData%\Mozilla\Firefox\Profiles\*.default\adblockplus\patterns.ini
bei
Internetzugriff:
firefox.exe und
plugin-container.exe
eintragen
öffne dann sandboxie, dann oben im menü auf sandbox klickem, wähle deine sandbox aus und klicke dann auf sandboxeinstellung.
dort auf anwendung, webbrowser, firefox.
direkten zugriff auf lesezeichen erlauben auswählen und auf hinzufügen klicken, dann auf ok.
wenn du mit dem programm gut auskommst, ist ne lizenz zu empfehlen.
1. es gibt dann noch ein paar mehr funktionen.
2. kommt nach nem monat die anzeige, dass das programm freeware ist, die verschwindet erst nach ner zeit, find ich n bissel nerfig.
3. ist die lizenz lebenslang gültig, kostenpunkt rund 30 €, und du kannst sie auf allen pcs in deinem haushalt einsetzen.
autorun deaktivieren:
über diesen weg werden sehr häufig schaddateien verbreitet, schalte die funktion also ab.
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
usb sticks, festplatten etc, sollte man mit panda vaccine impfen:
ANTIMALWARE: Panda USB Vaccine - Download FREE - PANDA SECURITY
so holt man sich keine infektionen ins haus, wenn man mal die festplatte etc verleit.
hake an:
hake an:
run panda usb vaccine automatically when computer boots
automatically vaccine any new insert usb key
enable ntfs file suport
Updates sind für dein system genauso wichtig, wie ein antivirenscanner. Sehr häufig gelangen schädlinge nur aufs system, weil der user veraltete software nutzt.
instaliere die folgenden update checker.
Secunia:
http://www.trojaner-board.de/83959-s...ector-psi.html
und file hippo update checker:
FileHippo.com Update Checker - FileHippo.com
das file Hippo Symbol wird im infobereich neben der uhr auftauchen, mache bitte nen rechtsklick darauf, wähle settings, results, setze einen haken bei "hide beta updates" klicke ok.
dann doppelklicke file hippo, eine Internetseite wird geöffnet, auf der dier die aktuellsten updates gezeigt werden, diese downloaden und instalieren.

Beide programme sollten im autostart bleiben, und sobald eines der programme updates anzeigt sollten diese umgehend instaliert werden.
regelmäßige Backups des systems sind sehr wichtig, du weist nie, ob deine festplatte mal kaputt geht.
Acronis True Image 2011 - Festplatten-Backup-Software, Datei-Backup und Disk Imaging, Wiederherstellung von Anwendungseinstellungen, Backup von Musik, Videos, Fotos und Outlook-Mails
außerdem kannst du, bei neuerlichem malware befall das system zurücksetzen.
Das Backup sollte möglichst auf eine externe festplatte etc emacht werden, nicht auf die selbe, wo sich die zu sichernden daten befinden.
Von sehr wichtigen Daten könnte man noch eine zusätzliche Sicherung auf dvds/cds erstellen, dazu könnte man auch wiederbeschreibbare verwenden (rws) falls die sammlung mal erneuert werden soll.
passwörter endern.
bitte surfe ab sofort nur noch in sandboxie, mit klick auf "sandboxed web browser.

knutfh 11.10.2010 18:23
alles absolviert

markusg 11.10.2010 18:25
na das klingt doch gut. wenn keine probleme mehr sind, dann haben wirs

knutfh 11.10.2010 20:39
sehr gut. dann nochmal vielen Dank. auf dass wir uns in diesem zusammenhang nicht mehr unterhalten müssen :) respekt für das, was ihr macht.

tschüssi

markusg 12.10.2010 10:37
ja, bleib sauber.

Larusso 23.05.2011 13:44
Wir löschen aus organisatorischen Gründen keine Threads. Ich hatte deine Persönlichen Dinge bereits ge ***.

Was eigentlich deine Arbeit gewesen wäre und nicht meine.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:51 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130