Spyware oder Virus als Ursache?

#1 hi
hab seit einigen tagen folgendes problem:
wenn ich im internet surfe, ie8, dann bauen sich die seiten seit vlt einer woche sehr sehr langsam auf. habe nichts am pc hinsichtlich programme o.ä. verändert. ich nutze ich hauptsächlich zum surfen und chatten, deswegen kann ich mir nicht erklären, was hier der grund ist. der pc ist zwei jahre alt, als betriebssystem hat er win7 drauf. es geht wiegesagt nur beim surfen, von der schnelligkeit beim arbeiten, bsp word o.ä. hat sich nichts verändert.
habe als test mal firefox und opera getest, is aber das gleiche ergebnis. zudem habe ich einen speedtest gemacht. ich bekomme immernoch meine 16000er geschwindigkeit her.
was kann es nun sein?
nachts lassen sich die seiten ein bißchen schneller laden, aber das ganze ist ja erst seit ner woche und zuvor wurde jede seite, egal ob tag oder nacht, schnell geladen....

ich hoffe ihr kennt euch da weng besser aus...

mfg

#2 Hallo und Willkommen auf Protecus.de

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

>Doppelklick auf die OTL.exe
-->Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
>Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
>Unter Extra Registry, wähle bitte Use SafeList
>Klicke nun auf Run Scan links oben
>Wenn der Scan beendet wurde werden 2 Logfiles erstellt
>Poste die Logfiles in Code-Tags hier in den Thread.

#3 ok, habs gemacht. hier die logfiles

1

Code

 OTL logfile created on: 06.01.2010 21:54:33 - Run 1
OTL by OldTimer - Version 3.1.21.0     Folder = C:\Users\Kevin\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 37,32 Gb Free Space | 50,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 127,99 Gb Total Space | 96,76 Gb Free Space | 75,60% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 477,15 Gb Free Space | 80,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KEEF
Current User Name: Kevin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\directx32v.exe ()
PRC - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Irmon) -- C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vvdsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (vvdsvc) -- C:\Windows\SysWOW64\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:[b]64bit:[/b] - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:[b]64bit:[/b] - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (CSC) -- C:\Windows\CSC [2009.09.23 15:47:32 | 00,000,000 | ---D | M]
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 14 6C 72 68 3C CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2009.12.17 00:03:36 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: (1306 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O1 - Hosts: 127.0.0.1                practivate.adobe.com
O1 - Hosts: 127.0.0.1                ereg.adobe.com
O1 - Hosts: 127.0.0.1                activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1                wip3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1                ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1                activate-sea.adobe.com
O1 - Hosts: 127.0.0.1                wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1                activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [directx32v] C:\Windows\directx32v.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found
[b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.01.06 01:20:50 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Documents\DVDVideoSoft
[2010.01.06 01:20:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.01.06 01:20:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.01.04 22:18:13 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Uniblue
[2010.01.04 22:18:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010.01.02 00:51:06 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX Downloads
[2010.01.02 00:51:01 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2010.01.02 00:50:58 | 00,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2010.01.02 00:50:57 | 00,663,552 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2010.01.02 00:49:08 | 00,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2010.01.02 00:49:08 | 00,188,416 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2010.01.02 00:49:08 | 00,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2010.01.02 00:49:08 | 00,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2010.01.02 00:49:08 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2010.01.02 00:49:08 | 00,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2010.01.02 00:49:08 | 00,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2010.01.02 00:49:08 | 00,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2010.01.02 00:49:08 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2010.01.02 00:49:08 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2010.01.02 00:49:08 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2010.01.02 00:49:08 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2010.01.02 00:49:08 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2010.01.02 00:49:07 | 00,487,424 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2010.01.02 00:49:07 | 00,163,840 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2010.01.02 00:49:07 | 00,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2010.01.02 00:49:07 | 00,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2010.01.02 00:49:07 | 00,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2010.01.02 00:49:07 | 00,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2010.01.02 00:49:07 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2010.01.02 00:49:07 | 00,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2010.01.02 00:49:07 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2010.01.02 00:49:07 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2010.01.02 00:49:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2010.01.02 00:47:56 | 01,089,536 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2010.01.02 00:47:56 | 00,085,504 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\HtmlWH.dll
[2010.01.02 00:47:56 | 00,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.dll
[2010.01.02 00:47:42 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX
[2010.01.01 15:52:55 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Opera
[2010.01.01 15:52:55 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Opera
[2009.12.26 22:05:59 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009.12.26 21:58:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009.12.26 21:55:37 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2009.12.18 23:31:07 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2009.12.18 23:31:07 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2009.12.18 23:30:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009.12.18 23:30:30 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Winamp
[2009.12.17 21:09:38 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Apps
[2009.12.17 21:03:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2009.12.12 23:11:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Doc Converter
[2009.12.09 06:12:06 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009.12.09 06:12:06 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.09.23 18:38:26 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Kevin\AppData\Roaming\pcouffin.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.01.06 21:52:04 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.06 21:52:01 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.06 21:51:56 | 26,104,05376 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.06 21:51:16 | 02,359,296 | ---- | M] () -- C:\Users\Kevin\NTUSER.DAT
[2010.01.06 21:51:12 | 06,489,406 | -H-- | M] () -- C:\Users\Kevin\AppData\Local\IconCache.db
[2010.01.06 21:24:43 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.06 21:24:43 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.06 21:24:04 | 01,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.01.06 21:24:04 | 00,647,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.01.06 21:24:04 | 00,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.01.06 21:24:04 | 00,127,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.01.06 21:24:04 | 00,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.01.06 19:29:26 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.06 19:29:26 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.06 19:29:26 | 00,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TM.blf
[2010.01.06 01:20:50 | 00,001,244 | ---- | M] () -- C:\Users\Kevin\Desktop\DVDVideoSoft Free Studio.lnk
[2010.01.05 14:30:21 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.05 14:30:21 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.05 14:30:21 | 00,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TM.blf
[2010.01.05 14:04:29 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.05 14:04:29 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.05 14:04:29 | 00,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TM.blf
[2010.01.04 23:21:29 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 23:21:29 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 23:21:29 | 00,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TM.blf
[2010.01.04 22:35:00 | 00,001,241 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.01.02 12:47:07 | 00,122,488 | ---- | M] () -- C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.02 12:03:30 | 03,039,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.01.02 00:50:57 | 00,006,642 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2009.12.26 21:53:22 | 00,638,976 | -HS- | M] () -- C:\Windows\directx32v.exe
[2009.12.15 23:30:43 | 00,873,922 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\UserTile.png
[2009.12.12 23:11:46 | 00,001,058 | ---- | M] () -- C:\Users\Kevin\Desktop\Free PDF to Word Doc Converter.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.01.06 19:23:34 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.06 19:23:34 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.06 19:23:33 | 00,065,536 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TM.blf
[2010.01.06 01:20:50 | 00,001,244 | ---- | C] () -- C:\Users\Kevin\Desktop\DVDVideoSoft Free Studio.lnk
[2010.01.05 14:26:29 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.05 14:26:29 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.05 14:26:29 | 00,065,536 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TM.blf
[2010.01.05 13:52:51 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.05 13:52:51 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.05 13:52:51 | 00,065,536 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TM.blf
[2010.01.04 22:36:12 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 22:36:12 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 22:36:12 | 00,065,536 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TM.blf
[2010.01.04 22:35:00 | 00,001,241 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.01.02 00:49:07 | 00,014,182 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib
[2010.01.02 00:47:42 | 00,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.26 21:53:24 | 00,638,976 | -HS- | C] () -- C:\Windows\directx32v.exe
[2009.12.15 23:30:23 | 00,873,922 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\UserTile.png
[2009.12.12 23:11:46 | 00,001,058 | ---- | C] () -- C:\Users\Kevin\Desktop\Free PDF to Word Doc Converter.lnk
[2009.11.28 20:07:28 | 00,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.11.10 20:37:31 | 00,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009.10.26 19:29:46 | 00,077,824 | ---- | C] () -- C:\Windows\SysWow64\csdlocalmon.dll
[2009.09.26 11:04:48 | 01,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.09.23 18:38:58 | 00,001,044 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\vso_ts_preview.xml
[2009.09.23 18:38:49 | 00,000,034 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.log
[2009.09.23 18:38:26 | 00,099,384 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\inst.exe
[2009.09.23 18:38:26 | 00,007,859 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.cat
[2009.09.23 18:38:26 | 00,001,167 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.inf
[2009.09.23 17:09:39 | 00,003,584 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== Alternate Data Streams ==========[/color]
 
@Alternate Data Stream - 638976 bytes -> C:\Windows:directx32v.exe
< End of report >
  

2

Code

  OTL Extras logfile created on: 06.01.2010 21:54:33 - Run 1
OTL by OldTimer - Version 3.1.21.0     Folder = C:\Users\Kevin\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 37,32 Gb Free Space | 50,14% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 127,99 Gb Total Space | 96,76 Gb Free Space | 75,60% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 477,15 Gb Free Space | 80,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KEEF
Current User Name: Kevin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190b
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"iriver plus 3" = iriver plus 3 (remove only)
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 01.01.2010 19:24:33 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: USdx.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: USdx.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000af06d  ID des fehlerhaften Prozesses:
 0x930  Startzeit der fehlerhaften Anwendung: 0x01ca8b39918bd048  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\UltraStar Deluxe\USdx.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\UltraStar Deluxe\USdx.exe  Berichtskennung: d0c6aafd-f72c-11de-9e0b-0019668066d3
 
Error - 01.01.2010 19:25:14 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Au_.exe, Version: 0.0.0.0, Zeitstempel:
 0x473efc34  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x73f54cad  ID des fehlerhaften Prozesses:
 0xdbc  Startzeit der fehlerhaften Anwendung: 0x01ca8b399c2b2062  Pfad der fehlerhaften
 Anwendung: C:\Users\Kevin\AppData\Local\Temp\~nsu.tmp\Au_.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: e98df178-f72c-11de-9e0b-0019668066d3
 
Error - 01.01.2010 19:49:13 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mgxmcmp2.exe, Version: 1.0.0.0, Zeitstempel:
 0x3bd86c3f  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5bdac7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f109  ID des fehlerhaften Prozesses:
 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01ca8b3d0259acc6  Pfad der fehlerhaften
 Anwendung: C:\Users\Kevin\AppData\Local\Temp\mgxmcmp2.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 431c6e05-f730-11de-9e0b-0019668066d3
 
Error - 03.01.2010 16:45:46 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 03.01.2010 16:48:12 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 03.01.2010 16:53:38 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 03.01.2010 16:55:15 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 03.01.2010 16:56:11 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 05.01.2010 07:57:05 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.150.3, Zeitstempel:
 0x4a6ad1a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x51365846  ID des fehlerhaften Prozesses:
 0xf54  Startzeit der fehlerhaften Anwendung: 0x01ca8dfe2f229f99  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 71263347-f9f1-11de-afff-0019668066d3
 
Error - 06.01.2010 16:35:54 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 4.0.0.118,
 Zeitstempel: 0x4aae4ba1  Name des fehlerhaften Moduls: buddy.dll, Version: 4.0.0.117,
 Zeitstempel: 0x4a82cd6b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003656d  ID des fehlerhaften
 Prozesses: 0x630  Startzeit der fehlerhaften Anwendung: 0x01ca8f0fbd4cf552  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Trillian\trillian.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Trillian\buddy.dll  Berichtskennung: 15d31cba-fb03-11de-8e2f-0019668066d3
 
[ System Events ]
Error - 06.01.2010 15:06:33 | Computer Name = Keef | Source = Service Control Manager | ID = 7000
Description = Der Dienst "--" wurde aufgrund folgenden Fehlers nicht gestartet: 
  %%1053
 
Error - 06.01.2010 16:19:26 | Computer Name = Keef | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 06.01.2010 16:19:40 | Computer Name = Keef | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Funktionssuche-Ressourcenveröffentlichung" wurde mit folgendem
 Fehler beendet:   %%-2147014847
 
Error - 06.01.2010 16:19:48 | Computer Name = Keef | Source = Service Control Manager | ID = 7030
Description = Der Dienst "--" ist als interaktiver Dienst gekennzeichnet. Das System
 wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der 
Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 06.01.2010 16:19:53 | Computer Name = Keef | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 -- erreicht.
 
Error - 06.01.2010 16:19:53 | Computer Name = Keef | Source = Service Control Manager | ID = 7000
Description = Der Dienst "--" wurde aufgrund folgenden Fehlers nicht gestartet: 
  %%1053
 
Error - 06.01.2010 16:51:55 | Computer Name = Keef | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 06.01.2010 16:52:13 | Computer Name = Keef | Source = Service Control Manager | ID = 7030
Description = Der Dienst "--" ist als interaktiver Dienst gekennzeichnet. Das System
 wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der 
Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 06.01.2010 16:52:16 | Computer Name = Keef | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 -- erreicht.
 
Error - 06.01.2010 16:52:16 | Computer Name = Keef | Source = Service Control Manager | ID = 7000
Description = Der Dienst "--" wurde aufgrund folgenden Fehlers nicht gestartet: 
  %%1053
 
 
< End of report >
 

#4 Datei-Überprüfung

Folgende Datei/en (siehe Codebox) bei VirusTotal online überprüfen lassen. Dafür musst Du jede Datei einzeln über den Button "Durchsuchen" und "Senden der Datei" nach VirusTotal hochladen und prüfen lassen. Wenn VirusTotal die Datei empfangen hat, wird sie diese mit mehreren Anti-Virus-Scannern prüfen und die Ergebnisse anzeigen. Sollte VirusTotal melden, dass die Datei bereits überpüft wurde, lasse sie trotzdem über den Button "Analysiere die Datei" erneut prüfen.

Zitat

C:\Windows\directx32v.exe

Wenn das Ergebnis vorliegt, den kleinen Button "Filter" links oberhalb der Ergebnisse drücken, dann das Ergebnis (egal wie es aussieht und dabei auch die Zeilen mit Namen und Größe der Datei, MD5 und SHA1 kopieren) hier posten. Solltest Du die Datei/en nicht finden oder hochladen können, dann teile uns das ebenfalls mit. Solltest Du die Datei/en nicht finden, überprüfe, ob folgende Einstellungen richtig gesetzt sind.

#5 ich finde diese datei bzw verzeichnis gar nicht

#6 Bitte diese Einstellungen in den Ordneroptionen vornehmen.

#7 Datei directx32v.exe empfangen 2010.01.06 21:28:01 (UTC)Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.48 2010.01.06 -
AhnLab-V3 5.0.0.2 2010.01.06 -
AntiVir 7.9.1.122 2009.12.31 -
Antiy-AVL 2.0.3.7 2010.01.06 -
Authentium 5.2.0.5 2010.01.06 W32/Downldr2.INXS
Avast 4.8.1351.0 2010.01.06 -
AVG 8.5.0.430 2010.01.04 -
BitDefender 7.2 2010.01.06 -
CAT-QuickHeal 10.00 2010.01.05 -
ClamAV 0.94.1 2010.01.06 -
Comodo 3490 2010.01.06 -
DrWeb 5.0.1.12222 2010.01.06 Trojan.MulDrop.54138
eTrust-Vet 35.1.7219 2010.01.06 -
F-Prot 4.5.1.85 2010.01.06 W32/Downldr2.INXS
F-Secure 9.0.15370.0 2010.01.06 -
Fortinet 4.0.14.0 2010.01.06 -
GData 19 2010.01.06 -
Ikarus T3.1.1.79.0 2010.01.06 -
Jiangmin 13.0.900 2010.01.06 -
K7AntiVirus 7.10.940 2010.01.06 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2010.01.06 -
McAfee 5853 2010.01.06 -
McAfee+Artemis 5853 2010.01.06 Artemis!BC20AE014EEA
McAfee-GW-Edition 6.8.5 2010.01.06 Heuristic.LooksLike.Trojan.Dropper.J
Microsoft 1.5302 2010.01.06 VirTool:Win32/Injector.gen!AK
NOD32 4749 2010.01.06 a variant of Win32/Injector.AIR
Norman 6.04.03 2010.01.06 -
nProtect 2009.1.8.0 2010.01.06 -
Panda 10.0.2.2 2010.01.06 Suspicious file
PCTools 7.0.3.5 2010.01.06 -
Prevx 3.0 2010.01.06 Low Risk Adware
Rising 22.29.02.06 2010.01.06 -
Sophos 4.49.0 2010.01.06 Sus/UnkPack-C
Sunbelt 3.2.1858.2 2010.01.06 -
Symantec 20091.2.0.41 2010.01.06 Suspicious.Cloud
TheHacker 6.5.0.3.137 2010.01.06 -
TrendMicro 9.120.0.1004 2010.01.06 -
VBA32 3.12.12.1 2010.01.06 -
ViRobot 2010.1.6.2124 2010.01.06 -
VirusBuster 5.0.21.0 2010.01.06 -

weitere Informationen
File size: 638976 bytes
MD5...: bc20ae014eeab3b5446d76d2395fbb47
SHA1..: f116731ccbc4787353c964b7bedbfcf8ca66a36d
SHA256: 46cf8a1bd0f2563be272a54a9a25d534fdd0a194235658dff08d603d8ab3e3da
ssdeep: 12288:Ucp+MFg/iS6WkxPdXngUcAbK5vCFDWv4xe39F7BCB5Htq:U/MNAOnBcj5v<BR>CFx89F7EB5Htq<BR>
PEiD..: -
PEInfo: PE Structure information<BR><BR>( base data )<BR>entrypointaddress.: 0xb4e4<BR>timedatestamp.....: 0x2a425e19 (Fri Jun 19 22:22:17 1992)<BR>machinetype.......: 0x14c (I386)<BR><BR>( 9 sections )<BR>name viradd virsiz rawdsiz ntrpy md5<BR>CODE 0x1000 0x11000 0x10c00 6.44 7cdac83f3190eb8bb6b144476883464b<BR>DATA 0x12000 0x1000 0x200 1.46 9acb089f416146308926ff17594cff44<BR>BSS 0x13000 0x3000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.idata 0x16000 0x1000 0x200 3.97 eb0d79cf820286a8bbebd553bbd68762<BR>.tls 0x17000 0x1000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rdata 0x18000 0x1000 0x200 0.26 c4b28bc5e6c70098f8bd5ded42b67850<BR>.reloc 0x19000 0x2000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e<BR>.rsrc 0x1b000 0x1000 0x200 0.08 5dce81f1dae2957eb604a2a5ee86d340<BR>.data 0x1c000 0x8a800 0x8a800 7.88 2b6f2abc6d05c4616f00043695869e11<BR><BR>( 2 imports ) <BR>&gt; kernel32.dll: GetCurrentThreadId, MultiByteToWideChar, ExitProcess, RtlUnwind, RaiseException, TlsSetValue, TlsGetValue, LocalAlloc, GetModuleHandleA, FreeLibrary, HeapFree, HeapReAlloc, HeapAlloc, GetProcessHeap<BR>&gt; oleaut32.dll: SysFreeString, SysReAllocStringLen, SysAllocStringLen<BR><BR>( 0 exports ) <BR>
RDS...: NSRL Reference Data Set<BR>-
&lt;a href='http://info.prevx.com/aboutprogramtext.asp?PX5=440E2CCD0028B41EC05709FAA553BC00706D89CF' target='_blank'&gt;http://info.prevx.com/aboutprogramtext.asp?PX5=440E2CCD0028B41EC05709FAA553BC00706D89CF&lt;/a&gt;
trid..: Generic Win/DOS Executable (49.5%)<BR>DOS Executable Generic (49.5%)<BR>VXD Driver (0.7%)<BR>Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
pdfid.: -
sigcheck:<BR>publisher....: n/a<BR>copyright....: n/a<BR>product......: n/a<BR>description..: n/a<BR>original name: n/a<BR>internal name: n/a<BR>file version.: n/a<BR>comments.....: n/a<BR>signers......: -<BR>signing date.: -<BR>verified.....: Unsigned<BR>

#8 Schritt 1

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
PRC - C:\Windows\directx32v.exe ()
O4 - HKLM..\Run: [directx32v] C:\Windows\directx32v.exe ()
[2009.12.26 21:53:22 | 00,638,976 | -HS- | M] () -- C:\Windows\directx32v.exe
:Commands
[purity]
[emptytemp]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• Klick auf .
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread

Schritt 2

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

#9 wenn ich auf "run fix" gehe, kommt immer ein blauer screen und dann der pc macht nen neustart, das ist doch nicht normal, oder?

#10 Nein ist es nicht. Welche Meldung kommt dann auf dem Bluescreen? Kommt es direkt nach dem Klick auf den Button?

#11 ja es kommt nach dem klick auf den button
geht iwie um crash undso, der screen war einfach "vollgeschrieben" deswegen kann ich net sagen, was da alles stand

#12 Dann mach einmal Schritt 2 und poste danach zwei neue OTL Logs.

#13

Code

 OTL logfile created on: 06.01.2010 23:12:20 - Run 2
OTL by OldTimer - Version 3.1.21.0     Folder = C:\Users\Kevin\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 37,04 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 127,99 Gb Total Space | 96,76 Gb Free Space | 75,60% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 477,15 Gb Free Space | 80,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KEEF
Current User Name: Kevin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Windows\directx32v.exe ()
PRC - C:\Program Files (x86)\Winamp\winamp.exe (Nullsoft)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Kevin\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Irmon) -- C:\Windows\SysNative\irmon.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:[b]64bit:[/b] - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (vvdsvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:[b]64bit:[/b] - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV - (vvdsvc) -- C:\Windows\SysWOW64\nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 04:20:14 | 00,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (NMIndexingService) -- C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (Nero AG)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:[b]64bit:[/b] - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (irda) -- C:\Windows\SysNative\drivers\irda.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (61883) -- C:\Windows\SysNative\drivers\61883.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Avc) -- C:\Windows\SysNative\drivers\avc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (MSDV) -- C:\Windows\SysNative\drivers\msdv.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (cpuz132) -- C:\Windows\SysNative\drivers\cpuz132_x64.sys (Windows (R) Codename Longhorn DDK provider)
DRV:[b]64bit:[/b] - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:[b]64bit:[/b] - (irsir) -- C:\Windows\SysNative\drivers\irsir.sys (Microsoft Corporation)
DRV - (CSC) -- C:\Windows\CSC [2009.09.23 15:47:32 | 00,000,000 | ---D | M]
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.spiegel.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D8 14 6C 72 68 3C CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
[2009.12.17 00:03:36 | 00,063,488 | ---- | M] (Nullsoft) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: (1306 bytes) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1                activate.adobe.com
O1 - Hosts: 127.0.0.1                practivate.adobe.com
O1 - Hosts: 127.0.0.1                ereg.adobe.com
O1 - Hosts: 127.0.0.1                activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1                wip3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-3.adobe.com
O1 - Hosts: 127.0.0.1                3dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1                adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1                ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1                activate-sea.adobe.com
O1 - Hosts: 127.0.0.1                wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1                activate-sjc0.adobe.com
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4:[b]64bit:[/b] - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:[b]64bit:[/b] - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [directx32v] C:\Windows\directx32v.exe ()
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files (x86)\QuickTime\qttask.exe (Apple Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab (VodClient Control Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:[b]64bit:[/b] - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:[b]64bit:[/b] - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
[b]64bit:[/b] O35 - comfile [open] -- "%1" %* File not found
[b]64bit:[/b] O35 - exefile [open] -- "%1" %* File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.01.06 22:46:51 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.01.06 22:46:50 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.01.06 22:39:54 | 00,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.01.06 01:20:50 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Documents\DVDVideoSoft
[2010.01.06 01:20:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.01.06 01:20:46 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.01.04 22:18:13 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Uniblue
[2010.01.04 22:18:09 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010.01.02 00:51:06 | 00,000,000 | ---D | C] -- C:\Users\Kevin\Documents\MAGIX Downloads
[2010.01.02 00:51:01 | 00,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2010.01.02 00:50:58 | 00,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2010.01.02 00:50:57 | 00,663,552 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\mgxoschk.dll
[2010.01.02 00:49:08 | 00,430,080 | ---- | C] (MAGIX AG) -- C:\Windows\SysWow64\MXRestore.exe
[2010.01.02 00:49:08 | 00,188,416 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRES32.dll
[2010.01.02 00:49:08 | 00,065,536 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPTL32.dll
[2010.01.02 00:49:08 | 00,057,344 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLTPO32.dll
[2010.01.02 00:49:08 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRJ32.dll
[2010.01.02 00:49:08 | 00,049,152 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPRF32.dll
[2010.01.02 00:49:08 | 00,040,960 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLRD32.dll
[2010.01.02 00:49:08 | 00,036,864 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLPNT32.dll
[2010.01.02 00:49:08 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\STRING32.dll
[2010.01.02 00:49:08 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLMSC32.dll
[2010.01.02 00:49:08 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTIC32.dll
[2010.01.02 00:49:08 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\TTI32.dll
[2010.01.02 00:49:08 | 00,024,576 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIX.dll
[2010.01.02 00:49:07 | 00,487,424 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLAV32.dll
[2010.01.02 00:49:07 | 00,163,840 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDEV32.dll
[2010.01.02 00:49:07 | 00,151,552 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDRV32.dll
[2010.01.02 00:49:07 | 00,114,688 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDA32.dll
[2010.01.02 00:49:07 | 00,094,208 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCPY32.dll
[2010.01.02 00:49:07 | 00,061,440 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLCDF32.dll
[2010.01.02 00:49:07 | 00,053,248 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIO32.dll
[2010.01.02 00:49:07 | 00,045,056 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLIMG32.dll
[2010.01.02 00:49:07 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLISO32.dll
[2010.01.02 00:49:07 | 00,032,768 | ---- | C] (PoINT Software & Systems GmbH) -- C:\Windows\SysWow64\DLLDIR32.dll
[2010.01.02 00:49:02 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Shared
[2010.01.02 00:47:56 | 01,089,536 | ---- | C] (eHelp Corporation.) -- C:\Windows\SysWow64\ROBOEX32.DLL
[2010.01.02 00:47:56 | 00,085,504 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\HtmlWH.dll
[2010.01.02 00:47:56 | 00,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\Windows\SysWow64\INETWH32.dll
[2010.01.02 00:47:42 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\MAGIX
[2010.01.01 15:52:55 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Opera
[2010.01.01 15:52:55 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Opera
[2009.12.26 22:05:59 | 00,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2009.12.26 21:58:32 | 00,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2009.12.26 21:55:37 | 00,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2009.12.18 23:31:07 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2009.12.18 23:31:07 | 02,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2009.12.18 23:30:31 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2009.12.18 23:30:30 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Winamp
[2009.12.17 21:09:38 | 00,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Apps
[2009.12.17 21:03:29 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2009.12.12 23:11:45 | 00,000,000 | ---D | C] -- C:\Program Files (x86)\Free PDF to Word Doc Converter
[2009.12.09 06:12:06 | 00,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2009.12.09 06:12:06 | 00,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2009.09.23 18:38:26 | 00,082,816 | ---- | C] (VSO Software) -- C:\Users\Kevin\AppData\Roaming\pcouffin.sys
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.01.06 23:12:52 | 02,359,296 | ---- | M] () -- C:\Users\Kevin\NTUSER.DAT
[2010.01.06 22:55:26 | 01,480,602 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.01.06 22:55:26 | 00,647,138 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.01.06 22:55:26 | 00,609,896 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.01.06 22:55:26 | 00,127,198 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.01.06 22:55:26 | 00,104,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.01.06 22:53:25 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.01.06 22:53:24 | 00,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.01.06 22:48:18 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.01.06 22:48:12 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.01.06 22:48:09 | 26,104,05376 | -HS- | M] () -- C:\hiberfil.sys
[2010.01.06 22:48:08 | 26,806,0851 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.01.06 22:46:54 | 00,001,014 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.06 21:51:12 | 06,489,406 | -H-- | M] () -- C:\Users\Kevin\AppData\Local\IconCache.db
[2010.01.06 19:29:26 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.06 19:29:26 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.06 19:29:26 | 00,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TM.blf
[2010.01.06 01:20:50 | 00,001,244 | ---- | M] () -- C:\Users\Kevin\Desktop\DVDVideoSoft Free Studio.lnk
[2010.01.05 14:30:21 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.05 14:30:21 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.05 14:30:21 | 00,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TM.blf
[2010.01.05 14:04:29 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.05 14:04:29 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.05 14:04:29 | 00,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TM.blf
[2010.01.04 23:21:29 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 23:21:29 | 00,524,288 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 23:21:29 | 00,065,536 | -HS- | M] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TM.blf
[2010.01.04 22:35:00 | 00,001,241 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.01.02 12:47:07 | 00,122,488 | ---- | M] () -- C:\Users\Kevin\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.02 12:03:30 | 03,039,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.01.02 00:50:57 | 00,006,642 | ---- | M] () -- C:\Windows\mgxoschk.ini
[2009.12.30 14:55:24 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2009.12.30 14:55:06 | 00,022,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2009.12.26 21:53:22 | 00,638,976 | ---- | M] () -- C:\Windows\directx32v.exe
[2009.12.15 23:30:43 | 00,873,922 | ---- | M] () -- C:\Users\Kevin\AppData\Roaming\UserTile.png
[2009.12.12 23:11:46 | 00,001,058 | ---- | M] () -- C:\Users\Kevin\Desktop\Free PDF to Word Doc Converter.lnk
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.01.06 22:46:54 | 00,001,014 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.01.06 22:39:47 | 26,806,0851 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.01.06 19:23:34 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.06 19:23:34 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.06 19:23:33 | 00,065,536 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{b2add014-faeb-11de-b332-0019668066d3}.TM.blf
[2010.01.06 01:20:50 | 00,001,244 | ---- | C] () -- C:\Users\Kevin\Desktop\DVDVideoSoft Free Studio.lnk
[2010.01.05 14:26:29 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.05 14:26:29 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.05 14:26:29 | 00,065,536 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{317f99fd-f9f9-11de-b72e-0019668066d3}.TM.blf
[2010.01.05 13:52:51 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.05 13:52:51 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.05 13:52:51 | 00,065,536 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{4bfee32e-f9f0-11de-afff-0019668066d3}.TM.blf
[2010.01.04 22:36:12 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TMContainer00000000000000000002.regtrans-ms
[2010.01.04 22:36:12 | 00,524,288 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TMContainer00000000000000000001.regtrans-ms
[2010.01.04 22:36:12 | 00,065,536 | -HS- | C] () -- C:\Users\Kevin\NTUSER.DAT{10b7442e-f978-11de-9231-0019668066d3}.TM.blf
[2010.01.04 22:35:00 | 00,001,241 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.01.02 00:49:07 | 00,014,182 | ---- | C] () -- C:\Windows\SysWow64\DLLAV32.lib
[2010.01.02 00:47:42 | 00,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.12.26 21:53:24 | 00,638,976 | ---- | C] () -- C:\Windows\directx32v.exe
[2009.12.15 23:30:23 | 00,873,922 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\UserTile.png
[2009.12.12 23:11:46 | 00,001,058 | ---- | C] () -- C:\Users\Kevin\Desktop\Free PDF to Word Doc Converter.lnk
[2009.11.28 20:07:28 | 00,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.11.10 20:37:31 | 00,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2009.10.26 19:29:46 | 00,077,824 | ---- | C] () -- C:\Windows\SysWow64\csdlocalmon.dll
[2009.09.26 11:04:48 | 01,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2009.09.23 18:38:58 | 00,001,044 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\vso_ts_preview.xml
[2009.09.23 18:38:49 | 00,000,034 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.log
[2009.09.23 18:38:26 | 00,099,384 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\inst.exe
[2009.09.23 18:38:26 | 00,007,859 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.cat
[2009.09.23 18:38:26 | 00,001,167 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\pcouffin.inf
[2009.09.23 17:09:39 | 00,003,584 | ---- | C] () -- C:\Users\Kevin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.07.14 00:42:10 | 00,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 00,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
 

Code

 OTL Extras logfile created on: 06.01.2010 23:12:20 - Run 2
OTL by OldTimer - Version 3.1.21.0     Folder = C:\Users\Kevin\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74,43 Gb Total Space | 37,04 Gb Free Space | 49,76% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 127,99 Gb Total Space | 96,76 Gb Free Space | 75,60% Space Free | Partition Type: NTFS
Drive F: | 596,17 Gb Total Space | 477,15 Gb Free Space | 80,04% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: KEEF
Current User Name: Kevin
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.51
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.7.3.190b
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"eMule" = eMule
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free YouTube Download_is1" = Free YouTube Download 2.3
"iriver plus 3" = iriver plus 3 (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.0.3
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
[ Application Events ]
Error - 01.01.2010 19:24:33 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: USdx.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Name des fehlerhaften Moduls: USdx.exe, Version: 0.0.0.0, Zeitstempel:
 0x2a425e19  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000af06d  ID des fehlerhaften Prozesses:
 0x930  Startzeit der fehlerhaften Anwendung: 0x01ca8b39918bd048  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\UltraStar Deluxe\USdx.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\UltraStar Deluxe\USdx.exe  Berichtskennung: d0c6aafd-f72c-11de-9e0b-0019668066d3
 
Error - 01.01.2010 19:25:14 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Au_.exe, Version: 0.0.0.0, Zeitstempel:
 0x473efc34  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc000041d  Fehleroffset: 0x73f54cad  ID des fehlerhaften Prozesses:
 0xdbc  Startzeit der fehlerhaften Anwendung: 0x01ca8b399c2b2062  Pfad der fehlerhaften
 Anwendung: C:\Users\Kevin\AppData\Local\Temp\~nsu.tmp\Au_.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: e98df178-f72c-11de-9e0b-0019668066d3
 
Error - 01.01.2010 19:49:13 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: mgxmcmp2.exe, Version: 1.0.0.0, Zeitstempel:
 0x3bd86c3f  Name des fehlerhaften Moduls: ole32.dll, Version: 6.1.7600.16385, Zeitstempel:
 0x4a5bdac7  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002f109  ID des fehlerhaften Prozesses:
 0xcd4  Startzeit der fehlerhaften Anwendung: 0x01ca8b3d0259acc6  Pfad der fehlerhaften
 Anwendung: C:\Users\Kevin\AppData\Local\Temp\mgxmcmp2.exe  Pfad des fehlerhaften 
Moduls: C:\Windows\syswow64\ole32.dll  Berichtskennung: 431c6e05-f730-11de-9e0b-0019668066d3
 
Error - 03.01.2010 16:45:46 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 03.01.2010 16:48:12 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 03.01.2010 16:53:38 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 03.01.2010 16:55:15 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 03.01.2010 16:56:11 | Computer Name = Keef | Source = Avira AntiVir | ID = 4112
Description = 
 
Error - 05.01.2010 07:57:05 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: java.exe, Version: 6.0.150.3, Zeitstempel:
 0x4a6ad1a7  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x51365846  ID des fehlerhaften Prozesses:
 0xf54  Startzeit der fehlerhaften Anwendung: 0x01ca8dfe2f229f99  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Java\jre6\bin\java.exe  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 71263347-f9f1-11de-afff-0019668066d3
 
Error - 06.01.2010 16:35:54 | Computer Name = Keef | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: trillian.exe, Version: 4.0.0.118,
 Zeitstempel: 0x4aae4ba1  Name des fehlerhaften Moduls: buddy.dll, Version: 4.0.0.117,
 Zeitstempel: 0x4a82cd6b  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003656d  ID des fehlerhaften
 Prozesses: 0x630  Startzeit der fehlerhaften Anwendung: 0x01ca8f0fbd4cf552  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Trillian\trillian.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Trillian\buddy.dll  Berichtskennung: 15d31cba-fb03-11de-8e2f-0019668066d3
 
[ System Events ]
Error - 06.01.2010 17:42:49 | Computer Name = Keef | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 06.01.2010 17:43:04 | Computer Name = Keef | Source = BugCheck | ID = 1001
Description = 
 
Error - 06.01.2010 17:43:25 | Computer Name = Keef | Source = Service Control Manager | ID = 7030
Description = Der Dienst "--" ist als interaktiver Dienst gekennzeichnet. Das System
 wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der 
Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 06.01.2010 17:43:29 | Computer Name = Keef | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 -- erreicht.
 
Error - 06.01.2010 17:43:29 | Computer Name = Keef | Source = Service Control Manager | ID = 7000
Description = Der Dienst "--" wurde aufgrund folgenden Fehlers nicht gestartet: 
  %%1053
 
Error - 06.01.2010 17:48:13 | Computer Name = Keef | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?01.?2010 um 22:46:49 unerwartet heruntergefahren.
 
Error - 06.01.2010 17:48:07 | Computer Name = Keef | Source = Microsoft-Windows-Kernel-Processor-Power | ID = 6
Description = Einige Funktionen zur Energieverwaltung im Leistungsstatus wurden 
im Prozessor aufgrund eines bekannten Firmwareproblems deaktiviert. Wenden Sie sich
 an den Computerhersteller, um aktualisierte Firmware zu erhalten.
 
Error - 06.01.2010 17:48:19 | Computer Name = Keef | Source = BugCheck | ID = 1001
Description = 
 
Error - 06.01.2010 17:48:42 | Computer Name = Keef | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 -- erreicht.
 
Error - 06.01.2010 17:48:42 | Computer Name = Keef | Source = Service Control Manager | ID = 7000
Description = Der Dienst "--" wurde aufgrund folgenden Fehlers nicht gestartet: 
  %%1053
 
 
< End of report >
  

#14 Hast Du Schritt 2 ausgeführt???
Wo ist das MBAM Log?

#15 oh shit

Code

Malwarebytes' Anti-Malware 1.43
Datenbank Version: 3506
Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.01.2010 06:08:12
mbam-log-2010-01-07 (06-08-12).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 92202
Laufzeit: 3 minute(s), 1 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)