Browser Hijacked?

#0
21.06.2011, 13:11
Member

Beiträge: 67
#1 Hallo liebe Board User,

Ich hatte vor kurzem ein problem festgestellt, bei dem ich dachte, es kommt bloß in firefox vor. Dann hatte ich IE9 und Google Chrome gestartet, und dort kam ebenfalls das selbe problem vor.

es geht um folgendes.

sobald ich über google etwas suche, leitet mich das suchergebnis auf werbung um (2x), beim dritten mal komm ich zur eigentlich gewünschten webseite.

über hijackthis hatte ich in der logfileauswertung nix auffälliges gefunden.
kaspersky cbe11 hat auch nix gemeldet, ausser dass manchmal über die werbe seiten, schädliche dateien im hintergrund geladen werden (zum glück von kasper. blockiert)

über google hatte ich auch einige funde, über mein problem... allerdings ist jedes problem ein wenig anders. sprich, man müsste jeden befall neu behandeln... so hatte ich das verstanden.


Ich habe auch soeben, vor dem beitrag versucht combofix logfile zu erstellen.
aber das erste problem nach dem neustart war: der bildschirm blieb minuten lang schwarz, keine reaktionen...
dann nachm reset lief das programm automatisch weiter...
aber da ich ja wegen combofix meine schutzprogramme abschalten muss, habe ich auch meine internet verbindung getrennt. deswegen hat der browser mich nirgends hingleitet -.- und das programm hat mir auch kein log gegeben.

pls help

grüße jiggy
Seitenanfang Seitenende
22.06.2011, 19:11
Moderator

Beiträge: 5694
#2 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:

Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2

Rootkit-Suche mit Gmer

Was sind Rootkits?

Wichtig: Bei jedem Rootkit-Scans soll/en:

• alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.
Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Gmer ist geeignet für => NT/W2K/XP/VISTA.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
• Gmer startet automatisch einen ersten Scan.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

Code

WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?

• Unbedingt auf "No" klicken,
anschließend über den Copy-Button das bisherige Resultat in die Zwischenablage zu kopieren.
• Füge das Log aus der Zwischenablage mit STRG + V in Deine Antwort in Deinem Thread ein.
.
• Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
• Hake an: System, Sections, IAT/EAT, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
Wichtig: "Show all" darf nicht angehakt sein!
• Starte den Scan durch Drücken des Buttons "Scan".
Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren.
Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in Deine Antwort hier ein (mit STRG + V).

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun das Logfile in Code-Tags posten.
Seitenanfang Seitenende
23.06.2011, 14:01
Member

Themenstarter

Beiträge: 67
#3

Code

 OTL logfile created on: 23.06.2011 12:42:33 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jiggy Lee\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,99 Gb Total Physical Memory | 6,40 Gb Available Physical Memory | 80,15% Memory free
15,98 Gb Paging File | 13,31 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 59,67 Gb Free Space | 40,03% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 92,28 Gb Free Space | 9,91% Space Free | Partition Type: NTFS
Drive G: | 372,61 Gb Total Space | 64,03 Gb Free Space | 17,18% Space Free | Partition Type: NTFS

Computer Name: JIGGYLEE-PC | User Name: Jiggy Lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.06.23 12:39:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jiggy Lee\Desktop\OTL.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.28 14:26:47 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\plugins\LCDAppletsMono-1.00.027\Applets\x86\LCDMedia.exe
PRC - [2011.05.27 11:05:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.04.13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe
PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.01.11 23:41:28 | 001,496,528 | ---- | M] (TrueCrypt Foundation) -- C:\Programme\TrueCrypt\TrueCrypt.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.09.17 14:42:06 | 001,729,376 | ---- | M] (Alcohol Soft Development Team) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\Alcohol.exe
PRC - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe
PRC - [2009.08.20 21:31:56 | 007,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2009.08.19 20:12:08 | 001,043,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\TurboV EVO\TurboVHELP.exe
PRC - [2009.07.17 17:48:30 | 000,952,320 | ---- | M] (ASUSTek) -- C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe
PRC - [2009.07.17 14:48:18 | 006,038,016 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
PRC - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.04.02 06:27:28 | 000,090,112 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - [2011.06.23 12:39:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jiggy Lee\Desktop\OTL.exe
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.02 11:59:52 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.05.27 11:05:57 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.04.13 15:39:50 | 000,387,696 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe -- (AVP)
SRV - [2011.02.02 12:00:32 | 000,052,288 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.23 23:34:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Running] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009.06.18 16:19:30 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.04.02 06:27:28 | 000,090,112 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.15 14:06:47 | 000,556,120 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.21 13:22:06 | 000,452,200 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.27 17:37:13 | 000,521,784 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.01.21 13:48:55 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.01.16 17:33:18 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.16 17:33:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.01.11 23:41:29 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.12.28 14:31:13 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2010.12.28 14:31:13 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.06.09 17:44:00 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2010.06.09 17:43:56 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.04.29 07:55:42 | 000,032,768 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.04.22 19:07:36 | 000,027,736 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.08.13 23:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.10 05:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2D E4 87 A8 82 A6 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.06.10 13:11:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.06.10 13:11:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.22 01:29:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.17 13:08:59 | 000,000,000 | ---D | M]

[2011.05.27 14:42:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Extensions
[2011.05.27 14:38:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\0sczgiwt.default\extensions
[2011.05.27 14:38:07 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\0sczgiwt.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.27 14:38:08 | 000,000,000 | ---D | M] (Vuze Remote Toolbar) -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\0sczgiwt.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2011.05.27 14:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\eh14amv5.default\extensions
[2011.05.27 14:38:13 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\eh14amv5.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.05.27 14:38:13 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\eh14amv5.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.05.27 14:38:13 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\eh14amv5.default\extensions\battlefieldplay4free@ea.com
[2011.05.27 14:38:13 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\eh14amv5.default\extensions\DeviceDetection@logitech.com
[2011.05.27 14:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jiggy Lee\AppData\Roaming\mozilla\Firefox\Profiles\eh14amv5.default\extensions\nostmp
[2011.05.27 14:41:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.11 13:23:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.08 17:17:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.05.16 09:51:29 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@Kaspersky.ru
[2011.05.16 09:51:28 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
File not found (No name found) -- C:\USERS\JIGGY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SCZGIWT.DEFAULT\EXTENSIONS\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[2011.06.22 01:29:26 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2008.02.22 17:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.12.13 14:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml
[2011.05.26 14:00:59 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.06.21 12:59:00 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [combofix] File not found
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files (x86)\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [TurboVRemote] C:\Program Files (x86)\ASUS\TurboV Remote\TurboVRemote.exe (ASUSTek)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GameTracker] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Jiggy Lee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jiggy Lee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Jiggy Lee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Jiggy Lee\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\ie_banner_deny.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Suite CBE 11\klwtbbho.dll (Kaspersky Lab ZAO)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 78.42.43.62 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab ZAO)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab ZAO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.iyuv - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.uyvy - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yuy2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvu9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: vidc.yvyu - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.06.23 12:39:51 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Jiggy Lee\Desktop\OTL.exe
[2011.06.22 11:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.06.22 11:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.06.22 11:09:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.06.22 11:07:47 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011.06.21 12:50:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.21 12:50:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.21 12:50:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.21 12:49:57 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.21 12:49:56 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.06.21 12:48:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.21 00:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.06.21 00:05:11 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011.06.21 00:05:11 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2011.06.19 14:34:54 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\Desktop\glovepie
[2011.06.17 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.06.17 13:08:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.06.08 17:52:47 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\AppData\Local\ALI213
[2011.06.05 12:44:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.06.05 12:43:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2011.06.05 12:37:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2011.06.05 12:36:40 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2011.06.02 22:41:13 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\AppData\Roaming\Ubisoft
[2011.06.02 22:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2011.06.02 22:04:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011.05.28 14:26:43 | 000,000,000 | ---D | C] -- C:\Programme\Logitech Gaming Software
[2011.05.27 15:59:53 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2011.05.27 14:54:38 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011.05.27 14:54:21 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\AppData\Local\Google
[2011.05.27 14:53:57 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\AppData\Local\Apps
[2011.05.27 14:53:56 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\AppData\Local\Deployment
[2011.05.27 14:49:12 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.05.27 10:44:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011.05.26 14:10:11 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\Documents\Alcohol 52%
[2011.05.26 14:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 52%
[2011.05.26 14:01:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2011.05.26 13:05:33 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\AppData\Local\reakktor
[2011.05.26 13:01:01 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\Documents\Reakktor Media
[2011.05.26 12:03:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011.05.26 00:06:14 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2011.05.26 00:06:03 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2011.05.25 14:43:26 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\Documents\Battlefield Play4Free
[2011.05.25 14:42:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2011.05.25 14:36:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2011.05.25 14:29:29 | 000,000,000 | ---D | C] -- C:\AMD
[2011.05.25 05:04:10 | 000,485,376 | ---- | C] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011.05.25 05:03:38 | 000,204,288 | ---- | C] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011.05.25 05:02:30 | 000,120,320 | ---- | C] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011.05.25 05:01:54 | 000,016,384 | ---- | C] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011.05.24 19:31:10 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\Documents\Rockstar Games
[2011.05.24 19:28:44 | 000,000,000 | ---D | C] -- C:\Users\Jiggy Lee\AppData\Local\Rockstar Games
[2011.05.24 16:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto IV - Episodes From Liberty City
[2011.05.24 14:56:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2011.05.24 14:52:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blue Ripple Sound
[2011.05.24 14:52:48 | 001,417,216 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\SysWow64\rapture3d_oal.dll
[2011.05.24 14:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BRS
[2011.05.24 14:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.06.23 12:39:51 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Jiggy Lee\Desktop\OTL.exe
[2011.06.23 12:19:02 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.06.23 12:04:02 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-547078211-2791228535-1131960143-1001UA.job
[2011.06.23 12:04:02 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.06.23 11:57:07 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.23 11:57:07 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.23 11:55:02 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.06.23 11:41:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.22 22:04:04 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-547078211-2791228535-1131960143-1001Core.job
[2011.06.22 12:01:58 | 000,000,417 | ---- | M] () -- C:\Users\Jiggy Lee\Documents\ax_files.xml
[2011.06.22 11:37:12 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2011.06.22 11:37:12 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2011.06.22 11:32:45 | 000,001,073 | ---- | M] () -- C:\Users\Jiggy Lee\Desktop\sddsfdsf.sft
[2011.06.22 10:58:16 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\EBXQGQOKR.job
[2011.06.22 10:58:00 | 2140,446,719 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.21 22:58:26 | 001,612,672 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.21 22:58:26 | 000,696,670 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.21 22:58:26 | 000,651,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.21 22:58:26 | 000,147,966 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.21 22:58:26 | 000,120,920 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.21 21:25:20 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.06.21 21:25:20 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.06.21 21:19:11 | 000,266,400 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2011.06.21 21:12:33 | 2093,539,328 | ---- | M] () -- C:\Users\Jiggy Lee\Desktop\rano-pterroruncut-xvid.avi
[2011.06.21 15:11:47 | 1853,868,032 | ---- | M] () -- C:\Users\Jiggy Lee\Desktop\epic-sucker.punch.ext.avi
[2011.06.21 12:59:00 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.06.21 06:40:15 | 1569,114,112 | ---- | M] () -- C:\Users\Jiggy Lee\Desktop\pb-green.lantern.avi
[2011.06.21 00:05:45 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.19 14:36:50 | 000,001,377 | ---- | M] () -- C:\Users\Jiggy Lee\Desktop\ME2Controller.PIE
[2011.06.15 17:08:14 | 000,414,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.08 17:27:07 | 000,000,176 | ---- | M] () -- C:\Users\Jiggy Lee\AppData\Roaming\default.rss
[2011.05.28 10:44:24 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.05.28 00:58:55 | 001,574,636 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.27 11:05:57 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.27 10:44:40 | 000,000,331 | ---- | M] () -- C:\Windows\game.ini
[2011.05.25 18:12:31 | 000,000,032 | ---- | M] () -- C:\Windows\Menu.INI
[2011.05.25 05:08:34 | 000,166,624 | ---- | M] () -- C:\Windows\SysNative\atiapfxx.blb
[2011.05.25 05:04:10 | 000,485,376 | ---- | M] (AMD) -- C:\Windows\SysNative\atieclxx.exe
[2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) -- C:\Windows\SysNative\atiesrxx.exe
[2011.05.25 05:02:30 | 000,120,320 | ---- | M] (AMD) -- C:\Windows\SysNative\atitmm64.dll
[2011.05.25 05:01:54 | 000,016,384 | ---- | M] (AMD) -- C:\Windows\SysNative\atimuixx.dll
[2011.05.25 04:55:20 | 001,127,552 | ---- | M] () -- C:\Windows\SysNative\atiumd6a.cap
[2011.05.25 04:49:54 | 001,127,552 | ---- | M] () -- C:\Windows\SysWow64\atiumdva.cap
[2011.05.25 04:19:00 | 000,058,880 | ---- | M] (AMD) -- C:\Windows\SysNative\coinst.dll
[2011.05.24 23:44:30 | 000,061,952 | ---- | M] () -- C:\Windows\SysNative\OVDecode64.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | M] () -- C:\Windows\SysWow64\OVDecode.dll
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[8 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.06.22 13:05:42 | 2093,539,328 | ---- | C] () -- C:\Users\Jiggy Lee\Desktop\rano-pterroruncut-xvid.avi
[2011.06.22 12:39:59 | 1569,114,112 | ---- | C] () -- C:\Users\Jiggy Lee\Desktop\pb-green.lantern.avi
[2011.06.22 12:08:32 | 000,001,073 | ---- | C] () -- C:\Users\Jiggy Lee\Desktop\sddsfdsf.sft
[2011.06.21 21:40:09 | 1853,868,032 | ---- | C] () -- C:\Users\Jiggy Lee\Desktop\epic-sucker.punch.ext.avi
[2011.06.21 12:50:00 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.21 12:50:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.21 12:50:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.21 12:50:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.21 12:50:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.21 00:05:45 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.19 14:36:50 | 000,001,377 | ---- | C] () -- C:\Users\Jiggy Lee\Desktop\ME2Controller.PIE
[2011.06.17 13:08:59 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.05.27 14:54:24 | 000,001,136 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-547078211-2791228535-1131960143-1001UA.job
[2011.05.27 14:54:22 | 000,001,084 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-547078211-2791228535-1131960143-1001Core.job
[2011.05.27 14:41:07 | 000,001,150 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.05.27 10:44:40 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2011.05.26 14:09:44 | 000,000,417 | ---- | C] () -- C:\Users\Jiggy Lee\Documents\ax_files.xml
[2011.05.26 12:53:39 | 001,574,636 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.05.26 00:07:06 | 000,095,744 | ---- | C] () -- C:\Windows\SysNative\RDVGHelper.exe
[2011.05.26 00:06:53 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2011.05.26 00:05:56 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2011.05.26 00:05:51 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2011.05.26 00:05:51 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2011.05.26 00:05:43 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2011.05.26 00:05:43 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2011.05.25 05:08:34 | 000,166,624 | ---- | C] () -- C:\Windows\SysNative\atiapfxx.blb
[2011.05.25 04:55:20 | 001,127,552 | ---- | C] () -- C:\Windows\SysNative\atiumd6a.cap
[2011.05.25 04:49:54 | 001,127,552 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.cap
[2011.05.24 23:44:30 | 000,061,952 | ---- | C] () -- C:\Windows\SysNative\OVDecode64.dll
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.23 16:53:53 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.04.12 22:22:06 | 000,000,046 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_urlsnooper_InstallInfo.dat
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.21 20:18:20 | 000,139,776 | RHS- | C] () -- C:\Windows\SysWow64\vdmdbgz.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.03.03 22:40:39 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2011.03.03 22:40:39 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2011.03.03 22:40:34 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2011.03.03 22:40:34 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2011.03.03 22:17:10 | 000,035,545 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2011.03.03 22:16:39 | 000,025,476 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.03.01 17:08:34 | 000,000,176 | ---- | C] () -- C:\Users\Jiggy Lee\AppData\Roaming\default.rss
[2011.02.27 18:21:29 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.02.26 12:53:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.02.06 17:55:18 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.01.25 14:47:53 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.12.28 15:12:28 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.28 15:12:26 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.12.28 15:12:26 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.28 14:07:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.08.01 05:39:28 | 000,012,536 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[color=#E56717]========== LOP Check ==========[/color]

[2011.01.16 17:34:17 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\Atari
[2011.05.25 19:13:09 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\Azureus
[2010.12.28 13:57:33 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\CheckPoint
[2011.01.29 14:24:54 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2011.01.21 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\DAEMON Tools Lite
[2011.04.12 22:22:06 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\DonationCoder
[2011.01.19 01:40:24 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\DVDVideoSoft
[2010.12.28 19:18:38 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.02.03 15:47:43 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\Hi-Rez Studios
[2011.06.23 12:41:23 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\ICQ
[2010.12.28 14:30:30 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\Leadertech
[2011.01.11 23:53:32 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\TrueCrypt
[2011.01.28 15:15:03 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\TS3Client
[2011.06.02 22:41:13 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\Ubisoft
[2011.02.08 20:38:43 | 000,000,000 | ---D | M] -- C:\Users\Jiggy Lee\AppData\Roaming\Unity
[2011.06.22 10:58:16 | 000,000,308 | -HS- | M] () -- C:\Windows\Tasks\EBXQGQOKR.job
[2011.04.26 07:41:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.23 11:55:02 | 000,000,300 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.06.23 12:19:02 | 000,000,254 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.06.23 12:04:02 | 000,000,300 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*.* >[/color]
[2010.11.20 14:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
[2010.12.28 12:41:47 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2011.05.28 10:44:24 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2011.06.22 10:58:00 | 2140,446,719 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.22 10:58:07 | 4285,587,455 | -HS- | M] () -- C:\pagefile.sys
[2010.12.28 12:50:36 | 000,171,136 | RHS- | M] () -- C:\w7ldr

[color=#A23BEC]< %systemroot%\system32\*.wt >[/color]

[color=#A23BEC]< %systemroot%\system32\*.ruy >[/color]

[color=#A23BEC]< %systemroot%\Fonts\*.com >[/color]
[2009.07.14 07:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 07:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 07:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 07:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

[color=#A23BEC]< %systemroot%\Fonts\*.dll >[/color]

[color=#A23BEC]< %systemroot%\Fonts\*.ini >[/color]
[2009.06.10 22:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

[color=#A23BEC]< %systemroot%\Fonts\*.ini2 >[/color]

[color=#A23BEC]< %systemroot%\system32\spool\prtprocs\w32x86\*.* >[/color]

[color=#A23BEC]< %systemroot%\REPAIR\*.bak1 >[/color]

[color=#A23BEC]< %systemroot%\REPAIR\*.ini >[/color]

[color=#A23BEC]< %systemroot%\system32\*.jpg >[/color]

[color=#A23BEC]< %systemroot%\*.scr >[/color]

[color=#A23BEC]< %systemroot%\*._sy >[/color]

[color=#A23BEC]< %APPDATA%\Adobe\Update\*.* >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Favorites\*.* >[/color]

[color=#A23BEC]< %APPDATA%\Microsoft\*.* >[/color]

[color=#A23BEC]< %PROGRAMFILES%\*.* >[/color]
[2009.07.14 06:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

[color=#A23BEC]< %APPDATA%\Update\*.* >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009.07.14 03:15:20 | 000,380,957 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\expsrv.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\msvbvm60.dll
[2011.03.21 20:18:20 | 000,139,776 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\SysWOW64\vdmdbgz.dll
[2010.11.20 14:21:37 | 011,410,432 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
[2011.06.22 10:58:16 | 000,000,308 | -HS- | M] () Unable to obtain MD5 -- C:\Windows\Tasks\EBXQGQOKR.job

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< %systemroot%\system32\user32.dll /md5 >[/color]
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\system32\ws2_32.dll /md5 >[/color]
[2010.11.20 14:21:38 | 000,206,848 | ---- | M] (Microsoft Corporation) MD5=7FF15A4F092CD4A96055BA69F903E3E9 -- C:\Windows\SysWOW64\ws2_32.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

[color=#A23BEC]< %systemroot%\system32\ws2help.dll /md5 >[/color]
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]


[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B946D9EE
@Alternate Data Stream - 168 bytes -> C:\Users\Jiggy Lee\Documents\Seite4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Jiggy Lee\Documents\Seite3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Jiggy Lee\Documents\Seite2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Jiggy Lee\Documents\Seite 1.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >


OTL Extras logfile created on: 23.06.2011 12:42:33 - Run 1
OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\Jiggy Lee\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,99 Gb Total Physical Memory | 6,40 Gb Available Physical Memory | 80,15% Memory free
15,98 Gb Paging File | 13,31 Gb Available in Paging File | 83,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,04 Gb Total Space | 59,67 Gb Free Space | 40,03% Space Free | Partition Type: NTFS
Drive D: | 5,40 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 931,51 Gb Total Space | 92,28 Gb Free Space | 9,91% Space Free | Partition Type: NTFS
Drive G: | 372,61 Gb Total Space | 64,03 Gb Free Space | 17,18% Space Free | Partition Type: NTFS

Computer Name: JIGGYLEE-PC | User Name: Jiggy Lee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== System Restore Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[color=#E56717]========== Firewall Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416023FF}" = Java(TM) 6 Update 23 (64-bit)
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software 7.00
"{6A9B5F9E-CAF3-2264-9DA0-E374F9A34279}" = AMD Drag and Drop Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"sp6" = Logitech SetPoint 6.20
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{086A7D8C-0A38-4C7F-819A-620275550D5C}" = Nero Burning ROM Help
"{09B9A2C2-FB96-BA16-60E3-23B7B12A69BE}" = Application Profiles
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 24
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"{434D0FA0-AB8C-497F-B30A-7A1000018201}" = DiRT 3
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{45410935-B52C-468A-A836-0D1000018202}" = BulletStorm
"{491D92A9-69CA-4EB4-81D3-0106F9337957}" = TurboV EVO
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51942928-CA56-4A3D-8A3D-60731B528E35}" = TurboV Remote
"{56B83336-FBC1-4C46-8613-90A9E3B440D6}" = EPU-6 Engine
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5E08ECD1-C98E-4711-BF65-8FD736B3F969}" = Nero RescueAgent Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77E33D87-255E-413E-9C8D-EED2A7F9BEBF}" = Nero Live Help
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{85243696-5E58-4357-9CF8-3498C609941D}" = NeroLiveGadget Help
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8ED35B48-AFBD-4F32-8271-2257AD8B907E}_is1" = Grand Theft Auto IV - Episodes From Liberty City
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{98A67610-A3B5-4098-A423-3708040026D3}" = "Nero SoundTrax Help
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{9E9FDDE6-2C26-492A-85A0-05646B3F2795}" = NeroLiveGadget
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{c134936e-0ef5-4a49-bcc4-b1ba51c85907}" = Nero 9
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.8 Game
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DF6A95F5-ADC1-406A-BDC6-2AA7CC0182AA}" = Nero Live
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{E8C37E27-5205-4C8A-BECB-B00533045AAE}" = SHIFT 2 UNLEASHED™
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alice: Madness Returns_is1" = Alice: Madness Returns
"Any DVD Cloner Platinum_is1" = Any DVD Cloner Platinum 1.0.9
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"EVE" = EVE Online (remove only)
"Free Video to Android Converter_is1" = Free Video to Android Converter version 2.2.12
"Free YouTube Download_is1" = Free YouTube Download version 2.10.29
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GFWL_{434D0FA0-1558-4D8E-AC3D-BD1000008200}" = DiRT 3
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Security Suite CBE 11
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.1.0 (Basic)
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10680" = Aliens vs. Predator
"Steam App 240" = Counter-Strike: Source
"Steam App 50130" = Mafia II
"Steam App 55100" = HOMEFRONT
"Steam App 8190" = Just Cause 2
"Steam App 9860" = The Chronicles of Riddick: Assault on Dark Athena
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 1.1.7

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 14.06.2011 07:06:42 | Computer Name = JiggyLee-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 15.06.2011 16:06:47 | Computer Name = JiggyLee-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 7.4.0.4629, Zeitstempel:
0x4d6cea5e Name des fehlerhaften Moduls: Flash10o.ocx, Version: 10.2.153.1, Zeitstempel:
0x4d79ae94 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00198a56 ID des fehlerhaften Prozesses:
0x41c Startzeit der fehlerhaften Anwendung: 0x01cc2b6efa0ab293 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\ICQ7.4\ICQ.exe Pfad des fehlerhaften Moduls: C:\Windows\SysWOW64\Macromed\Flash\Flash10o.ocx
Berichtskennung:
ff481642-978a-11e0-95a2-90e6ba718b81

Error - 17.06.2011 10:19:40 | Computer Name = JiggyLee-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: alice.exe, Version: 1.0.0.0, Zeitstempel:
0x4dc24f63 Name des fehlerhaften Moduls: alice.exe, Version: 1.0.0.0, Zeitstempel:
0x4dc24f63 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00016032 ID des fehlerhaften Prozesses:
0x15ac Startzeit der fehlerhaften Anwendung: 0x01cc2cf9820ecde1 Pfad der fehlerhaften
Anwendung: G:\Program Files (x86)\EA Games\Alice Madness Returns\Alice1\bin\alice.exe
Pfad
des fehlerhaften Moduls: G:\Program Files (x86)\EA Games\Alice Madness Returns\Alice1\bin\alice.exe
Berichtskennung:
d6416c78-98ec-11e0-bacf-90e6ba718b81

Error - 18.06.2011 03:31:34 | Computer Name = JiggyLee-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error - 18.06.2011 03:31:44 | Computer Name = JiggyLee-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error - 18.06.2011 05:25:14 | Computer Name = JiggyLee-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Crysis2.exe, Version: 1.8.0.0, Zeitstempel:
0x00000000 Name des fehlerhaften Moduls: Crysis2.exe, Version: 1.8.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0072ca60 ID des fehlerhaften Prozesses:
0xff0 Startzeit der fehlerhaften Anwendung: 0x01cc2d965331dd27 Pfad der fehlerhaften
Anwendung: F:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe
Pfad
des fehlerhaften Moduls: F:\Program Files (x86)\Electronic Arts\Crytek\Crysis 2\bin32\Crysis2.exe
Berichtskennung:
de9d16e0-998c-11e0-938a-90e6ba718b81

Error - 18.06.2011 11:57:06 | Computer Name = JiggyLee-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AliceMadnessReturns.exe, Version:
1.0.0.0, Zeitstempel: 0x4dc89913 Name des fehlerhaften Moduls: KERNELBASE.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7bafa Ausnahmecode: 0x00000001 Fehleroffset: 0x0000b727
ID
des fehlerhaften Prozesses: 0x1730 Startzeit der fehlerhaften Anwendung: 0x01cc2dccf89fc1a5
Pfad
der fehlerhaften Anwendung: G:\Program Files (x86)\EA Games\Alice Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 9d5addfa-99c3-11e0-938a-90e6ba718b81

Error - 18.06.2011 11:57:09 | Computer Name = JiggyLee-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AliceMadnessReturns.exe, Version:
1.0.0.0, Zeitstempel: 0x4dc89913 Name des fehlerhaften Moduls: AliceMadnessReturns.exe,
Version: 1.0.0.0, Zeitstempel: 0x4dc89913 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00c547d3 ID des fehlerhaften Prozesses: 0x1730 Startzeit der fehlerhaften Anwendung:
0x01cc2dccf89fc1a5 Pfad der fehlerhaften Anwendung: G:\Program Files (x86)\EA Games\Alice
Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe Pfad des fehlerhaften
Moduls: G:\Program Files (x86)\EA Games\Alice Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe
Berichtskennung:
9ec4fa97-99c3-11e0-938a-90e6ba718b81

Error - 18.06.2011 12:16:18 | Computer Name = JiggyLee-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AliceMadnessReturns.exe, Version:
1.0.0.0, Zeitstempel: 0x4dc89913 Name des fehlerhaften Moduls: KERNELBASE.dll, Version:
6.1.7601.17514, Zeitstempel: 0x4ce7bafa Ausnahmecode: 0x00000001 Fehleroffset: 0x0000b727
ID
des fehlerhaften Prozesses: 0x157c Startzeit der fehlerhaften Anwendung: 0x01cc2dd255d3a385
Pfad
der fehlerhaften Anwendung: G:\Program Files (x86)\EA Games\Alice Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe
Pfad
des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll Berichtskennung: 4bf03af8-99c6-11e0-938a-90e6ba718b81

Error - 18.06.2011 12:16:21 | Computer Name = JiggyLee-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AliceMadnessReturns.exe, Version:
1.0.0.0, Zeitstempel: 0x4dc89913 Name des fehlerhaften Moduls: AliceMadnessReturns.exe,
Version: 1.0.0.0, Zeitstempel: 0x4dc89913 Ausnahmecode: 0xc0000005 Fehleroffset:
0x00c547d3 ID des fehlerhaften Prozesses: 0x157c Startzeit der fehlerhaften Anwendung:
0x01cc2dd255d3a385 Pfad der fehlerhaften Anwendung: G:\Program Files (x86)\EA Games\Alice
Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe Pfad des fehlerhaften
Moduls: G:\Program Files (x86)\EA Games\Alice Madness Returns\Alice2\Binaries\Win32\AliceMadnessReturns.exe
Berichtskennung:
4d48cb24-99c6-11e0-938a-90e6ba718b81

[ System Events ]
Error - 22.06.2011 09:26:37 | Computer Name = JiggyLee-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535

Error - 22.06.2011 09:26:37 | Computer Name = JiggyLee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535

Error - 22.06.2011 09:37:35 | Computer Name = JiggyLee-PC | Source = bowser | ID = 8003
Description =

Error - 22.06.2011 19:27:48 | Computer Name = JiggyLee-PC | Source = PNRPSvc | ID = 102
Description =

Error - 22.06.2011 19:27:48 | Computer Name = JiggyLee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535

Error - 22.06.2011 19:27:48 | Computer Name = JiggyLee-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535

Error - 23.06.2011 05:41:47 | Computer Name = JiggyLee-PC | Source = PNRPSvc | ID = 102
Description =

Error - 23.06.2011 05:41:47 | Computer Name = JiggyLee-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
beendet: %%-2140993535

Error - 23.06.2011 05:41:47 | Computer Name = JiggyLee-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%-2140993535

Error - 23.06.2011 05:41:49 | Computer Name = JiggyLee-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.


< End of report >


beim rootkit malware hab ich zwar das logfile, allerdings erschien mir kein fehler und ich konnte dennoch diese system, sections etc. optionen nicht anklicken

Code


GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-23 13:56:57
Windows 6.1.7601 Service Pack 1
Running: cbr6odfu.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xF9 0x6C 0x0F 0x69 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0C 0x8F 0xD4 0x72 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x19 0xB8 0xA7 0x06 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x93 0x1F 0x1B 0xC2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0xB4 0x17 0x7D ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x55 0x91 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xB3 0x08 0x3C 0xA4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 52\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x8E 0xBC 0xDC 0xB4 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x0C 0x8F 0xD4 0x72 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x15 0x2A 0xC5 0xBA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x9B 0x66 0xC5 0xB1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x01 0xB4 0x17 0x7D ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x29 0x55 0x91 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x9F 0x83 0xC1 0x64 ...

---- EOF - GMER 1.0.15 ----
Seitenanfang Seitenende
23.06.2011, 20:39
Moderator

Beiträge: 5694
#4 Schritt 1
Fixen mit OTL

• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O4 - HKLM..\Run: [combofix] File not found
O4 - HKCU..\Run: [GameTracker] File not found
O32 - AutoRun File - [2010.02.10 03:55:59 | 000,423,304 | R--- | M] (Electronic Arts) - D:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 08:21:09 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2010.01.31 10:21:13 | 000,367,686 | R--- | M] () - D:\Autorun.ico -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:55:03 | 009,965,568 | R--- | M] () - D:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.02.10 04:54:55 | 000,000,155 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
[2011.06.23 12:19:02 | 000,000,254 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2011.06.23 12:04:02 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.06.23 11:55:02 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.06.22 10:58:16 | 000,000,308 | -HS- | M] () -- C:\Windows\tasks\EBXQGQOKR.job
@Alternate Data Stream - 169 bytes -> C:\ProgramData\TEMP:B946D9EE
@Alternate Data Stream - 168 bytes -> C:\Users\Jiggy Lee\Documents\Seite4.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Jiggy Lee\Documents\Seite3.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Jiggy Lee\Documents\Seite2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Jiggy Lee\Documents\Seite 1.jpeg:3or4kl4x13tuuug3Byamue2s4b
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu
Seitenanfang Seitenende
23.06.2011, 21:58
Member

Themenstarter

Beiträge: 67
#5

Code



All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\combofix deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\GameTracker deleted successfully.
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File  not found.
File move failed. D:\Autorun.ico scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job moved successfully.
C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job moved successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job moved successfully.
C:\Windows\Tasks\EBXQGQOKR.job moved successfully.
ADS C:\ProgramData\TEMP:B946D9EE deleted successfully.
ADS C:\Users\Jiggy Lee\Documents\Seite4.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Jiggy Lee\Documents\Seite3.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Jiggy Lee\Documents\Seite2.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
ADS C:\Users\Jiggy Lee\Documents\Seite 1.jpeg:3or4kl4x13tuuug3Byamue2s4b deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 198235344 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: Jiggy Lee
->Temp folder emptied: 91272132 bytes
->Temporary Internet Files folder emptied: 21114387 bytes
->Java cache emptied: 2824908 bytes
->FireFox cache emptied: 421569895 bytes
->Google Chrome cache emptied: 410017768 bytes
->Flash cache emptied: 2746 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1213491 bytes
%systemroot%\System32 .tmp files removed: 6475968 bytes
%systemroot%\System32 (64bit) .tmp files removed: 29168640 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 96798 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50568 bytes
RecycleBin emptied: 389952 bytes

Total Files Cleaned = 1.128,00 mb


OTL by OldTimer - Version 3.2.24.1 log created on 06232011_213956

Files\Folders moved on Reboot...
File move failed. D:\AutoRun.exe scheduled to be moved on reboot.
File move failed. D:\Autorun.ico scheduled to be moved on reboot.
File move failed. D:\autorun.dat scheduled to be moved on reboot.
File move failed. D:\autorun.inf scheduled to be moved on reboot.
C:\Users\Jiggy Lee\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\SysNative\SET2B6D.tmp not found!
File\Folder C:\Windows\SysNative\SET3124.tmp not found!
File\Folder C:\Windows\SysNative\SET331D.tmp not found!
File\Folder C:\Windows\SysNative\SET333E.tmp not found!
File\Folder C:\Windows\SysNative\SET335F.tmp not found!
File\Folder C:\Windows\SysNative\SET4064.tmp not found!
File\Folder C:\Windows\temp\kls9C4E.tmp not found!

Registry entries deleted on Reboot...
Seitenanfang Seitenende
24.06.2011, 00:20
Member

Themenstarter

Beiträge: 67
#6 hmm... swiss...
ich hab immernoch diesen verdammten bot...
immer das selbe, wenn ich auf ein suchergebnis in google klick
Seitenanfang Seitenende
24.06.2011, 14:50
Moderator

Beiträge: 5694
#7 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

BleepingComputer
ForoSpyware**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**




• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
• Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
• Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren: