BKA Trojaner war zu besuch :( shell.txt+OTL.txt+Extras.txt

29.11.2011, 09:08

Reni_Driver

...neu hier

Beiträge: 9

#1 Hallo, meinen Rechner hatts auch getroffen!
Habe nach paar mins Planlosigkeit, dann mal den autostart durchsucht und die Datei die fremd war gelöscht! dann Neugestartet und die Datei aus dem Temp Ordner gelöscht, da das als ziel addy angegeben war bei der verknüpfung im autostart!
So da i aber davon ausgehe, das dass net alles sein kann, habe ich mich mal bissel hier durchgeforstet und die 3 txt erstellen lassen!
und hoffe, das ich ums neu Aufsetzen nochmal drum rum komme!

shell.txt

WIN_7 X64 Service Pack 1
Running from G:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.

[System Process]
System
smss.exe
csrss.exe
wininit.exe
csrss.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
winlogon.exe
svchost.exe
svchost.exe
psksvc.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
conhost.exe
ctfmon.exe
svchost.exe
srep.exe

HKLM\..\Run [APVXDWIN] = "C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE" /s
HKLM\..\Run [SCANINICIO] = "C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\Inicio.exe"
HKLM\..\Run [JMB36X IDE Setup] = C:\Windows\RaidTool\xInsIDE.exe
HKLM\..\Run [Malwarebytes' Anti-Malware] = "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-2426397290-2980503579-1137640500-1000\..\Winlogon; Shell =
HKU\S-1-5-21-2426397290-2980503579-1137640500-1000_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

x64
HKLMx64\..\Winlogon; Shell = explorer.exe [ 2871808- ]
No action taken
HKCUx6464\..\Winlogon; Shell =
No action taken
HKLMx64\..\Winlogon, Shell = explorer.exe
HKCUx64\..\Winlogon, Shell =

==== FINISH 29.11-08.13 ====

OTL.txt

OTL logfile created on: 29.11.2011 08:31:38 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Onkel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.98 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 71.05% Memory free
9.95 Gb Paging File | 8.44 Gb Available in Paging File | 84.84% Paging File free
Paging file location(s): d:\pagefile.sys 6115 6115 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 18.72 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
Drive D: | 147.56 Gb Total Space | 112.35 Gb Free Space | 76.14% Space Free | Partition Type: NTFS
Drive E: | 502.35 Gb Total Space | 377.07 Gb Free Space | 75.06% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 250.73 Gb Free Space | 13.46% Space Free | Partition Type: NTFS

Computer Name: ONKEL-PC | User Name: Onkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.11.29 08:28:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Onkel\Desktop\OTL.exe
PRC - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.04.14 15:07:56 | 000,173,888 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\TPSrvWow.exe
PRC - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.10.20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PavFnSvr.exe
PRC - [2010.08.16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PskSvc.exe
PRC - [2010.06.04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\pavsrvx86.exe
PRC - [2010.05.28 12:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\AVENGINE.EXE
PRC - [2010.04.22 17:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\PROGRAM FILES (X86)\PANDA SECURITY\PANDA GLOBAL PROTECTION 2012\WebProxy.exe
PRC - [2010.02.23 11:09:34 | 000,111,872 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PavBckPT.exe
PRC - [2009.11.26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) -- c:\program files (x86)\panda security\panda global protection 2012\firewall\PSHOST.EXE
PRC - [2009.08.10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PsCtrls.exe
PRC - [2008.06.27 12:23:00 | 000,091,392 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\SRVLOAD.EXE
PRC - [2008.06.19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PsImSvc.exe
PRC - [2008.02.04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2004.05.19 10:33:12 | 000,507,904 | ---- | M] () -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\libxml2.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.11.03 19:25:09 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.11.01 19:35:50 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.08.31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.14 15:07:56 | 000,173,888 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\TPSrvWow.exe -- (TPSrv)
SRV - [2010.11.05 22:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.20 14:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010.08.16 13:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010.06.04 09:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.11.26 16:03:56 | 000,226,560 | ---- | M] (Panda Security International) [Auto | Running] -- c:\program files (x86)\panda security\panda global protection 2012\firewall\PSHOST.EXE -- (PSHost)
SRV - [2009.08.10 13:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.06.19 11:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008.02.04 16:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.08.31 17:00:50 | 000,025,416 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.08.30 21:17:14 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.08.29 22:06:21 | 000,015,928 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\COMFiltr.sys -- (ComFiltr)
DRV:64bit: - [2011.08.29 22:00:13 | 000,085,184 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ACLE1464.sys -- (ACLE5Live)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.31 15:41:28 | 000,129,096 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\APPFLT64.SYS -- (APPFLT)
DRV:64bit: - [2010.12.08 17:17:40 | 000,369,640 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2010.12.08 17:17:38 | 000,122,856 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2010.09.09 15:23:00 | 000,078,920 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\idsflt64.sys -- (IDSFLT)
DRV:64bit: - [2010.09.01 10:09:12 | 000,216,648 | ---- | M] (Panda Security, S.L.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\n64i1644.sys -- (NETIMFLT01060044)
DRV:64bit: - [2010.06.22 17:20:18 | 000,030,792 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\pavboot64.sys -- (pavboot)
DRV:64bit: - [2010.05.21 12:50:50 | 000,065,608 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\amm6460.sys -- (AmFSM)
DRV:64bit: - [2010.05.20 06:03:11 | 000,105,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.10.27 11:07:42 | 000,048,136 | ---- | M] (Panda Security, S.L.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ShldFlt.sys -- (ShldFlt)
DRV:64bit: - [2009.09.25 13:54:08 | 000,074,760 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\wnmflt64.sys -- (WNMFLT)
DRV:64bit: - [2009.09.25 13:54:06 | 000,170,504 | ---- | M] (Panda Security, S.L.) [TDI Layer] [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NETTDI64.SYS -- (NETFLTDI)
DRV:64bit: - [2009.09.25 13:54:02 | 000,082,952 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\dsaflt64.sys -- (DSAFLT)
DRV:64bit: - [2009.09.25 13:54:02 | 000,031,752 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\fnetm64.sys -- (FNETMON)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.24 17:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV - [2011.10.31 16:22:10 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3C 9A 14 10 7F 66 CC 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultenginename: "Search the web"
FF - prefs.js..browser.search.order.1: "Search the web"
FF - prefs.js..browser.search.selectedEngine: "Search the web"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0

FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "http://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.11.28 10:52:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.11 17:59:12 | 000,000,000 | ---D | M]

[2011.10.04 15:25:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Onkel\AppData\Roaming\mozilla\Extensions
[2011.11.26 13:52:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\pzhvu4zx.default\extensions
[2011.10.23 23:22:32 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Onkel\AppData\Roaming\mozilla\Firefox\Profiles\pzhvu4zx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.10.04 15:24:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.09.09 11:25:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ONKEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PZHVU4ZX.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
() (No name found) -- C:\USERS\ONKEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PZHVU4ZX.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ONKEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PZHVU4ZX.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI
() (No name found) -- C:\USERS\ONKEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PZHVU4ZX.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
() (No name found) -- C:\USERS\ONKEL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PZHVU4ZX.DEFAULT\EXTENSIONS\ELEMHIDEHELPER@ADBLOCKPLUS.ORG.XPI
[2011.11.11 17:59:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.09.29 02:24:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.29 02:16:42 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.09.29 02:24:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.09.29 02:24:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.06 17:59:10 | 000,000,158 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search the web.src
[2011.09.29 02:24:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.09.29 02:24:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.10.19 17:20:18 | 000,000,929 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 174.142.61.140 skynet.wolke #Tracker
O1 - Hosts: 174.142.65.65 wolke.skynet
O1 - Hosts: 174.142.65.65 announce.mine.nu
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (toolplugin) - {DFEFCDEE-CF1A-4FC8-89AF-189327213627} - C:\Users\Onkel\AppData\Roaming\toolplugin\toolbar.dll ()
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files (x86)\Panda Security\Panda Global Protection 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\RunOnce: [B Register C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll] C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Onkel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Onkel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0366319B-5C38-48F5-9E99-F645A0A59704}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\avldr: DllName - (avldr64.dll) - C:\Windows\SysNative\avldr64.dll (On-Access Anti-Malware Scanner Sync)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\cdspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\cdspeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\drivespeed.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\infotool.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nero.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\neroburnrights.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nerohome.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\neroscoutoptions.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nerostartsmart.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\nerovision.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\recode.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\setupx.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\showtime.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{d3917ebf-d26b-11e0-ad11-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d3917ebf-d26b-11e0-ad11-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Bin\assetup.exe
O33 - MountPoints2\{def73a95-d344-11e0-960f-bcaec57c7c16}\Shell - "" = AutoRun
O33 - MountPoints2\{def73a95-d344-11e0-960f-bcaec57c7c16}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.11.29 08:28:41 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Onkel\Desktop\OTL.exe
[2011.11.29 07:04:17 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\Malwarebytes
[2011.11.29 07:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.11.29 07:03:53 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.11.29 07:03:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.11.28 11:07:21 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\DDMSettings
[2011.11.28 01:17:52 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{7D44816D-7AF7-4E93-88A4-6EC2249DD967}
[2011.11.28 01:17:24 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{92139085-258C-4CED-B301-A578F97DC789}
[2011.11.27 21:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2011.11.27 20:52:27 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\TeamViewer
[2011.11.27 20:52:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2011.11.27 20:52:11 | 000,000,000 | ---D | C] -- C:\Users\Onkel\temp
[2011.11.27 20:30:36 | 000,000,000 | ---D | C] -- C:\Users\Onkel\Application Data
[2011.11.27 19:45:36 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\Ubisoft
[2011.11.27 19:44:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2011.11.27 13:17:10 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{A5DDDAC5-9E8F-4D6C-B178-1F8002815779}
[2011.11.27 13:16:54 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{F7CDFBE6-665B-4A9B-A050-68D5F401EF60}
[2011.11.26 12:40:35 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{0EF583BA-B872-4583-B4A6-CB97165A79F8}
[2011.11.26 12:40:21 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{559D6AA9-75A8-444D-9BF2-1F5230B7C8C0}
[2011.11.25 23:00:49 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{C62FAD30-B9CD-48CB-BBBA-D89C9CB3386C}
[2011.11.25 23:00:27 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{CEF35D51-8F12-4F97-8AC0-A065AF890E1F}
[2011.11.25 11:00:13 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{88DCDC9E-5971-407E-8049-DDE7D986C792}
[2011.11.25 11:00:01 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{E7497BE5-47F7-4D23-9729-F2B30D9ACEE8}
[2011.11.24 18:16:08 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{E497174E-5C60-4DCC-8F29-FD8C3490169E}
[2011.11.24 18:15:52 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{CD7E00F3-8092-4967-AF85-D80085098682}
[2011.11.23 12:18:52 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{01FC829E-9A81-4A4A-AC76-D78ADF7152EB}
[2011.11.23 12:18:35 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{3CBC2048-EBE7-4803-A251-8BDC52A050FC}
[2011.11.22 23:33:09 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{C4BBD54C-3788-4328-BF4B-C8CAD3E45ED5}
[2011.11.22 23:32:47 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{0D48332C-DCF1-4940-B88A-E7F345950E0C}
[2011.11.22 11:32:32 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{95F5CD71-EEC9-4314-9C9E-589541F0798C}
[2011.11.22 11:32:10 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{0BC518A2-E740-40FA-A963-A2240EE188BD}
[2011.11.21 12:18:31 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{CADD1B43-CAB3-4560-83BF-6E45936E8620}
[2011.11.21 12:18:16 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{3206BA44-062A-450E-BBF4-0243344BDC74}
[2011.11.21 11:56:05 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\Temp
[2011.11.20 13:44:12 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{5B05E41A-CE41-4B11-93DD-D2D3BE9CAEC6}
[2011.11.20 13:43:50 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{1FEC7C91-A364-47E9-8C1B-1BE5B66B6B7F}
[2011.11.20 12:14:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.11.20 01:43:25 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{3B391599-3371-4D33-9493-D5A74F1F8B3D}
[2011.11.20 01:43:03 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{FADE7AF4-5825-4892-B7C9-FA8C77A2CF8E}
[2011.11.19 13:42:49 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{7C72EF7F-F7BA-4214-AB17-75C9AFB17395}
[2011.11.19 13:42:28 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{41CF17A8-E9CE-48ED-A3DE-2974BAB235B8}
[2011.11.19 01:42:01 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{70F5896E-13E9-4A12-A25E-9AAA43088D68}
[2011.11.19 01:41:41 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{091A23DC-31DE-4561-A3E7-EB1AC95E02F6}
[2011.11.18 11:11:52 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{A52951A7-56C9-4750-BD6A-E22384679220}
[2011.11.18 11:11:36 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{DEB258E1-6545-4A31-BACC-D1CA9280F608}
[2011.11.17 11:42:44 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{C5B9DFC3-CB38-4230-A178-E26308797C73}
[2011.11.17 11:42:33 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{4DE807A2-CE4D-474F-9EF7-1B13A20AE91E}
[2011.11.16 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{3F7992AF-8102-4297-8BA0-EF0DB1E45CEA}
[2011.11.16 20:56:18 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{FA48C802-FB6D-4C52-9AB1-E3E9B0C796C7}
[2011.11.16 20:44:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011.11.16 20:44:43 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011.11.16 20:28:42 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.11.16 18:17:32 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{3D559CE8-2B05-4214-9442-CD5553F2CB3B}
[2011.11.16 18:17:13 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{D712FE5B-24B5-486B-8D3F-1EE721C311DF}
[2011.11.16 12:58:32 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{5365EE1A-436D-43B4-A90D-5F6F53BDC512}
[2011.11.16 12:26:44 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{EB374D43-35C0-4E67-8C57-831E93A006EC}
[2011.11.16 12:26:22 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{8A440558-F81C-46F1-82ED-A9C5B2F3D1CE}
[2011.11.16 12:19:36 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{36FD2F32-A2CC-4CFD-81A3-876A406A713E}
[2011.11.16 11:44:01 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{77E3D922-68BD-4081-BE15-C8AC0F0FAAD5}
[2011.11.15 12:56:35 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{8EFF5F62-8C99-4460-9CDC-8413C7B85F04}
[2011.11.15 12:56:22 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{5658035B-BAE1-4FB9-922E-ABF255B2BC4B}
[2011.11.14 14:55:33 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\Skyrim
[2011.11.14 14:51:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.11.14 13:17:43 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{B451D721-0B21-4D34-AB7A-1BEF8AD86755}
[2011.11.14 13:17:31 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{A133F635-F812-4AEB-A0AD-7D9D37B135CD}
[2011.11.13 23:33:48 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{898040C0-3C5D-45E1-A062-975A631DE1BA}
[2011.11.13 23:33:26 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{CFD157BA-7516-458C-834F-33143F06A754}
[2011.11.13 20:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FlashFXP 4
[2011.11.13 20:26:56 | 000,000,000 | ---D | C] -- C:\ProgramData\FlashFXP
[2011.11.13 11:33:11 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{CBF9AC28-CC08-4AE6-AEAC-54D8149D9E7D}
[2011.11.13 11:32:49 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{5A4A7BF4-EDB4-4244-8B5D-A3C37837C925}
[2011.11.12 23:10:48 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{23C87CFB-49CF-4E54-957A-0B11542C4B48}
[2011.11.12 23:10:26 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{281FE7FE-C25D-480E-96C1-4035338D0092}
[2011.11.12 11:10:13 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{678C2E2C-6EDC-4E4F-B448-0CF9E719BB41}
[2011.11.12 11:10:01 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{F87B8201-9F60-4E02-B57F-29139B6B4CB4}
[2011.11.11 14:55:01 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{E5A19C24-4658-4F00-B837-0E8828F29DC2}
[2011.11.11 14:54:39 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{EFE3172F-D027-4508-8352-457F46F60A69}
[2011.11.11 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{FC2DDEC6-EF45-4B95-AF81-9046223040AE}
[2011.11.11 13:47:50 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2011.11.11 12:16:05 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{B29AF1D1-73E3-402D-8CCB-5F0599E53A4E}
[2011.11.11 12:15:43 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{664183C6-A1CF-403C-8658-C3F2348F832B}
[2011.11.09 13:02:09 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{BCE14F26-3AA8-4235-9C66-B9F2C707A42D}
[2011.11.09 13:01:56 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{9591B72F-F1A4-4FF3-8B44-FC37F2C9003A}
[2011.11.08 15:23:05 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\DivX
[2011.11.08 15:22:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011.11.08 15:22:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.11.08 15:22:29 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.11.08 15:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011.11.08 15:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011.11.08 15:18:50 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.11.08 15:06:45 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{7ED678F6-FEC2-4B3F-8441-3B2DF53AFF64}
[2011.11.08 15:06:30 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{09CC6AFD-74A7-44B4-9183-290B16C3EE3F}
[2011.11.08 02:49:16 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.11.07 23:16:27 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{13FAA9F1-2201-4178-807A-02E4413BDB80}
[2011.11.07 23:16:05 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{CAB62490-8D5B-4A0B-8B3F-FFC4D04CCD45}
[2011.11.07 11:15:50 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{8D2BDA5D-DC8E-4B57-AA38-EC5E8B1D0282}
[2011.11.07 11:15:36 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{48855F9D-05D1-4CB6-9960-45C78901F73B}
[2011.11.06 20:49:55 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\SCE
[2011.11.06 20:49:21 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011.11.06 19:14:33 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2011.11.06 19:13:56 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.11.06 19:13:56 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.11.06 19:13:56 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2011.11.06 19:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2011.11.06 19:13:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2011.11.06 17:59:06 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\toolplugin
[2011.11.06 13:45:38 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2011.11.06 13:45:38 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2011.11.06 13:31:22 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2011.11.06 13:25:31 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{4FC36686-4667-4DBE-BE6C-FB81E52D1E71}
[2011.11.06 13:25:18 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{EDFA3444-6F12-4D88-B04A-E89E14DC04BD}
[2011.11.05 17:35:16 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{13C8ED54-556F-49D4-973F-E032E3C40D0F}
[2011.11.05 17:35:05 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{3633701B-32DB-459F-8C9C-5492B99A564D}
[2011.11.05 01:19:54 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{57BA14F4-3ECC-4F72-A690-DE9CA140253F}
[2011.11.05 01:19:32 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{8BB06F5E-665E-4CED-ADD8-3CAE5BB88D9E}
[2011.11.05 00:29:27 | 000,139,264 | ---- | C] (Neoact) -- C:\Windows\NeoUninstall.exe
[2011.11.05 00:29:27 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carom3D
[2011.11.05 00:29:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Carom3D
[2011.11.05 00:29:26 | 000,000,000 | ---D | C] -- C:\Program Files\Neoact
[2011.11.04 13:19:08 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{6A6ABF98-14E0-40C6-A61B-E7B989C54CD6}
[2011.11.04 13:18:46 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{CA37DD80-F2A7-4695-8EE4-2655B2E457F8}
[2011.11.04 01:18:22 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{216E34D1-0CBB-4A2B-A4D8-2D35E3C55DAD}
[2011.11.04 01:17:59 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{5CC160F4-A269-491E-BD2F-61F4E9295EDC}
[2011.11.03 13:17:35 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{41923E05-3BE1-479A-BCB2-9B6EC8EF5D1B}
[2011.11.03 13:17:23 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{F0588DB7-E2B3-4D05-8DB4-35AFE0B48052}
[2011.11.02 14:25:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2011.11.02 12:50:28 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{5DB71979-D3F9-4B5D-9FDA-48F26AB26BA2}
[2011.11.02 12:50:15 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{860B72BD-9BB9-4649-B50B-0C45A6B196EF}
[2011.11.01 13:39:34 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{BBFD491A-E68A-4204-A604-C710A6839669}
[2011.11.01 13:39:21 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{71B723FB-EFB9-4CDF-8524-21F1C086EE51}
[2011.10.31 12:47:40 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{C8FD83E1-DE19-4075-A9B4-432E574216A8}
[2011.10.31 12:47:27 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{F4E8E90F-89FB-44FE-A7A1-AAE94D2824A9}
[2011.10.30 12:36:41 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{7305100C-73DF-472C-B336-A5530D7783A2}
[2011.10.30 12:36:27 | 000,000,000 | ---D | C] -- C:\Users\Onkel\AppData\Local\{71F35302-8A7B-427F-B114-DE0387D2E45E}

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.11.29 08:28:48 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Onkel\Desktop\OTL.exe
[2011.11.29 08:21:49 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 08:21:49 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.11.29 08:19:46 | 001,612,864 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.11.29 08:19:46 | 000,696,714 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.11.29 08:19:46 | 000,652,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.11.29 08:19:46 | 000,148,010 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.11.29 08:19:46 | 000,120,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.11.29 08:16:26 | 000,373,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT.bck
[2011.11.29 08:16:26 | 000,373,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFCONT.DAT
[2011.11.29 08:16:21 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls.bck
[2011.11.29 08:16:21 | 000,303,044 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.rls
[2011.11.29 08:16:21 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG.bck
[2011.11.29 08:16:21 | 000,001,132 | ---- | M] () -- C:\Windows\SysNative\drivers\APPFLTR.CFG
[2011.11.29 08:16:21 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg.bck
[2011.11.29 08:16:21 | 000,000,252 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\IdsFlt.cfg
[2011.11.29 08:16:21 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt.bck
[2011.11.29 08:16:21 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetLoc.wlt
[2011.11.29 08:16:21 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg.bck
[2011.11.29 08:16:21 | 000,000,068 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetFlt.cfg
[2011.11.29 08:16:21 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg.bck
[2011.11.29 08:16:21 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\WnmFlt.cfg
[2011.11.29 08:16:21 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg.bck
[2011.11.29 08:16:21 | 000,000,056 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\DsaFlt.cfg
[2011.11.29 08:14:49 | 000,000,120 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg.bck
[2011.11.29 08:14:49 | 000,000,120 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAdapt.cfg
[2011.11.29 08:14:49 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt.bck
[2011.11.29 08:14:49 | 000,000,064 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\NetAR.wlt
[2011.11.29 08:14:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.11.29 02:21:56 | 000,008,627 | ---- | M] () -- C:\Windows\SysWow64\PAV_FOG.OPC
[2011.11.28 13:16:05 | 000,335,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.28 10:52:33 | 000,001,613 | ---- | M] () -- C:\Users\Onkel\Desktop\DivX Movies.lnk
[2011.11.27 20:01:46 | 000,000,496 | ---- | M] () -- C:\Users\Onkel\Desktop\Anno5 - Verknüpfung.lnk
[2011.11.27 00:00:00 | 000,000,518 | ---- | M] () -- C:\Windows\tasks\Grundlegende Bereinigung.job
[2011.11.25 23:24:38 | 000,000,888 | ---- | M] () -- C:\Users\Onkel\Desktop\WilmaaTV - Verknüpfung.lnk
[2011.11.16 20:28:44 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.14 16:57:38 | 000,001,183 | ---- | M] () -- C:\Users\Onkel\Desktop\TESV - Verknüpfung.lnk
[2011.11.11 14:34:12 | 000,000,057 | ---- | M] () -- C:\Windows\SysWow64\mapisvc.inf
[2011.11.08 02:49:16 | 000,000,696 | ---- | M] () -- C:\Users\Onkel\Desktop\DC Universe Online Live.lnk
[2011.11.06 19:13:52 | 000,002,213 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.06 19:13:52 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011.11.05 00:29:27 | 000,000,899 | ---- | M] () -- C:\Users\Onkel\Desktop\Carom3D.lnk
[2011.11.05 00:29:27 | 000,000,026 | ---- | M] () -- C:\Windows\neosetup.INI
[2011.11.05 00:11:23 | 000,000,040 | ---- | M] () -- C:\Windows\SysWow64\d3d9prs.dat
[2011.11.01 19:35:52 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2011.11.01 19:35:42 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2011.11.01 19:35:40 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.11.28 13:15:56 | 000,335,744 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.11.28 10:52:33 | 000,001,613 | ---- | C] () -- C:\Users\Onkel\Desktop\DivX Movies.lnk
[2011.11.27 21:12:44 | 000,001,178 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 6.lnk
[2011.11.27 20:01:46 | 000,000,496 | ---- | C] () -- C:\Users\Onkel\Desktop\Anno5 - Verknüpfung.lnk
[2011.11.25 23:24:38 | 000,000,888 | ---- | C] () -- C:\Users\Onkel\Desktop\WilmaaTV - Verknüpfung.lnk
[2011.11.16 20:46:49 | 000,002,486 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.11.16 20:28:44 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.14 16:57:38 | 000,001,183 | ---- | C] () -- C:\Users\Onkel\Desktop\TESV - Verknüpfung.lnk
[2011.11.06 20:49:19 | 000,000,696 | ---- | C] () -- C:\Users\Onkel\Desktop\DC Universe Online Live.lnk
[2011.11.06 20:49:19 | 000,000,656 | ---- | C] () -- C:\Users\Onkel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online Live.lnk
[2011.11.06 19:13:52 | 000,002,213 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2011.11.06 19:13:52 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2011.11.06 19:13:52 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2011.11.05 00:29:27 | 000,000,899 | ---- | C] () -- C:\Users\Onkel\Desktop\Carom3D.lnk
[2011.11.05 00:29:27 | 000,000,026 | ---- | C] () -- C:\Windows\neosetup.INI
[2011.11.05 00:11:23 | 000,000,040 | ---- | C] () -- C:\Windows\SysWow64\d3d9prs.dat
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.09.09 17:20:59 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.09.09 17:20:58 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.09.09 17:20:58 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.09.09 17:20:58 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.09.09 17:20:58 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.08.29 21:45:27 | 001,589,142 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.08.29 19:54:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2011.08.29 19:54:45 | 000,024,353 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS

[color=#E56717]========== LOP Check ==========[/color]

[2011.08.30 21:48:18 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\ACLive5
[2011.11.28 13:00:51 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\BitTorrent
[2011.11.28 13:00:51 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\DAEMON Tools Lite
[2011.10.23 23:22:36 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\DVDVideoSoft
[2011.10.23 23:22:32 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.08.29 22:05:51 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Panda Security
[2011.11.27 21:12:50 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\TeamViewer
[2011.11.06 17:59:09 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\toolplugin
[2011.10.05 17:26:48 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\TuneUp Software
[2011.11.27 19:45:36 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\Ubisoft
[2011.10.26 13:26:25 | 000,000,000 | ---D | M] -- C:\Users\Onkel\AppData\Roaming\WordToPDF
[2011.11.27 00:00:00 | 000,000,518 | ---- | M] () -- C:\Windows\Tasks\Grundlegende Bereinigung.job
[2011.11.16 11:42:38 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.11.17 12:43:56 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.10 10:02:19 | 000,000,000 | -HSD | M] -- C:\Boot
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.08.29 19:27:54 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.08.29 19:56:44 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.26 12:58:11 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.29 20:15:39 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2011.08.30 21:15:25 | 000,000,000 | ---D | M] -- C:\Panda Software
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.11.16 20:28:42 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.29 07:03:53 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.11.29 07:03:59 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.08.29 19:27:54 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.29 19:27:55 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.11.29 08:32:41 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.08.29 20:17:25 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.29 08:09:30 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >

Extras.txt

OTL Extras logfile created on: 29.11.2011 08:31:39 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Onkel\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.98 Gb Total Physical Memory | 2.83 Gb Available Physical Memory | 71.05% Memory free
9.95 Gb Paging File | 8.44 Gb Available in Paging File | 84.84% Paging File free
Paging file location(s): d:\pagefile.sys 6115 6115 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 48.73 Gb Total Space | 18.72 Gb Free Space | 38.42% Space Free | Partition Type: NTFS
Drive D: | 147.56 Gb Total Space | 112.35 Gb Free Space | 76.14% Space Free | Partition Type: NTFS
Drive E: | 502.35 Gb Total Space | 377.07 Gb Free Space | 75.06% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 931.39 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Drive H: | 1863.01 Gb Total Space | 250.73 Gb Free Space | 13.46% Space Free | Partition Type: NTFS

Computer Name: ONKEL-PC | User Name: Onkel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"G:\BitTorrent\bittorrent.exe" = G:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"G:\BitTorrent\bittorrent.exe" = G:\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe" = C:\Program Files (x86)\FlashFXP 4\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{8E16BB50-E49A-3647-BD4D-4D150DCCBFAE}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C214301F-F5D7-36D9-B3A2-1467C5586495}" = Microsoft Help Viewer 1.1 Language Pack - DEU
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{E5748D30-7E6D-3A8E-BFE6-C1D02C6DDABB}" = Microsoft Help Viewer 1.1
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.1" = Microsoft Help Viewer 1.1
"Microsoft Help Viewer 1.1 Language Pack - DEU" = Microsoft Help Viewer 1.1 Language Pack - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{2F8B731A-5F2D-3EA8-8B25-C3E5E43F4BDB}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{434D0FA1-A4CC-401A-9E74-621000018101}" = F1 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A05A6CC-EA05-420E-8F6E-8ADF414BEDB3}" = Panda Global Protection 2012
"{5AB7D739-1735-3A9E-BE73-C43507CB4E6F}" = Microsoft Visual Studio 2010 Service Pack 1
"{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72245A52-0C34-4568-A9BF-A91FA02D1D20}" = Panda Global Protection 2012
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{81A25967-DB85-4B48-A8A7-D25AC191DEE4}" = Panda Global Protection 2012
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF097717-F174-4144-954A-FBC4BF301031}" = Nero 7 Premium
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.9 Game
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ArchiCrypt Live 5_is1" = ArchiCrypt Live Version 5.10.125.9835
"Carom3D" = Carom3D
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"GPL Ghostscript 9.04" = GPL Ghostscript
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.7.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Service Pack 1" = Microsoft Visual Studio 2010 Service Pack 1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"PS3 Media Server" = PS3 Media Server
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"SOE-DC Universe Online Live" = DC Universe Online Live

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 18.11.2011 07:39:42 | Computer Name = Onkel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: AVENGINE.EXE, Version: 2.3.1511.0,
Zeitstempel: 0x4bffa963 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc00000fd Fehleroffset: 0x77951264 ID des fehlerhaften
Prozesses: 0x9b8 Startzeit der fehlerhaften Anwendung: 0x01cca5d41ea7cb75 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Panda Security\Panda Global Protection
2012\AVENGINE.EXE Pfad des fehlerhaften Moduls: unknown Berichtskennung: 01331678-11da-11e1-a698-bcaec57c7c16

Error - 18.11.2011 19:31:17 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\F1 2011\CustomActionOnFinishInst.exe".
Fehler in Manifest- oder Richtliniendatei "D:\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 19.11.2011 19:31:11 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\F1 2011\CustomActionOnFinishInst.exe".
Fehler in Manifest- oder Richtliniendatei "D:\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 20.11.2011 14:10:41 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Onkel\Downloads\SoftonicDownloader_fuer_skyrim-antiallias-and-sharpen-effect.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 20.11.2011 14:10:41 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Onkel\Downloads\SoftonicDownloader_fuer_skyrim-antiallias-and-sharpen-effect(1).exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 20.11.2011 14:10:59 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Onkel\Downloads\SoftonicDownloader_fuer_skyrim-antiallias-and-sharpen-effect.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 21.11.2011 06:14:01 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\F1 2011\CustomActionOnFinishInst.exe".
Fehler in Manifest- oder Richtliniendatei "D:\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 22.11.2011 06:28:25 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\F1 2011\CustomActionOnFinishInst.exe".
Fehler in Manifest- oder Richtliniendatei "D:\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 24.11.2011 08:14:41 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\F1 2011\CustomActionOnFinishInst.exe".
Fehler in Manifest- oder Richtliniendatei "D:\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

Error - 25.11.2011 08:53:55 | Computer Name = Onkel-PC | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "D:\F1 2011\CustomActionOnFinishInst.exe".
Fehler in Manifest- oder Richtliniendatei "D:\F1 2011\CustomActionOnFinishInst.exe"
in Zeile 1. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.

[ System Events ]
Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "NetIO-Legacy-TDI-Supporttreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 29.11.2011 03:09:33 | Computer Name = Onkel-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ACLE5Live AFD CSC DfsC discache NetBIOS NetBT nsiproxy pavboot Psched rdbss ShldFlt spldr tdx
Wanarpv6
WfpLwf

< End of report >

Schonmal ganz großes Danke für eure mühen!

30.11.2011, 01:57

Swisstreasure

Moderator

Beiträge: 5694

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Hast Du denn noch Probleme?

Sagen Dir diese Host Einträge etwas:

Zitat

O1 - Hosts: 174.142.61.140 skynet.wolke #Tracker
O1 - Hosts: 174.142.65.65 wolke.skynet
O1 - Hosts: 174.142.65.65 announce.mine.nu

30.11.2011, 11:50

Reni_Driver

...neu hier

Themenstarter

Beiträge: 9

#3 Hallo,

Malwarebytes-Log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8277

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

30.11.2011 11:40:28
mbam-log-2011-11-30 (11-40-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 183062
Laufzeit: 2 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

---------------------------------------------

Nö habe eigentlich keine Probleme, wollte mich nur vergewissern ob der sich net noch irgentwo eingenisstet hat, wo man es net glei merkt!

Ja die hosts haben ihre daseins berechtigung!

01.12.2011, 10:51

Swisstreasure

Moderator

Beiträge: 5694

#4 Ich sehe nichts was verdächtig wäre.

06.12.2011, 10:41

Reni_Driver

...neu hier

Themenstarter

Beiträge: 9

#5 Hallo,

erstmal sorry für die späte antwort! War alles streßig in den letzten tagen!

Das tut gut zuhören! Vielen Dank für deine Mühe! Auf euch ist echt Verlass!

MFG

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1