Home » Viren, Trojaner & Malware Forum » trojan dropper jedes mal beim neustart » Themenansicht

trojan dropper jedes mal beim neustart
#0
11.12.2011, 22:16
PapaSTone
Member

Beiträge: 149
#1 hi zusammen,

fast jedesmal wenn ich den PC anmache oder neustarte findet mein microsoft security essentials einen tojan dropper. und zwar genau den hier:
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FSrvdrop.A&ThreatID=-2147339182

ist das ueberhaupt ein virus oder trojaner?
wieso ist der denn jedesmal wieder von neuem da?
haengt das mit irgendeinem anderen programm zusammen?

mfg
Seitenanfang Seitenende
12.12.2011, 16:09
Swisstreasure
Moderator

Beiträge: 5694
#2 Hallo

Arbeite bitte folgendes ab:
http://board.protecus.de/t40182.htm
Seitenanfang Seitenende
13.12.2011, 17:57
PapaSTone
Member

Themenstarter

Beiträge: 149
#3 ok hab ich alles gemacht.
hier die ergebnisse von den programmen:

OTL.txt

Zitat

OTL logfile created on: 13.12.2011 16:59:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Arne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 61,03% Memory free
6,72 Gb Paging File | 5,46 Gb Available in Paging File | 81,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,35 Gb Total Space | 161,55 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 9,28 Gb Free Space | 6,23% Space Free | Partition Type: NTFS
Drive E: | 15,67 Gb Total Space | 9,51 Gb Free Space | 60,67% Space Free | Partition Type: FAT32
Drive F: | 223,72 Gb Total Space | 55,14 Gb Free Space | 24,65% Space Free | Partition Type: NTFS

Computer Name: ARNE-PC | User Name: Arne Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2011.12.13 16:56:53 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Arne\Desktop\OTL.exe
PRC - [2011.11.28 13:19:56 | 000,265,120 | ---- | M] () -- C:\Programme\Common Files\WireHelpSvc.exe
PRC - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.21 06:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2011.05.21 06:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.02.22 13:57:34 | 000,378,128 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFTray.exe
PRC - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) -- C:\Programme\ThreatFire\TFService.exe
PRC - [2010.08.03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010.08.03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010.08.03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2010.08.03 09:43:02 | 000,522,824 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2010.04.26 16:49:28 | 001,810,432 | ---- | M] () -- D:\NM Monitor\nmmonitor.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.04.26 16:49:28 | 001,810,432 | ---- | M] () -- D:\NM Monitor\nmmonitor.exe
MOD - [2009.11.01 22:11:10 | 000,155,648 | ---- | M] () -- D:\NM Monitor\data\vol_nt6.dll
MOD - [2009.02.12 20:55:04 | 000,007,680 | ---- | M] () -- D:\NM Monitor\data\cpu.dll
MOD - [2009.01.01 13:36:10 | 000,007,168 | ---- | M] () -- D:\NM Monitor\data\gp.dll
MOD - [2008.10.26 19:59:16 | 000,006,144 | ---- | M] () -- D:\NM Monitor\data\winamp.dll
MOD - [2008.09.27 13:29:46 | 000,031,744 | ---- | M] () -- D:\NM Monitor\data\smart.dll
MOD - [2008.09.20 08:59:46 | 000,009,728 | ---- | M] () -- D:\NM Monitor\data\dnet.dll
MOD - [2008.09.14 08:34:26 | 000,107,008 | ---- | M] () -- D:\NM Monitor\data\rss.dll
MOD - [2008.07.27 10:26:58 | 000,097,280 | ---- | M] () -- D:\NM Monitor\data\TSRemote.dll
MOD - [2008.06.28 19:37:10 | 000,003,584 | ---- | M] () -- D:\NM Monitor\data\mouse.dll
MOD - [2008.06.05 21:27:26 | 000,043,008 | ---- | M] () -- D:\NM Monitor\data\dlcd.dll
MOD - [2008.05.31 07:54:40 | 000,003,584 | ---- | M] () -- D:\NM Monitor\data\monitor.dll
MOD - [2008.05.03 21:53:04 | 000,005,632 | ---- | M] () -- D:\NM Monitor\data\cd.dll
MOD - [2008.05.02 06:55:02 | 000,003,584 | ---- | M] () -- D:\NM Monitor\data\pusage.dll
MOD - [2008.04.26 16:01:28 | 000,005,632 | ---- | M] () -- D:\NM Monitor\data\volume.dll
MOD - [2008.04.19 11:34:16 | 000,005,120 | ---- | M] () -- D:\NM Monitor\data\disk.dll
MOD - [2008.04.05 21:16:34 | 000,002,560 | ---- | M] () -- D:\NM Monitor\data\hookinput.dll
MOD - [2008.03.16 15:04:44 | 000,002,560 | ---- | M] () -- D:\NM Monitor\data\desktopbuffer.dll
MOD - [2008.02.26 17:47:38 | 000,014,173 | ---- | M] () -- D:\NM Monitor\data\wm.dll
MOD - [2008.01.27 13:24:30 | 000,065,536 | ---- | M] () -- D:\NM Monitor\data\G15.dll
MOD - [2002.07.24 03:52:36 | 000,032,768 | ---- | M] () -- D:\NM Monitor\data\inpout32.dll


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - [2011.12.08 23:30:42 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.12.07 11:02:30 | 000,196,608 | ---- | M] (Works Ltd.) [Auto | Running] -- C:\Windows\System32\aptwtypn6.dll -- (LanmanWorkstation)
SRV - [2011.12.07 00:02:11 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\System32\UpdSvc.dll -- (Update-Service)
SRV - [2011.11.28 13:19:56 | 000,265,120 | ---- | M] () [Auto | Running] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.05.21 06:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.02.22 13:57:30 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2008.01.19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011.12.13 10:44:21 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{FC34FE3F-1C86-4D7B-A764-DF2029A48E7A}\MpKslac9d77dd.sys -- (MpKslac9d77dd)
DRV - [2011.11.28 13:19:46 | 000,836,496 | ---- | M] (<Turtle Entertainment>;) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV - [2011.11.28 13:19:46 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ESLvnic.sys -- (ESLvnic1)
DRV - [2011.05.21 06:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.02.22 13:57:52 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2011.02.22 13:57:52 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2011.02.22 13:57:50 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2009.11.23 17:37:18 | 000,014,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009.11.23 17:37:08 | 000,019,720 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.12.10 21:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.12.10 21:52:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2011.12.04 22:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Arne Admin\AppData\Roaming\mozilla\Extensions
[2011.12.04 22:54:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.21 05:30:13 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.11.21 02:17:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.21 02:09:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.11.21 02:17:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.21 02:17:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.21 02:17:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.21 02:17:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ThreatFire] C:\Programme\ThreatFire\TFTray.exe (PC Tools)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O8 - Extra context menu item: &Block this popup - C:\Programme\F-Secure\Anti-Spyware\blockpopups.htm File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{56009A23-76B2-4019-ABD0-500D70C08B59}: DhcpNameServer = 192.168.10.1
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.11.06 16:20:56 | 000,000,000 | ---D | M] - D:\AUTODESK.3DSMAX.V2012-ISO -- [ NTFS ]
O32 - AutoRun File - [2011.06.30 18:54:06 | 000,011,354 | ---- | M] () - D:\AUTODESK.3DSMAX.V2012-ISO.1.torrent -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - State: "startup" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2011.12.10 21:51:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.12.10 21:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.12.10 21:51:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.12.10 21:50:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011.12.10 21:50:24 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Local\Apple
[2011.12.10 21:50:21 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011.12.10 21:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011.12.10 12:42:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.10 12:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011.12.07 12:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ThreatFire
[2011.12.07 12:19:11 | 000,069,392 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2011.12.07 12:19:11 | 000,051,984 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2011.12.07 12:19:11 | 000,033,552 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2011.12.07 12:19:04 | 000,000,000 | ---D | C] -- C:\Program Files\ThreatFire
[2011.12.07 12:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2011.12.07 11:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2011.12.07 11:02:30 | 000,196,608 | ---- | C] (Works Ltd.) -- C:\Windows\System32\aptwtypn6.dll
[2011.12.07 00:14:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011.12.07 00:12:44 | 000,926,560 | ---- | C] (DivX, LLC) -- C:\Users\Arne Admin\Desktop\DivXInstaller.exe
[2011.12.07 00:02:11 | 000,114,000 | ---- | C] (Joosoft.com GmbH) -- C:\Windows\System32\UpdSvc.dll
[2011.12.06 23:49:00 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Local\Logitech
[2011.12.06 19:01:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.12.06 14:01:58 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\Winamp
[2011.12.06 14:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp
[2011.12.06 12:59:35 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\WinRAR
[2011.12.06 12:59:14 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.12.06 11:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2011.12.06 11:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2011.12.06 11:14:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2011.12.06 11:14:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2011.12.06 10:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay
[2011.12.06 10:57:15 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2011.12.06 10:57:15 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2011.12.06 00:30:51 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Local\Ahead
[2011.12.06 00:30:50 | 000,000,000 | ---D | C] -- C:\Program Files\NeroInstall.bak
[2011.12.06 00:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 8
[2011.12.06 00:24:09 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\Nero
[2011.12.06 00:20:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2011.12.06 00:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Nero
[2011.12.06 00:20:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011.12.06 00:08:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2011.12.06 00:08:32 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2011.12.06 00:07:54 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2011.12.05 23:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
[2011.12.05 23:10:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011.12.05 22:33:12 | 000,836,496 | ---- | C] (<Turtle Entertainment>;) -- C:\Windows\System32\drivers\ESLWireACD.sys
[2011.12.05 22:33:06 | 000,024,504 | ---- | C] (Turtle Entertainment GmbH) -- C:\Windows\System32\drivers\ESLvnic.sys
[2011.12.05 22:33:06 | 000,000,000 | ---D | C] -- C:\ProgramData\ESL Wire
[2011.12.05 22:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\EslWire
[2011.12.05 22:19:12 | 000,000,000 | ---D | C] -- C:\Programe
[2011.12.05 21:51:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2011.12.05 21:50:16 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2011.12.05 21:50:15 | 001,725,784 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll
[2011.12.05 21:50:15 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2011.12.05 21:50:15 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2011.12.05 21:50:15 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2011.12.05 21:50:15 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2011.12.05 21:50:13 | 000,214,368 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFNHK.dll
[2011.12.05 21:50:13 | 000,074,080 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFCOM.dll
[2011.12.05 21:50:13 | 000,068,960 | ---- | C] (Synopsys, Inc.) -- C:\Windows\System32\SFAPO.dll
[2011.12.05 21:50:10 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2011.12.05 21:50:10 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2011.12.05 21:50:10 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2011.12.05 21:50:10 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2011.12.05 21:50:10 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2011.12.05 21:50:10 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2011.12.05 21:50:09 | 003,296,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll
[2011.12.05 21:50:09 | 000,345,944 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll
[2011.12.05 21:50:09 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll
[2011.12.05 21:50:09 | 000,103,256 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll
[2011.12.05 21:50:09 | 000,088,408 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll
[2011.12.05 21:50:09 | 000,061,272 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll
[2011.12.05 21:50:08 | 003,327,320 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll
[2011.12.05 21:50:08 | 001,836,376 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2011.12.05 21:50:08 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll
[2011.12.05 21:50:08 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2011.12.05 21:50:08 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2011.12.05 21:50:07 | 000,357,712 | ---- | C] (Knowles Acoustics ) -- C:\Windows\System32\KAAPORT.dll
[2011.12.05 21:50:01 | 001,740,352 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2011.12.05 21:50:01 | 000,601,704 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2011.12.05 21:50:01 | 000,413,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PLFX32.dll
[2011.12.05 21:50:01 | 000,390,656 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PGFX32.dll
[2011.12.05 21:50:01 | 000,327,168 | ---- | C] (DTS) -- C:\Windows\System32\DTSU2PREC32.dll
[2011.12.05 21:50:00 | 001,509,480 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2011.12.05 21:50:00 | 001,292,904 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2011.12.05 21:50:00 | 001,220,200 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2011.12.05 21:50:00 | 000,654,952 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2011.12.05 21:50:00 | 000,631,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2011.12.05 21:50:00 | 000,458,344 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2011.12.05 21:50:00 | 000,389,736 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2011.12.05 21:50:00 | 000,375,400 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2011.12.05 21:50:00 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2011.12.05 21:50:00 | 000,218,728 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2011.12.05 21:50:00 | 000,218,216 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2011.12.05 21:49:54 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2011.12.05 21:49:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011.12.05 21:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2011.12.05 21:04:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011.12.05 17:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011.12.05 16:49:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2011.12.05 16:35:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011.12.05 16:35:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011.12.05 16:35:22 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011.12.05 16:01:28 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2011.12.05 09:58:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2011.12.05 00:40:31 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2011.12.05 00:06:27 | 000,000,000 | ---D | C] -- C:\1b2fd4b0d90ddafd59dd5fae
[2011.12.04 23:56:34 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\Macromedia
[2011.12.04 23:56:34 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\Adobe
[2011.12.04 23:56:25 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2011.12.04 23:28:39 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Local\Apps
[2011.12.04 22:54:42 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\Mozilla
[2011.12.04 22:54:42 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Local\Mozilla
[2011.12.04 22:54:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.12.04 20:40:27 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2011.12.04 18:42:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2011.12.04 18:42:00 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.12.04 18:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2011.12.04 18:37:20 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.04 18:30:02 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.12.04 18:30:00 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2011.12.04 18:29:44 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\InstallShield
[2011.12.04 18:27:29 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\F-Secure
[2011.12.04 18:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\F-Secure
[2011.12.04 18:12:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.04 18:11:57 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.12.04 18:11:57 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Searches
[2011.12.04 18:11:57 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.12.04 18:11:49 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\Identities
[2011.12.04 18:11:47 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Contacts
[2011.12.04 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Local\VirtualStore
[2011.12.04 18:11:43 | 000,000,000 | --SD | C] -- C:\Users\Arne Admin\AppData\Roaming\Microsoft
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Videos
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Saved Games
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Pictures
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Music
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Links
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Favorites
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Downloads
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Documents
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\Desktop
[2011.12.04 18:11:43 | 000,000,000 | R--D | C] -- C:\Users\Arne Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Vorlagen
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\AppData\Local\Verlauf
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\AppData\Local\Temporary Internet Files
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Startmenü
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\SendTo
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Recent
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Netzwerkumgebung
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Lokale Einstellungen
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Documents\Eigene Videos
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Documents\Eigene Musik
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Eigene Dateien
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Documents\Eigene Bilder
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Druckumgebung
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Cookies
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\AppData\Local\Anwendungsdaten
[2011.12.04 18:11:43 | 000,000,000 | -HSD | C] -- C:\Users\Arne Admin\Anwendungsdaten
[2011.12.04 18:11:43 | 000,000,000 | -H-D | C] -- C:\Users\Arne Admin\AppData
[2011.12.04 18:11:43 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Local\Temp
[2011.12.04 18:11:43 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Local\Microsoft
[2011.12.04 18:11:43 | 000,000,000 | ---D | C] -- C:\Users\Arne Admin\AppData\Roaming\Media Center Programs
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\Programme
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2011.12.04 18:08:18 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2011.12.04 18:00:06 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011.12.04 17:55:52 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011.11.18 14:34:08 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\Windows\System32\roboex32.dll
[2011.11.18 14:34:08 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\inetwh32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2011.12.13 16:44:19 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.13 16:44:19 | 000,003,264 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.13 10:50:37 | 000,630,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.13 10:50:37 | 000,597,898 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.13 10:50:37 | 000,127,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.13 10:50:37 | 000,104,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.13 10:44:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.13 10:44:15 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.07 18:00:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.12.07 12:13:02 | 000,000,039 | ---- | M] () -- C:\Windows\WININIT.INI
[2011.12.07 11:02:30 | 000,196,608 | ---- | M] (Works Ltd.) -- C:\Windows\System32\aptwtypn6.dll
[2011.12.07 00:12:45 | 000,926,560 | ---- | M] (DivX, LLC) -- C:\Users\Arne Admin\Desktop\DivXInstaller.exe
[2011.12.07 00:02:11 | 000,114,000 | ---- | M] (Joosoft.com GmbH) -- C:\Windows\System32\UpdSvc.dll
[2011.12.06 19:03:01 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.12.06 11:52:58 | 000,000,547 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\nmmonitor - Verknüpfung.lnk
[2011.12.06 10:27:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2011.12.06 10:26:57 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2011.12.06 00:23:20 | 000,001,024 | ---- | M] () -- C:\.rnd
[2011.12.05 23:53:33 | 000,000,752 | ---- | M] () -- C:\Users\Arne Admin\Desktop\µTorrent.lnk
[2011.12.05 17:48:14 | 000,228,296 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.05 17:44:14 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.12.05 17:36:10 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.12.05 17:36:10 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.12.05 17:35:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.12.05 16:34:30 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011.12.05 00:27:49 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2011.12.05 00:27:48 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2011.12.04 23:51:09 | 000,000,275 | ---- | M] () -- C:\Users\Arne Admin\Desktop\Festplatte F.lnk
[2011.12.04 23:51:04 | 000,000,281 | ---- | M] () -- C:\Users\Arne Admin\Desktop\D wie Torrent.lnk
[2011.12.04 22:54:38 | 000,000,740 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.04 22:30:30 | 000,005,120 | ---- | M] () -- C:\Users\Arne Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.04 22:28:28 | 000,001,820 | ---- | M] () -- C:\Windows\System32\rasctrnm.h
[2011.12.04 22:18:09 | 002,501,921 | ---- | M] () -- C:\Windows\System32\wlan.tmf
[2011.12.04 22:18:02 | 000,015,181 | ---- | M] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2011.12.04 20:31:00 | 027,000,832 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011.12.04 20:31:00 | 000,262,144 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011.12.04 20:31:00 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011.12.04 18:40:35 | 000,000,680 | ---- | M] () -- C:\Users\Arne Admin\AppData\Local\d3d9caps.dat
[2011.12.04 18:37:20 | 169,668,623 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.04 18:23:11 | 000,118,842 | ---- | M] () -- C:\Windows\bwUnin-6.3.2.116-7681197L.exe
[2011.12.04 18:04:44 | 000,054,990 | ---- | M] () -- C:\Windows\System32\license.rtf
[2011.12.04 17:54:36 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2011.11.28 13:19:56 | 000,265,120 | ---- | M] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.11.28 13:19:46 | 000,836,496 | ---- | M] (<Turtle Entertainment>;) -- C:\Windows\System32\drivers\ESLWireACD.sys
[2011.11.28 13:19:46 | 000,024,504 | ---- | M] (Turtle Entertainment GmbH) -- C:\Windows\System32\drivers\ESLvnic.sys
[2011.11.18 14:34:08 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\Windows\System32\roboex32.dll
[2011.11.18 14:34:08 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\Windows\System32\inetwh32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2011.12.10 21:50:22 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011.12.07 18:00:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011.12.07 12:13:02 | 000,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.12.06 19:03:01 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.12.06 19:01:52 | 000,001,808 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.12.06 11:52:58 | 000,000,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\nmmonitor - Verknüpfung.lnk
[2011.12.06 10:27:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2011.12.06 10:26:57 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2011.12.06 00:23:19 | 000,001,024 | ---- | C] () -- C:\.rnd
[2011.12.05 23:53:33 | 000,000,752 | ---- | C] () -- C:\Users\Arne Admin\Desktop\µTorrent.lnk
[2011.12.05 22:33:16 | 000,265,120 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe
[2011.12.05 21:50:10 | 000,150,996 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2011.12.05 17:44:14 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011.12.05 17:35:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.12.05 16:34:30 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_00_00.Wdf
[2011.12.05 15:59:13 | 000,130,008 | ---- | C] () -- C:\Windows\System32\systemsf.ebd
[2011.12.05 15:59:11 | 000,009,239 | ---- | C] () -- C:\Windows\System32\spcinstrumentation.man
[2011.12.05 15:59:03 | 000,442,788 | ---- | C] () -- C:\Windows\System32\dot3.tmf
[2011.12.05 15:59:01 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.12.05 15:59:00 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.12.05 15:58:58 | 000,392,170 | ---- | C] () -- C:\Windows\System32\onex.tmf
[2011.12.05 15:58:53 | 000,344,698 | ---- | C] () -- C:\Windows\System32\eaphost.tmf
[2011.12.05 15:58:37 | 000,208,966 | ---- | C] () -- C:\Windows\System32\WFP.TMF
[2011.12.05 15:58:34 | 000,092,918 | ---- | C] () -- C:\Windows\System32\slmgr.vbs
[2011.12.05 15:57:41 | 000,009,212 | ---- | C] () -- C:\Windows\System32\RacUR.xml
[2011.12.05 15:57:35 | 000,000,153 | ---- | C] () -- C:\Windows\System32\RacUREx.xml
[2011.12.05 10:15:41 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.12.05 10:15:39 | 011,967,524 | ---- | C] () -- C:\Windows\System32\korwbrkr.lex
[2011.12.05 09:55:36 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2011.12.05 09:55:36 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2011.12.05 09:55:36 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2011.12.05 00:00:19 | 000,012,198 | ---- | C] () -- C:\Windows\System32\gatherWiredInfo.vbs
[2011.12.05 00:00:17 | 000,144,909 | ---- | C] () -- C:\Windows\System32\fsmgmt.msc
[2011.12.05 00:00:15 | 000,145,455 | ---- | C] () -- C:\Windows\System32\perfmon.msc
[2011.12.05 00:00:15 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01007_Inbox_Critical.Wdf
[2011.12.04 23:51:09 | 000,000,275 | ---- | C] () -- C:\Users\Arne Admin\Desktop\Festplatte F.lnk
[2011.12.04 23:51:04 | 000,000,281 | ---- | C] () -- C:\Users\Arne Admin\Desktop\D wie Torrent.lnk
[2011.12.04 22:54:38 | 000,000,740 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.12.04 22:28:28 | 000,001,820 | ---- | C] () -- C:\Windows\System32\rasctrnm.h
[2011.12.04 22:18:09 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2011.12.04 22:18:02 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2011.12.04 20:44:15 | 000,005,120 | ---- | C] () -- C:\Users\Arne Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.12.04 20:24:57 | 027,000,832 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2011.12.04 20:24:57 | 000,262,144 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2011.12.04 20:24:57 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2011.12.04 18:37:12 | 169,668,623 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.04 18:23:11 | 000,118,842 | ---- | C] () -- C:\Windows\bwUnin-6.3.2.116-7681197L.exe
[2011.12.04 18:11:58 | 000,000,949 | ---- | C] () -- C:\Users\Arne Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011.12.04 18:11:56 | 000,000,944 | ---- | C] () -- C:\Users\Arne Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.12.04 18:11:47 | 000,000,915 | ---- | C] () -- C:\Users\Arne Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011.12.04 18:11:44 | 000,000,680 | ---- | C] () -- C:\Users\Arne Admin\AppData\Local\d3d9caps.dat
[2011.12.04 18:06:29 | 3487,752,192 | -HS- | C] () -- C:\hiberfil.sys
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2006.12.11 05:06:31 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006.11.02 16:33:31 | 000,630,604 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,127,054 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,228,296 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,597,898 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,104,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2011.12.04 18:27:29 | 000,000,000 | ---D | M] -- C:\Users\Arne Admin\AppData\Roaming\F-Secure
[2011.12.13 00:17:07 | 000,018,344 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2011.12.05 20:40:46 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.12.05 00:06:42 | 000,000,000 | ---D | M] -- C:\1b2fd4b0d90ddafd59dd5fae
[2011.12.05 16:42:46 | 000,000,000 | -HSD | M] -- C:\Boot
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2011.12.04 18:08:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.05 00:40:31 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.10 21:51:27 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.10 21:51:26 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2011.12.05 22:19:12 | 000,000,000 | ---D | M] -- C:\Programe
[2011.12.04 18:08:18 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.12.13 17:01:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.12.05 20:39:58 | 000,000,000 | R--D | M] -- C:\Users
[2011.12.07 12:13:08 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]


[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011.12.04 21:29:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011.12.04 21:29:17 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011.12.04 21:29:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007.08.27 04:10:03 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011.12.04 22:20:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007.08.27 03:01:58 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\SoftwareDistribution\Download\f411dcb0df2de951a1b7d68be5b8fec7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2011.12.04 22:20:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\SoftwareDistribution\Download\7061d8bdfc6a60f6588941d7a2c304c7\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2011.12.04 21:29:18 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-12 16:46:02

< End of report >
Seitenanfang Seitenende
13.12.2011, 17:58
PapaSTone
Member

Themenstarter

Beiträge: 149
#4 EXTRA.txt

Zitat

OTL Extras logfile created on: 13.12.2011 16:59:17 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Arne\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,25 Gb Total Physical Memory | 1,98 Gb Available Physical Memory | 61,03% Memory free
6,72 Gb Paging File | 5,46 Gb Available in Paging File | 81,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,35 Gb Total Space | 161,55 Gb Free Space | 71,37% Space Free | Partition Type: NTFS
Drive D: | 149,05 Gb Total Space | 9,28 Gb Free Space | 6,23% Space Free | Partition Type: NTFS
Drive E: | 15,67 Gb Total Space | 9,51 Gb Free Space | 60,67% Space Free | Partition Type: FAT32
Drive F: | 223,72 Gb Total Space | 55,14 Gb Free Space | 24,65% Space Free | Partition Type: NTFS

Computer Name: ARNE-PC | User Name: Arne Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C7F9A5-5BED-4F4E-B996-771EE44EEBFF}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{2FE6A0B5-673A-488B-85A8-9BBBC1893D90}" = protocol=17 | dir=in | app=c:\program files\f-secure\backweb\7681197\program\f-secure automatic update.exe |
"{519696A5-32CF-4919-BCDD-1061F29078CA}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{80EDB64A-BF8D-4DBD-80B8-FAC2BF678FF2}" = dir=in | app=c:\program files\eslwire\wire.exe |
"{866F8F02-0569-499D-8CC0-DA544BD3787A}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{B069F5EC-15BA-415D-9F2F-D223B8EA80ED}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{B122A9E6-727F-4680-B68F-1C24F195F8D4}" = dir=out | app=c:\program files\eslwire\wire.exe |
"{B474A0D1-E167-442E-95D0-1500D12CDE59}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D7F96BFE-CD41-46DC-A8AC-E74BF8F93915}" = protocol=6 | dir=in | app=c:\program files\f-secure\backweb\7681197\program\f-secure automatic update.exe |
"{DB716B68-1630-4A5F-A67F-48E7A7D85927}" = protocol=6 | dir=in | app=c:\program files\f-secure\backweb\7681197\program\f-secure automatic update.exe |
"{DF9A6DC0-B00A-4886-A2E5-BA8564DFDEFA}" = protocol=17 | dir=in | app=c:\program files\f-secure\backweb\7681197\program\f-secure automatic update.exe |
"TCP Query User{1C678B55-7706-48C5-8D20-228FFCFC439E}C:\users\arne\desktop\shortcuts\utorrent.exe" = protocol=6 | dir=in | app=c:\users\arne\desktop\shortcuts\utorrent.exe |
"TCP Query User{527696C4-88B7-41F3-AECA-301CED0991A0}F:\steam\steamapps\halfpart228\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\halfpart228\counter-strike source\hl2.exe |
"UDP Query User{AA08A6CF-A89F-4350-84CE-C97725C9CA2F}F:\steam\steamapps\halfpart228\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\halfpart228\counter-strike source\hl2.exe |
"UDP Query User{E5524282-F8B2-452D-97DC-13B485D82BF1}C:\users\arne\desktop\shortcuts\utorrent.exe" = protocol=17 | dir=in | app=c:\users\arne\desktop\shortcuts\utorrent.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DivX Setup" = DivX-Setup
"ESL Wire_is1" = ESL Wire 1.11
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 8.0.1 (x86 de)" = Mozilla Firefox 8.0.1 (x86 de)
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 240" = Counter-Strike: Source
"Winamp" = Winamp
"WinRAR archiver" = WinRAR 4.01 (32-Bit)

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 10.12.2011 12:51:53 | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\DivX\DivX
Control Panel\DivXControlPanelLauncher.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 10.12.2011 12:51:53 | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\DivX\DivX
Control Panel\DivXControlPanelLauncher.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 10.12.2011 12:51:53 | Computer Name = Arne-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\DivX\DivX
Control Panel\DivXControlPanelLauncher.exe". Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.4053""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 10.12.2011 18:34:16 | Computer Name = Arne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4ea78f27,
fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4ea790c9, Ausnahmecode 0xc0000005, Fehleroffset 0x675bf1e9, Prozess-ID 0x1550,
Anwendungsstartzeit 01ccb7866eabfef7.

Error - 10.12.2011 18:34:28 | Computer Name = Arne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wire.exe, Version 1.11.0.7282, Zeitstempel 0x4ed4ce85,
fehlerhaftes Modul MSVCR90.dll, Version 9.0.30729.6161, Zeitstempel 0x4dace5b9,
Ausnahmecode 0xc0000005, Fehleroffset 0x00051251, Prozess-ID 0x12ac, Anwendungsstartzeit
01ccb785b30f9587.

Error - 10.12.2011 19:23:13 | Computer Name = Arne-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6002.18005 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: eb4 Anfangszeit: 01ccb7854a6a8d57 Zeitpunkt
der Beendigung: 85

Error - 11.12.2011 17:46:07 | Computer Name = Arne-PC | Source = Application Hang | ID = 1002
Description = Programm hl2.exe, Version 0.0.0.0 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 167c Anfangszeit: 01ccb84df10f7b50 Zeitpunkt der Beendigung:
126

Error - 11.12.2011 18:26:57 | Computer Name = Arne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung wire.exe, Version 1.11.0.7282, Zeitstempel 0x4ed4ce85,
fehlerhaftes Modul QtDBus4.dll, Version 4.7.1.0, Zeitstempel 0x4cff6772, Ausnahmecode
0xc0000005, Fehleroffset 0x000239d5, Prozess-ID 0x139c, Anwendungsstartzeit 01ccb84e7df87ad0.

Error - 11.12.2011 18:30:25 | Computer Name = Arne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4ea78f27,
fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4ea790c9, Ausnahmecode 0xc0000005, Fehleroffset 0x67f0f1e9, Prozess-ID 0x1680,
Anwendungsstartzeit 01ccb84e9a5c3db0.

Error - 12.12.2011 16:46:42 | Computer Name = Arne-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung hl2.exe, Version 0.0.0.0, Zeitstempel 0x4ea78f27,
fehlerhaftes Modul filesystem_steam.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4ea790c9, Ausnahmecode 0xc0000005, Fehleroffset 0x6980f1e9, Prozess-ID 0x280, Anwendungsstartzeit
01ccb90dd181f574.


< End of report >
Seitenanfang Seitenende
13.12.2011, 18:01
PapaSTone
Member

Themenstarter

Beiträge: 149
#5 leider ist die txt datei von gmer zu lang um es hier zu posten.
deswegen packe ich die mal in den anhang.
ich hoffe das ist OK?!

Anhang: gmer.txt
Seitenanfang Seitenende
14.12.2011, 19:05
Swisstreasure
Moderator

Beiträge: 5694
#6 Schritt 1

• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die Textbox.

Code

:OTL
O32 - AutoRun File - [2011.11.06 16:20:56 | 000,000,000 | ---D | M] - D:\AUTODESK.3DSMAX.V2012-ISO -- [ NTFS ]
O32 - AutoRun File - [2011.06.30 18:54:06 | 000,011,354 | ---- | M] () - D:\AUTODESK.3DSMAX.V2012-ISO.1.torrent -- [ NTFS ]
:Commands
[purity]
[emptytemp]
• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.
Seitenanfang Seitenende
14.12.2011, 21:20
PapaSTone
Member

Themenstarter

Beiträge: 149
#7 das mit autodesk hatte ich auch schon gesehen.
aber was genau soll das heissen?

Code

:OTL
O32 - AutoRun File - [2011.11.06 16:20:56 | 000,000,000 | ---D | M] - D:\AUTODESK.3DSMAX.V2012-ISO -- [ NTFS ]
O32 - AutoRun File - [2011.06.30 18:54:06 | 000,011,354 | ---- | M] () - D:\AUTODESK.3DSMAX.V2012-ISO.1.torrent -- [ NTFS ]
:Commands
[purity]
[emptytemp]
jedenfalls hatte ich autodesk schon von der festplatte geloescht.
dementsprechend sieht jetzt die otl log datei jetzt so aus:

Code

All processes killed
========== OTL ==========
File  not found.
File D:\AUTODESK.3DSMAX.V2012-ISO.1.torrent not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Arne
->Temp folder emptied: 33163454 bytes
->Temporary Internet Files folder emptied: 24753913 bytes
->FireFox cache emptied: 689041754 bytes
->Flash cache emptied: 2179 bytes
 
User: Arne Admin
->Temp folder emptied: 444935780 bytes
->Temporary Internet Files folder emptied: 86940274 bytes
->FireFox cache emptied: 82106935 bytes
->Flash cache emptied: 914 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 25320010 bytes
RecycleBin emptied: 574312 bytes
 
Total Files Cleaned = 1.323,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12142011_210406
ausserdem ist das problem nach wie vor noch da (vom ersten post)
hier nochmal ein bild davon

Anhang: protecus.jpg
Seitenanfang Seitenende
15.12.2011, 15:09
Swisstreasure
Moderator

Beiträge: 5694
#8 Wo bleibt Schritt 2?
Seitenanfang Seitenende
15.12.2011, 20:20
PapaSTone
Member

Themenstarter

Beiträge: 149
#9 ja schritt 2 kommt.
was heisst denn das:

Code

:OTL
O32 - AutoRun File - [2011.11.06 16:20:56 | 000,000,000 | ---D | M] - D:\AUTODESK.3DSMAX.V2012-ISO -- [ NTFS ]
O32 - AutoRun File - [2011.06.30 18:54:06 | 000,011,354 | ---- | M] () - D:\AUTODESK.3DSMAX.V2012-ISO.1.torrent -- [ NTFS ]
:Commands
[purity]
[emptytemp]
kannst du mir das mal auf deutsch uebersetzen?
Seitenanfang Seitenende
15.12.2011, 20:36
PapaSTone
Member

Themenstarter

Beiträge: 149
#10 hier schritt 2

Code

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8377

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

15.12.2011 20:35:31
mbam-log-2011-12-15 (20-35-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 186730
Laufzeit: 3 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Seitenanfang Seitenende
15.12.2011, 22:56
Swisstreasure
Moderator

Beiträge: 5694
#11

Zitat

kannst du mir das mal auf deutsch uebersetzen?
Würde zu lange gehen ;)

Kommt die Meldung dann noch?
Seitenanfang Seitenende
16.12.2011, 01:29
PapaSTone
Member

Themenstarter

Beiträge: 149
#12 bis jetzt noch nicht.

dann sag mir wenigsten in kurzen saetzen was das ganze mit D:\AUTODESK.3DSMAX zu tun hat? was ist da drin? ein trojaner?
Seitenanfang Seitenende
16.12.2011, 13:59
Swisstreasure
Moderator

Beiträge: 5694
#13 Nein hat es nicht.
Unter O32 - AutoRun File werden die die Daten angezeigt welche bei USB Stick z.b. einfach ausgeführt werden. Die lassen wir aus Prinzip löschen.

Ich sehe im Log nichts schädliches mehr.

Führe noch ein Eset Onlinescan durch:
http://www.eset.com/us/online-scanner/
Seitenanfang Seitenende
Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:
Seite(n): 1