Home » Viren, Trojaner & Malware Forum » BKA trojaner shell.txt » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2

Antworten

BKA trojaner shell.txt

12.02.2012, 21:00

Gonzi

Member

Beiträge: 32

#1 Moin,
habe den bka trojaner aufm rechner.

hatte nach dem ersten mal als der kram auftauchte den rechner ohne inet hochgefahren und konnte dann auch wieder auf alles zugreifen,
hatte dann mwb und avira durchlaufen lassen avira hatte dann auch 8 viren gefunden und in quarantäne verschoben und beim nächsten durchlauf auch nichts mehr gefunden.

jetzt am nächsten tag ist der ganze kram allerdings wieder gekommen (war kurz afk hatte nix offen kein firefox oder co. und als ich wieder da war blinkte der kram schon wieder auf.

habe jetzt die schritte aus dem thread mit srep.exe befolgt aber leider hat er sich danach wieder nach dem hochfahren gemeldet und nix ging hab dann den rechner dann wieder ohne internet gestartet (also einfach kabel gezogen) und bin gleich nachm start in den task manager und kann jetzt auch wieder alles machen.
im taskmanager lief jetzt der prozess "firefox.exe" mit beschreibung "unto shiny barry gleam elroy bean" obwohl noch kein firefox gestartet wurde (wird wohl was davon sein)

hier die shell.txt:

WIN_VISTA X86 Service Pack 2
Running from E:\

HKLM\..\Winlogon; Shell = explorer.exe [ Microsoft Corporation ]
.
.
.
HKCU\..\Winlogon; Shell not found
.

[System Process]
System
smss.exe
csrss.exe
csrss.exe
wininit.exe
winlogon.exe
services.exe
lsass.exe
lsm.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
cmd.exe
srep.exe
WmiPrvSE.exe

HKLM\..\Run [Windows Defender] = %ProgramFiles%\Windows Defender\MSASCui.exe -hide
HKLM\..\Run [Gainward] = C:\Windows\TBPanel.exe /A
HKLM\..\Run [SkyTel] = C:\Program Files\Realtek\Audio\HDA\Skytel.exe
HKLM\..\Run [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
HKLM\..\Run [avgnt] = "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\..\Run [Zboard] = C:\Program Files\Ideazon\ZEngine\Zboard.exe

HKCU\..\Run [ffdwnd] = C:\Users\Friendo\AppData\Local\Mozilla\Firefox\firefox.exe

HKU\.DEFAULT\..\Winlogon; Shell =
HKU\S-1-5-19\..\Winlogon; Shell =
HKU\S-1-5-20\..\Winlogon; Shell =
HKU\S-1-5-21-3949183588-44722115-1878847297-1001\..\Winlogon; Shell =
HKU\S-1-5-21-3949183588-44722115-1878847297-1001_Classes\..\Winlogon; Shell =
HKU\S-1-5-18\..\Winlogon; Shell =

HKU\S-1-5-19\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-19\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\..\Run [Sidebar] = %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
HKU\S-1-5-20\..\Run [WindowsWelcomeCenter] = rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-3949183588-44722115-1878847297-1001\..\Run [ffdwnd] = C:\Users\Friendo\AppData\Local\Mozilla\Firefox\firefox.exe

==== FINISH 12.02-20.39 ====

ps: eine frage noch ließt dieser bka trojaner eigentlich auch passwörter usw aus oder is der nur auf dieses geldüberweisen ding ausgelegt ?

grüße Simon

12.02.2012, 22:15

Swisstreasure

Moderator

Beiträge: 5694

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
• Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

12.02.2012, 22:49

Gonzi

Member

Themenstarter

Beiträge: 32

#3 jetzt hat er wieder was gefunden:

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
Friendo :: THEDUDE-PC [Administrator]

12.02.2012 22:42:55
mbam-log-2012-02-12 (22-42-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 174012
Laufzeit: 5 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Friendo\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

-
hatte danach probiert den rechner mit internet hochzufahren aber dann kam der kba kram direkt wieder

Dieser Beitrag wurde am 13.02.2012 um 00:57 Uhr von Gonzi editiert.

14.02.2012, 12:03

Swisstreasure

Moderator

Beiträge: 5694

#4 Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

14.02.2012, 18:14

Gonzi

Member

Themenstarter

Beiträge: 32

#5 otl:

OTL logfile created on: 14.02.2012 17:48:43 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Friendo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,75 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 71,20% Memory free
5,71 Gb Paging File | 4,84 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 3,11 Gb Free Space | 1,33% Space Free | Partition Type: NTFS

Computer Name: THEDUDE-PC | User Name: Friendo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.02.14 17:47:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Friendo\Desktop\OTL.exe
PRC - [2011.06.29 09:22:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 19:00:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.22 09:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Programme\Ideazon\ZEngine\Zboard.exe
PRC - [2010.11.03 10:21:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2011.10.16 19:20:49 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.ni.dll
MOD - [2011.10.16 19:20:49 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll
MOD - [2011.10.16 19:20:49 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\02768700bc8f762ccfe37785ba8eb498\System.EnterpriseServices.Wrapper.dll
MOD - [2011.10.16 19:20:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll
MOD - [2011.10.16 19:20:37 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011.10.16 16:40:12 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll
MOD - [2011.10.16 16:39:57 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll
MOD - [2011.10.16 16:39:48 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll
MOD - [2011.10.16 16:39:37 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll
MOD - [2011.10.16 16:38:59 | 007,950,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll
MOD - [2011.10.16 16:38:50 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.06.08 12:03:02 | 000,112,318 | ---- | M] () -- C:\Users\Friendo\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
MOD - [2011.02.16 12:38:44 | 000,015,872 | ---- | M] () -- C:\Programme\Ideazon\ZEngine\AxWBOCXLib.dll
MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.04.10 22:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.04.10 18:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.29 20:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.29 20:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.29 20:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (HPSLPSVC)
SRV - File not found [Auto | Stopped] -- -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - [2012.01.06 05:10:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.29 09:22:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.10 00:58:04 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.04.28 19:00:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011.10.18 18:02:25 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.06.29 09:22:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 09:22:30 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.08.10 07:45:08 | 000,043,656 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2010.08.10 07:45:08 | 000,020,744 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.12 16:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.23 08:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007.05.01 14:48:06 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiHFF0C.sys -- (SaiHFF0C)
DRV - [2007.05.01 14:48:06 | 000,028,416 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiUFF0C.sys -- (SaiUFF0C)
DRV - [2007.03.20 10:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2007.03.16 03:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006.09.21 08:39:16 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.08.07 09:39:24 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvnetbus.sys -- (nvnetbus)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.110.0
FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.01 12:23:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 12:23:46 | 000,000,000 | ---D | M]

[2010.05.27 13:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friendo\AppData\Roaming\mozilla\Extensions
[2012.02.13 22:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friendo\AppData\Roaming\mozilla\Firefox\Profiles\gd9ocqel.default\extensions
[2011.05.07 15:38:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Friendo\AppData\Roaming\mozilla\Firefox\Profiles\gd9ocqel.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.15 01:41:49 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Users\Friendo\AppData\Roaming\mozilla\Firefox\Profiles\gd9ocqel.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011.08.01 03:05:28 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Friendo\AppData\Roaming\mozilla\Firefox\Profiles\gd9ocqel.default\extensions\battlefieldheroespatcher@ea.com
[2011.03.15 01:44:02 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.10 04:44:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.03.15 01:44:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.03.15 01:44:02 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Gainward] C:\Windows\TBPanel.exe (Gainward Co.)
O4 - HKLM..\Run: [SkyTel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zboard] C:\Programme\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Friendo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1A1DF79-41B6-4C98-B3FA-1317CFC9EE09}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E65329E7-1429-4C75-BB64-468A44D0B558}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Friendo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Friendo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{42e20b82-7203-11de-913b-00044b0277d3}\Shell - "" = AutoRun
O33 - MountPoints2\{42e20b82-7203-11de-913b-00044b0277d3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {242F03F3-16AD-1363-C0B2-1B0D02C057BD} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45BC47D7-A53B-45C6-60A2-B75477566CD0} - Internet Explorer
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6ECAD5B6-588F-C7F4-0260-2B9685F17A39} - Java (Sun)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B69C891F-7A10-56C2-5702-52774812F974} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E4587C49-6630-1F4C-D283-1782E77200B4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: ffdwnd - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - File not found
MsConfig - StartUpReg: Launch LCore - hkey= - key= - File not found
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.02.14 17:47:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Friendo\Desktop\OTL.exe
[2012.02.12 22:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.12 22:42:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.12 22:40:10 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Friendo\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.09 22:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012.02.04 16:11:39 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\neu
[2012.02.04 02:52:11 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Versch
[2012.02.04 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Lustige Sachen
[2012.02.02 21:09:29 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Neuer Ordner (2)
[2012.01.31 12:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2012.01.31 12:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2012.01.31 12:18:20 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\gutzy klassenreise
[2012.01.31 12:15:58 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Thohomo Klassenreise
[2012.01.31 12:15:44 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Tag 4 Abreise
[2012.01.31 12:14:43 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Tag 3
[2012.01.31 12:13:41 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Tag 2
[2012.01.31 12:12:22 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Tag 1 Anreise
[2012.01.24 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Neuer Ordner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.02.14 17:47:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Friendo\Desktop\OTL.exe
[2012.02.14 17:29:50 | 000,673,506 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.14 17:29:50 | 000,634,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.14 17:29:50 | 000,145,460 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.14 17:29:50 | 000,119,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.14 17:23:16 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 17:23:16 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 17:23:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.14 17:23:10 | 2951,151,616 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.12 22:42:11 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.12 22:40:24 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Friendo\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.10 17:29:39 | 000,000,558 | ---- | M] () -- C:\Windows\DFC.INI
[2012.02.10 01:37:58 | 001,274,964 | ---- | M] () -- C:\Users\Friendo\Desktop\mcpatcher-2.3.2_01.exe
[2012.02.09 18:08:44 | 000,066,636 | ---- | M] () -- C:\Users\Friendo\Desktop\rage-comics-slurpee-time.png
[2012.02.07 01:04:49 | 000,191,506 | ---- | M] () -- C:\Users\Friendo\Desktop\gfhjfhj.jpg
[2012.02.06 15:48:50 | 000,153,600 | ---- | M] () -- C:\Users\Friendo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.04 03:41:05 | 000,172,210 | ---- | M] () -- C:\Users\Friendo\Desktop\Hanging_Gardens_of_Babylon.jpg
[2012.02.04 03:37:49 | 013,887,765 | ---- | M] () -- C:\Users\Friendo\Desktop\Chichen_Itza_3.jpg
[2012.02.04 03:35:06 | 000,875,936 | ---- | M] () -- C:\Users\Friendo\Desktop\Machu_Picchu_Peru1.jpg
[2012.02.02 21:47:35 | 001,399,046 | ---- | M] () -- C:\Users\Friendo\Desktop\Blood_Angel_Captain_by_cyphercodicer2.jpg
[2012.02.02 21:31:51 | 000,319,790 | ---- | M] () -- C:\Users\Friendo\Desktop\drive_me_closer_i_want_to_hit_them_with_my_sword.png
[2012.02.02 21:28:42 | 005,010,006 | ---- | M] () -- C:\Users\Friendo\Desktop\Warhammer-40000-Dark-Millennium-crash-4e95b6be05f6e.jpg
[2012.02.02 21:28:19 | 000,041,839 | ---- | M] () -- C:\Users\Friendo\Desktop\DSCN0701.JPG
[2012.02.02 21:28:17 | 000,042,231 | ---- | M] () -- C:\Users\Friendo\Desktop\DSCN0702.JPG
[2012.02.02 21:26:16 | 000,198,551 | ---- | M] () -- C:\Users\Friendo\Desktop\img46fe6fe2cd8ff.jpg
[2012.02.02 21:24:22 | 000,276,155 | ---- | M] () -- C:\Users\Friendo\Desktop\Captain_Angelus_Caim_COMPLETED_by_JaWzY83.jpg
[2012.02.02 21:15:49 | 000,071,789 | ---- | M] () -- C:\Users\Friendo\Desktop\1222172634018.jpg
[2012.02.02 01:38:42 | 001,359,892 | ---- | M] () -- C:\Users\Friendo\Desktop\ikke.JPG
[2012.02.01 00:38:36 | 000,084,202 | ---- | M] () -- C:\Users\Friendo\Desktop\m2220128a_99810101024_40kAnniversary03_873x627.jpg
[2012.02.01 00:38:26 | 000,098,712 | ---- | M] () -- C:\Users\Friendo\Desktop\m2220355a_image-3xl.jpg
[2012.01.31 12:32:52 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.01.29 23:38:43 | 000,020,129 | ---- | M] () -- C:\Users\Friendo\Desktop\1327871103637.jpg
[2012.01.29 23:38:13 | 000,628,709 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875956754.png
[2012.01.29 23:38:06 | 000,335,399 | ---- | M] () -- C:\Users\Friendo\Desktop\1327876111101.jpg
[2012.01.29 23:37:44 | 000,070,561 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875524800.jpg
[2012.01.29 23:36:43 | 000,045,965 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875039046.jpg
[2012.01.29 23:36:14 | 000,239,381 | ---- | M] () -- C:\Users\Friendo\Desktop\1327874498937.jpg
[2012.01.29 23:36:07 | 000,409,036 | ---- | M] () -- C:\Users\Friendo\Desktop\1327874285589.png
[2012.01.29 23:35:18 | 000,335,852 | ---- | M] () -- C:\Users\Friendo\Desktop\1327876030844.jpg
[2012.01.29 23:35:10 | 000,079,255 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875580867.jpg
[2012.01.29 23:30:09 | 000,076,921 | ---- | M] () -- C:\Users\Friendo\Desktop\1327876083175.jpg
[2012.01.29 23:28:04 | 000,061,498 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875874695.jpg
[2012.01.29 22:35:22 | 000,087,307 | ---- | M] () -- C:\Users\Friendo\Desktop\430938_10150509002731139_126696876138_8875038_2041578877_n.jpg
[2012.01.28 14:18:16 | 002,207,094 | ---- | M] () -- C:\Users\Friendo\Desktop\OnlineCodex.jar
[2012.01.28 01:20:25 | 000,002,801 | ---- | M] () -- C:\Users\Friendo\Desktop\pcgraphpng.php.png
[2012.01.25 01:29:30 | 000,000,390 | ---- | M] () -- C:\Users\Friendo\Documents\ps3keys 1.2.km
[2012.01.22 21:16:54 | 000,000,390 | ---- | M] () -- C:\Users\Friendo\Documents\ps3keys 1.1.km
[2012.01.22 21:13:22 | 000,000,387 | ---- | M] () -- C:\Users\Friendo\Documents\ps3keys.km
[2012.01.22 16:59:50 | 002,311,266 | ---- | M] () -- C:\Users\Friendo\Desktop\EagleEdit30.rar
[2012.01.17 01:36:39 | 000,037,440 | ---- | M] () -- C:\Users\Friendo\Desktop\Unbenanntgfhj.jpg
[2012.01.15 23:07:17 | 001,363,579 | ---- | M] () -- C:\Users\Friendo\Desktop\21569516.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.02.12 22:42:11 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.12 20:40:03 | 2951,151,616 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.10 01:37:47 | 001,274,964 | ---- | C] () -- C:\Users\Friendo\Desktop\mcpatcher-2.3.2_01.exe
[2012.02.09 18:08:44 | 000,066,636 | ---- | C] () -- C:\Users\Friendo\Desktop\rage-comics-slurpee-time.png
[2012.02.07 01:04:48 | 000,191,506 | ---- | C] () -- C:\Users\Friendo\Desktop\gfhjfhj.jpg
[2012.02.05 14:42:50 | 047,622,782 | ---- | C] () -- C:\Users\Friendo\Desktop\Warhammer 40K - How To Paint Space Marines.pdf
[2012.02.04 03:41:05 | 000,172,210 | ---- | C] () -- C:\Users\Friendo\Desktop\Hanging_Gardens_of_Babylon.jpg
[2012.02.04 03:37:49 | 013,887,765 | ---- | C] () -- C:\Users\Friendo\Desktop\Chichen_Itza_3.jpg
[2012.02.04 03:35:06 | 000,875,936 | ---- | C] () -- C:\Users\Friendo\Desktop\Machu_Picchu_Peru1.jpg
[2012.02.04 00:37:19 | 000,087,083 | ---- | C] () -- C:\Users\Friendo\Desktop\1324335646651.jpg
[2012.02.02 21:47:34 | 001,399,046 | ---- | C] () -- C:\Users\Friendo\Desktop\Blood_Angel_Captain_by_cyphercodicer2.jpg
[2012.02.02 21:31:51 | 000,319,790 | ---- | C] () -- C:\Users\Friendo\Desktop\drive_me_closer_i_want_to_hit_them_with_my_sword.png
[2012.02.02 21:28:42 | 005,010,006 | ---- | C] () -- C:\Users\Friendo\Desktop\Warhammer-40000-Dark-Millennium-crash-4e95b6be05f6e.jpg
[2012.02.02 21:28:19 | 000,041,839 | ---- | C] () -- C:\Users\Friendo\Desktop\DSCN0701.JPG
[2012.02.02 21:28:17 | 000,042,231 | ---- | C] () -- C:\Users\Friendo\Desktop\DSCN0702.JPG
[2012.02.02 21:26:15 | 000,198,551 | ---- | C] () -- C:\Users\Friendo\Desktop\img46fe6fe2cd8ff.jpg
[2012.02.02 21:24:21 | 000,276,155 | ---- | C] () -- C:\Users\Friendo\Desktop\Captain_Angelus_Caim_COMPLETED_by_JaWzY83.jpg
[2012.02.02 21:15:47 | 000,071,789 | ---- | C] () -- C:\Users\Friendo\Desktop\1222172634018.jpg
[2012.02.02 01:32:57 | 001,359,892 | ---- | C] () -- C:\Users\Friendo\Desktop\ikke.JPG
[2012.02.01 00:38:35 | 000,084,202 | ---- | C] () -- C:\Users\Friendo\Desktop\m2220128a_99810101024_40kAnniversary03_873x627.jpg
[2012.02.01 00:38:25 | 000,098,712 | ---- | C] () -- C:\Users\Friendo\Desktop\m2220355a_image-3xl.jpg
[2012.01.31 12:32:52 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD
[2012.01.31 12:32:52 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.01.29 23:38:42 | 000,020,129 | ---- | C] () -- C:\Users\Friendo\Desktop\1327871103637.jpg
[2012.01.29 23:38:10 | 000,628,709 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875956754.png
[2012.01.29 23:38:04 | 000,335,399 | ---- | C] () -- C:\Users\Friendo\Desktop\1327876111101.jpg
[2012.01.29 23:37:43 | 000,070,561 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875524800.jpg
[2012.01.29 23:36:42 | 000,045,965 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875039046.jpg
[2012.01.29 23:36:13 | 000,239,381 | ---- | C] () -- C:\Users\Friendo\Desktop\1327874498937.jpg
[2012.01.29 23:36:05 | 000,409,036 | ---- | C] () -- C:\Users\Friendo\Desktop\1327874285589.png
[2012.01.29 23:35:16 | 000,335,852 | ---- | C] () -- C:\Users\Friendo\Desktop\1327876030844.jpg
[2012.01.29 23:35:10 | 000,079,255 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875580867.jpg
[2012.01.29 23:30:08 | 000,076,921 | ---- | C] () -- C:\Users\Friendo\Desktop\1327876083175.jpg
[2012.01.29 23:28:03 | 000,061,498 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875874695.jpg
[2012.01.29 22:35:21 | 000,087,307 | ---- | C] () -- C:\Users\Friendo\Desktop\430938_10150509002731139_126696876138_8875038_2041578877_n.jpg
[2012.01.28 01:20:25 | 000,002,801 | ---- | C] () -- C:\Users\Friendo\Desktop\pcgraphpng.php.png
[2012.01.22 21:17:17 | 000,000,390 | ---- | C] () -- C:\Users\Friendo\Documents\ps3keys 1.2.km
[2012.01.22 21:13:41 | 000,000,390 | ---- | C] () -- C:\Users\Friendo\Documents\ps3keys 1.1.km
[2012.01.22 20:55:06 | 000,000,387 | ---- | C] () -- C:\Users\Friendo\Documents\ps3keys.km
[2012.01.22 16:59:44 | 002,311,266 | ---- | C] () -- C:\Users\Friendo\Desktop\EagleEdit30.rar
[2012.01.17 01:36:39 | 000,037,440 | ---- | C] () -- C:\Users\Friendo\Desktop\Unbenanntgfhj.jpg
[2012.01.15 23:07:17 | 001,363,579 | ---- | C] () -- C:\Users\Friendo\Desktop\21569516.jpg
[2011.08.01 03:24:44 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.08.01 03:24:44 | 000,138,056 | ---- | C] () -- C:\Users\Friendo\AppData\Roaming\PnkBstrK.sys
[2011.08.01 03:24:28 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.08.01 03:24:22 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.06.30 20:28:18 | 000,000,680 | ---- | C] () -- C:\Users\Friendo\AppData\Local\d3d9caps.dat
[2011.06.10 00:58:28 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.11.23 20:42:38 | 000,146,191 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.11.23 20:42:28 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.05.27 12:57:38 | 000,153,600 | ---- | C] () -- C:\Users\Friendo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 11:08:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.13 18:48:35 | 000,000,398 | ---- | C] () -- C:\Windows\Wininit.ini
[2009.06.27 17:29:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.27 17:29:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.27 17:29:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.23 22:03:27 | 000,048,509 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.23 22:03:25 | 000,048,509 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.23 13:58:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.22 20:22:00 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2009.06.22 20:18:08 | 000,032,768 | ---- | C] () -- C:\Windows\TBPanelExt.dll
[2009.06.22 20:18:08 | 000,026,624 | ---- | C] () -- C:\Windows\TBZoom.exe
[2009.06.22 20:18:08 | 000,012,285 | ---- | C] () -- C:\Windows\Cadx3.ini
[2009.06.22 20:18:08 | 000,007,698 | ---- | C] () -- C:\Windows\cadx2.ini
[2009.06.22 20:18:08 | 000,005,120 | ---- | C] () -- C:\Windows\TBManage.dll
[2007.05.01 14:48:06 | 002,502,656 | ---- | C] () -- C:\Windows\System32\SaiCFF0C.Dll
[2007.05.01 14:48:06 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_0C.dll
[2007.05.01 14:48:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_10.dll
[2007.05.01 14:48:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_0A.dll
[2007.05.01 14:48:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_07.dll
[2007.05.01 14:48:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_09.dll
[2007.05.01 14:48:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_0402.dll
[2007.05.01 14:48:06 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_11.dll
[2006.11.02 16:33:31 | 000,673,506 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,145,460 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,231,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,634,060 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,119,690 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012.02.10 01:39:15 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\.minecraft
[2011.09.15 02:09:48 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\Autodesk
[2011.05.07 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.23 17:29:06 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\FOG Downloader
[2011.05.28 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\go
[2011.06.08 12:03:04 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\Ideazon
[2011.07.24 18:48:41 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\LolClient
[2011.07.26 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\TS3Client
[2012.02.14 00:57:28 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2010.05.27 12:56:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.15 18:14:47 | 000,000,000 | ---D | M] -- C:\36104bc24bd96014cfae69d0cc3aad
[2009.06.27 17:46:05 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.01.11 16:05:31 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.06.22 17:18:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.27 10:57:32 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.06.17 23:06:30 | 000,000,000 | ---D | M] -- C:\Fraps
[2009.06.23 21:39:50 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.06.27 16:40:18 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.31 12:32:52 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.09 22:32:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.06.22 17:18:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.14 17:50:00 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.06 21:26:39 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.23 23:47:38 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2009.06.22 18:41:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.06.22 18:41:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.06.22 18:41:14 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.06.22 19:09:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.06.22 19:09:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.06.22 18:41:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008.01.18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2008.01.18 22:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2008.01.18 22:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-14 16:30:29

< End of report >

ext:

OTL Extras logfile created on: 14.02.2012 17:48:43 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Friendo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,75 Gb Total Physical Memory | 1,96 Gb Available Physical Memory | 71,20% Memory free
5,71 Gb Paging File | 4,84 Gb Available in Paging File | 84,73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 3,11 Gb Free Space | 1,33% Space Free | Partition Type: NTFS

Computer Name: THEDUDE-PC | User Name: Friendo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{134E4C1A-7801-486D-94E7-B8885A78E7B9}" = lport=25565 | protocol=17 | dir=in | name=mc server udp |
"{22944386-4D91-44EF-AA6E-C1BBDAA5C88D}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{61C85961-433D-43CB-B66E-52DF8AE5217C}" = lport=25565 | protocol=17 | dir=in | name=mcpipp2 |
"{8D21F0AD-8CEB-4185-8EBA-386F04DDCEDA}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{90EB3750-727B-4FBB-AED0-89886CFDE0F9}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B531CE7C-962C-4393-97CF-849357A72B32}" = lport=25565 | protocol=6 | dir=in | name=mcpipp |
"{D2A2462E-57AD-4FF1-B064-B7CAA2E6BA4E}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{D445D9EA-2A3B-47AB-B40C-8F9622C1892D}" = lport=25565 | protocol=6 | dir=in | name=mc server tcp |
"{E8076776-58D4-4F1B-888D-9399E3109D0F}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06E538E2-B1B2-4EFC-91B2-68B72137E5E2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\antje1963\counter-strike\hl.exe |
"{087646B9-8B8E-4957-AEA2-67ED3EB94DE4}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{0DE73CF1-859F-44A7-A8EA-41CDA5F1EBAD}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{0F1B2F3C-20FB-4FD6-BE7D-815B0EC51AE3}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\warhammer 40,000 space marine demo\spacemarine.exe |
"{121ADDBB-83F0-4EF9-8923-8E05440ACAC1}" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{1450AE7E-29AF-407D-BF7D-0ED2CE700369}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-dede-downloader.exe |
"{197426E5-AD77-4819-974E-D2BF4C9B0459}" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{1F052707-28E4-4378-A34F-BB04A4FB50E6}" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe |
"{21A50876-CDF9-4F57-8825-332FAA5805EC}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-dede-downloader.exe |
"{2E802C15-9612-4D63-8DAF-44D46E1DBA44}" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe |
"{30B2D787-0BDD-4C90-99EE-C26DA43FCC59}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{3361E398-A665-4D65-B87C-E5203D7A1333}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-dede-downloader.exe |
"{35FDDCB1-DB1C-4D0A-9587-9F3CEE2073A5}" = protocol=6 | dir=in | app=c:\wowenus\world of warcraft\launcher.exe |
"{36B8C3B1-32A1-468F-A373-FDE3E42DBDAA}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{39D236C3-B6AB-4292-BBCD-4DE9CA634EFE}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe |
"{39E8A0B4-4200-4AC0-80AB-0FD4880C56BB}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10083-to-0.2.0.10116-dede-downloader.exe |
"{44C71A16-AF7A-4B78-943D-602103C0453B}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\warhammer 40,000 space marine demo\spacemarine.exe |
"{459FFE99-80EC-47DE-935E-5A8F6C09F5DB}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\antje1963\counter-strike\hl.exe |
"{46E74A0C-7611-48A3-8B36-9A1CAA6C9595}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{48770023-06A6-4AC7-B89E-5304E8805A31}" = protocol=17 | dir=in | app=c:\wowenus\world of warcraft\launcher.patch.exe |
"{4AC55C1B-6B16-4750-8D76-1E71EA0475D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D4D8FA8-7BB3-48BF-8B0C-817D180781E9}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{4EDB61BA-6E16-4D37-9D99-2AC61C9FB9DB}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10314-to-3.2.2.10482-dede-downloader.exe |
"{50C09653-F6B3-430A-9FA8-C084FAB51B33}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{50D174FD-D308-4A6E-BA89-C04F0FAB2737}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"{53E867BF-36CE-4EE7-BF65-1094B1BB14CC}" = protocol=17 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{57B33761-DCB3-4C8E-9495-FC487BB72B6B}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{59659A98-7A20-4A11-98ED-21A023C0FDE7}" = protocol=17 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{59EB4946-C2A6-4C6E-86C4-5BA5A92D48B3}" = protocol=6 | dir=in | app=c:\wowenus\world of warcraft\launcher.patch.exe |
"{64C70CD6-4462-477B-B348-E5E35E310A7E}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-dede-downloader.exe |
"{779D1639-C19C-4248-9028-9CB4BB94E8C3}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10048-to-0.2.0.10072-dede-downloader.exe |
"{7C277547-493E-4714-88B6-4FD824DC3BD1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{7D326BC0-89E9-4900-B33D-1D1FDD4D9E39}" = protocol=6 | dir=in | app=c:\program files\logmein hamachi\hamachi-2-ui.exe |
"{7F0F0FAB-29D7-4693-B3AE-4BC39D65C8BA}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{895E697C-1B20-40E3-9943-FD2E6C0616AD}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{8A4AB462-7EFA-4D92-879A-5F3C6790CC61}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10170-to-0.2.0.10179-dede-downloader.exe |
"{8A6F7206-D846-4725-B475-8BE53B3C6D75}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.0.10192-to-3.2.0.10314-dede-downloader.exe |
"{967D3542-02A2-4D14-8E92-7FBDEBAD8139}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{96CDF7D2-6BBD-4EEF-B18E-80E53937949F}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{9DE3D1F4-B9F0-4501-B45E-1F52670347E9}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"{9F207439-7FD6-4A54-B960-DE6FD7816D52}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{AB523D3A-8E38-4F01-8910-9589255C5446}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-dede-downloader.exe |
"{AB9EED17-BF96-4F36-BBD9-4A4BB80F866F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.2.2.10482-to-3.2.2.10505-dede-downloader.exe |
"{ABC7BF4D-7205-41D6-8C90-96A9A770B041}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10072-to-0.2.0.10083-dede-downloader.exe |
"{ACCD61EE-6580-47F0-9025-0CCEB86706C6}" = protocol=17 | dir=in | app=c:\program files\world of warcraft beta\launcher.exe |
"{AD7F0113-1559-46E4-A4C9-29394879C410}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-dede-downloader.exe |
"{BF16262A-00C1-4D87-BB6F-E92E3CC62B18}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{C1050494-6E84-489F-880B-4EFC7A03AE68}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C221096C-C39D-4923-84BB-137C58795B56}" = protocol=6 | dir=in | app=c:\world of warcraft\backgrounddownloader.exe |
"{C697A8C5-2D0C-411F-81CD-569914F74B5A}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10128-to-0.2.0.10147-dede-downloader.exe |
"{C72E84F7-45AC-4D01-8E72-AAF9521B0229}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.1.3.9947-to-3.2.0.10192-dede-downloader.exe |
"{DC8C8E64-ECCD-41B9-9664-715AEEC805CF}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{E710EB06-9F27-4E9A-9B6B-9598314AF0FE}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10147-to-0.2.0.10170-dede-downloader.exe |
"{F0E2EEEA-4EE0-4763-A360-6D82B2E7BA86}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-0.2.0.10116-to-0.2.0.10128-dede-downloader.exe |
"{F2BE18F6-8A16-456F-A7DD-419CF573A638}" = protocol=17 | dir=in | app=c:\wowenus\world of warcraft\launcher.exe |
"{F4BC904C-5B8A-4ED5-B60E-4A7529370946}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{F4C48A49-54AB-45DA-9B8C-8A01C2AF98EA}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{F8855FC6-5B79-46DD-B64F-7B643CAEC874}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{FE06CFD7-B822-43FE-B8F4-5083871D284B}" = protocol=6 | dir=in | app=c:\program files\world of warcraft beta\launcher.patch.exe |
"TCP Query User{0F30FA67-F426-4AD4-A2F3-1E6E714A65E4}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{10730B50-7EC9-4772-8B4C-4940E6C806F3}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{18CA48F3-DE5A-43E4-AAEF-FCE74D06AB3A}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"TCP Query User{1D4CBB85-027B-428B-90B4-220508D91CEA}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4DC8DA50-1C22-4C28-80B5-A04537BA4E73}C:\users\the dude\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\the dude\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"TCP Query User{4F1173AD-4341-4633-949D-537BBEB6F97F}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{593C18C7-FBDF-427E-9F09-0E977DD4AE2D}C:\program files\funcom\age of conan\conanpatcher.exe" = protocol=6 | dir=in | app=c:\program files\funcom\age of conan\conanpatcher.exe |
"TCP Query User{71AA5BA0-A9BE-4E90-BC62-752B82B2CF83}C:\wowenus\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\wowenus\world of warcraft\backgrounddownloader.exe |
"TCP Query User{7C2A2960-8F42-4205-BDB3-02642EBE2449}C:\users\friendo\downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe" = protocol=6 | dir=in | app=c:\users\friendo\downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe |
"TCP Query User{86248913-1113-4447-BCE9-33A98DB90A1C}C:\program files\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files\runes of magic\client.exe |
"TCP Query User{8EF838FA-7F8F-4103-A7E2-DF8D9F44C2F5}C:\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\world of warcraft\launcher.exe |
"TCP Query User{91520B57-0A03-4ADB-B25F-945E3B6C32A1}C:\wowenus\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\wowenus\world of warcraft\launcher.exe |
"TCP Query User{9E2AF849-A848-43AB-81C4-D62BAD80FCC8}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{A74EAAB9-7D17-4B39-B89F-BBB030441288}C:\world of warcraft\repair.exe" = protocol=6 | dir=in | app=c:\world of warcraft\repair.exe |
"TCP Query User{AFB29BBA-4A82-47D6-B956-DFEA87E8F5AC}C:\program files\world of warcraft\launcher.patch.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"TCP Query User{BF119C7C-CFE1-47B8-A78A-C679E0EB2057}C:\users\the dude\desktop\1.6\valve an nico\hl.exe" = protocol=6 | dir=in | app=c:\users\the dude\desktop\1.6\valve an nico\hl.exe |
"TCP Query User{C1708362-F0C5-43E4-A948-CD7C4157AD1B}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{C6C75358-D82D-44E7-9EB3-FA5364AA9670}C:\program files\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe |
"TCP Query User{CEFBBFB9-023B-4DC1-90B7-3955A644A573}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"TCP Query User{DB9B8CCE-B357-478B-A8DE-AD6E4E58D596}C:\program files\funcom\age of conan\ageofconan.exe" = protocol=6 | dir=in | app=c:\program files\funcom\age of conan\ageofconan.exe |
"TCP Query User{EF6413A9-50AA-47D7-952D-C864DD67E7E6}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{0E6B5D37-BB0A-4A96-A4A0-6C3A9D9B3638}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{10E9FE8C-E6F8-4086-A0AF-881C19BE1211}C:\program files\world of warcraft\launcher.patch.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe |
"UDP Query User{174C9280-F7C9-462E-91EA-FB99A8031A95}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2A8CFEDB-DBEE-4F36-8533-A86B1DF75139}C:\wowenus\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\wowenus\world of warcraft\launcher.exe |
"UDP Query User{2B9BA505-C233-4280-9384-D7D8731D35E1}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{4B0DB84A-0FB4-43A0-9459-F46CC9A9CB11}C:\users\the dude\desktop\1.6\valve an nico\hl.exe" = protocol=17 | dir=in | app=c:\users\the dude\desktop\1.6\valve an nico\hl.exe |
"UDP Query User{619B3CB5-7859-4CC9-BBDA-D25978C7A9EC}C:\program files\funcom\age of conan\conanpatcher.exe" = protocol=17 | dir=in | app=c:\program files\funcom\age of conan\conanpatcher.exe |
"UDP Query User{646E37FE-23BF-4843-A2EE-8D8D5DA2A003}C:\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\world of warcraft\launcher.exe |
"UDP Query User{6713BBE9-A58E-4D47-9C44-2F7807464E28}C:\users\public\games\world of warcraft public test\launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft public test\launcher.exe |
"UDP Query User{6D093008-65B2-4CA4-9674-02549D4A6AF6}C:\users\friendo\downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe" = protocol=17 | dir=in | app=c:\users\friendo\downloads\yuleech-runes_of_magic_4_0_0_2360_slim_eu.exe |
"UDP Query User{7210451E-F2D8-4392-8E03-05A943AAB19D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{76A66DF4-037E-47FB-8F5B-725717BD300E}C:\wowenus\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\wowenus\world of warcraft\backgrounddownloader.exe |
"UDP Query User{799E0E08-BC24-467D-A838-B86D883C693F}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{90CEA486-C8B6-4DF9-975E-2DCB2BF7ADAA}C:\users\the dude\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\the dude\downloads\wow-3.0.1.8874-ptr-eu-installer-downloader.exe |
"UDP Query User{9805BF89-7DF3-4F63-9995-2DE2FAA06EE1}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{B8DF0FB1-46F8-424D-AFE3-06EA807EAF01}C:\world of warcraft\repair.exe" = protocol=17 | dir=in | app=c:\world of warcraft\repair.exe |
"UDP Query User{D06CEFA9-712E-48AC-97EA-3AC61605534F}C:\program files\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files\runes of magic\client.exe |
"UDP Query User{D0F99B71-E716-4226-A172-61F1C64759B0}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D1A9DCE0-C708-4504-9628-31350C258BF4}C:\program files\funcom\age of conan\ageofconan.exe" = protocol=17 | dir=in | app=c:\program files\funcom\age of conan\ageofconan.exe |
"UDP Query User{F3DA153F-096F-4294-B2CF-C6FBF7DE4C5C}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe |
"UDP Query User{F3F17457-7F63-43DD-98C9-F451A0D9B437}C:\program files\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{0DD140D3-9563-481E-AA75-BA457CBDAEF2}" = PC Inspector File Recovery
"{15F02176-0D12-4FAF-B2CD-2767C7781427}" = Google SketchUp 8
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{2AE2EFF4-A14B-42AB-B364-F04DB651180F}" = Z Engine
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{405ABBEB-8DF1-4174-86C0-DCB5E1C78F14}" = NetDeviceManager
"{44F5A980-8A6B-4aca-8D85-EFCE5D67D379}" = AIO_CDA_ProductContext
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E48FF52-082C-4CC2-BB67-6E10D09C0431}" = Windows Live UX Platform Language Pack
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A49BDCBE-590E-43A6-AB77-7C40E499B7C1}" = Autodesk Design Review 2012
"{A5436728-2DFD-4221-B4D7-F49F740134C9}" = c5100_Help
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.4 - Deutsch
"{ADC7FA12-E165-428a-AF13-4CE686E030AA}" = C5100
"{AF1C9345-B53D-4110-BFBF-A0DD83AEAB83}" = AIO_CDA_Software
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}" = Oblivion
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Autodesk Design Review 2012" = Autodesk Design Review 2012
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Fraps" = Fraps
"Gainward" = EXPERTool
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox (3.6.26)" = Mozilla Firefox (3.6.26)
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 31.01.2012 07:32:43 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 02.02.2012 12:17:45 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 03.02.2012 17:31:26 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 06.02.2012 11:56:48 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 07.02.2012 18:21:39 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 08.02.2012 12:00:05 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 10.02.2012 10:46:16 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 11.02.2012 13:36:54 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 14.02.2012 12:28:47 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

Error - 14.02.2012 12:49:56 | Computer Name = TheDude-PC | Source = VSS | ID = 8193
Description =

[ System Events ]
Error - 12.02.2012 19:46:53 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 13.02.2012 10:50:18 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 13.02.2012 10:50:18 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 13.02.2012 10:50:47 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 13.02.2012 17:16:27 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 13.02.2012 17:16:27 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 13.02.2012 17:17:00 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 14.02.2012 12:25:00 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7023
Description =

Error - 14.02.2012 12:25:00 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 14.02.2012 12:25:27 | Computer Name = TheDude-PC | Source = Service Control Manager | ID = 7023
Description =

< End of report >

14.02.2012, 21:30

Swisstreasure

Moderator

Beiträge: 5694

#6 Noch Probleme?

14.02.2012, 23:56

Gonzi

Member

Themenstarter

Beiträge: 32

#7 jou is kurz nach der nachricht von mir wieder aufgetaucht ;(
nachm hochfahren war dann auch wieder direkt ein Firefox.exe prozess im taskmanager

habe noch paar fragen:
überträgt sich dieser trojaner über usb sticks usw ?

sammelt der trojaner passwörter oder ähnliches ? oder versucht der nur diese geldüberweisen masche ?

habe grade noch das vid hier gefunden von sempervideo -

YouTube Video (Link)

Poste Videos durch einfaches einfügen von Youtube / Vimeo Links in den Beiträgen!

das scheint das zu sein oder ? sollte ich das mal probieren ?

vielen dank schonmal

15.02.2012, 11:52

Swisstreasure

Moderator

Beiträge: 5694

#8 Dann erstelle erneut ein OTL Texfile wie hier beschrieben:
http://board.protecus.de/t42021.htm#355433

Zitat

überträgt sich dieser trojaner über usb sticks usw ?

Nein das macht er nicht.

Zitat

sammelt der trojaner passwörter oder ähnliches ?

Auch nicht. So viel ich weiss ist dieser nur darauf aus, dass die Leute zahlen.

16.02.2012, 17:07

Gonzi

Member

Themenstarter

Beiträge: 32

#9 hm kann das aus dem video leider doch nicht machen - anscheinend geht das mit vista nich ;(
was kann man noch dagegen tun ?
soll ich das otl nochmal machen mit dem text reinkopieren ?

Dieser Beitrag wurde am 16.02.2012 um 17:40 Uhr von Gonzi editiert.

16.02.2012, 20:37

Swisstreasure

Moderator

Beiträge: 5694

#10

Zitat

hm kann das aus dem video leider doch nicht machen - anscheinend geht das mit vista nich ;(
was kann man noch dagegen tun ?
soll ich das otl nochmal machen mit dem text reinkopieren ?

Habe ich gesagt Du sollst das im Video machen??

Ich habe doch was anderes gepostet?

16.02.2012, 21:26

Gonzi

Member

Themenstarter

Beiträge: 32

#11

sry hatte das falsch verstanden
hatte vohin nochmal avira durchlaufen lassen der hatte wieder 3 sachen gefunden und verschoben und jetzt is der pc grad ohne bka nachricht gestartet
-otl jetzt nochmal machen ?

17.02.2012, 15:58

Swisstreasure

Moderator

Beiträge: 5694

#12 Ja genau mach den Scan nochmals.

18.02.2012, 19:17

Gonzi

Member

Themenstarter

Beiträge: 32

#13 jetzt hat er nur eine text datei erstellt:

OTL logfile created on: 18.02.2012 18:31:55 - Run 2
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Friendo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,75 Gb Total Physical Memory | 2,02 Gb Available Physical Memory | 73,39% Memory free
5,71 Gb Paging File | 4,85 Gb Available in Paging File | 85,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 3,11 Gb Free Space | 1,34% Space Free | Partition Type: NTFS

Computer Name: THEDUDE-PC | User Name: Friendo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.02.14 17:47:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Friendo\Desktop\OTL.exe
PRC - [2011.06.29 09:22:30 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.28 19:00:55 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.22 09:52:12 | 000,182,784 | ---- | M] (Ideazon, Inc.) -- C:\Programme\Ideazon\ZEngine\Zboard.exe
PRC - [2010.11.03 10:21:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.16 12:42:38 | 000,792,680 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.01.14 20:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.18 22:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.02.17 16:16:56 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.17 16:16:40 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll
MOD - [2012.02.17 16:16:31 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll
MOD - [2012.02.17 16:16:22 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012.02.17 16:15:34 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.10.16 19:20:37 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll
MOD - [2011.10.16 16:38:50 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.06.08 12:03:02 | 000,112,318 | ---- | M] () -- C:\Users\Friendo\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
MOD - [2011.02.16 12:38:44 | 000,015,872 | ---- | M] () -- C:\Programme\Ideazon\ZEngine\AxWBOCXLib.dll
MOD - [2009.08.16 16:06:02 | 000,141,312 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.04.10 22:28:22 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.04.10 18:04:16 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.29 20:42:20 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.29 20:42:20 | 000,258,048 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MOD - [2009.03.29 20:42:18 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.29 20:42:18 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2009.03.29 20:42:14 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2009.03.29 20:42:12 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - File not found [Auto | Stopped] -- -- (HPSLPSVC)
SRV - File not found [Auto | Stopped] -- -- (hpqddsvc)
SRV - File not found [On_Demand | Stopped] -- -- (hpqcxs08)
SRV - [2012.01.06 05:10:25 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.29 09:22:30 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.10 00:58:04 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.04.28 19:00:55 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2008.01.18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - [2011.10.18 18:02:25 | 000,025,280 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2011.06.29 09:22:31 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.29 09:22:30 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.22 07:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.08.10 07:45:08 | 000,043,656 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2010.08.10 07:45:08 | 000,020,744 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009.05.11 08:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.12 16:02:18 | 000,146,464 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2007.11.18 02:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.07.23 08:56:58 | 000,042,624 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Alpham1.sys -- (Alpham1)
DRV - [2007.05.01 14:48:06 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiHFF0C.sys -- (SaiHFF0C)
DRV - [2007.05.01 14:48:06 | 000,028,416 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiUFF0C.sys -- (SaiUFF0C)
DRV - [2007.03.20 10:49:52 | 000,018,432 | ---- | M] (Ideazon Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Alpham2.sys -- (Alpham2)
DRV - [2007.03.16 03:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2006.09.21 08:39:16 | 000,105,344 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2006.08.07 09:39:24 | 000,018,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvnetbus.sys -- (nvnetbus)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {FBF6D7FB-F305-4445-BB3D-FEF66579A033}:5.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.01 12:23:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.26\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.01 12:23:46 | 000,000,000 | ---D | M]

[2010.05.27 13:01:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friendo\AppData\Roaming\mozilla\Extensions
[2012.02.18 18:28:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Friendo\AppData\Roaming\mozilla\Firefox\Profiles\gd9ocqel.default\extensions
[2011.05.07 15:38:04 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Friendo\AppData\Roaming\mozilla\Firefox\Profiles\gd9ocqel.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.08.15 01:41:49 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Users\Friendo\AppData\Roaming\mozilla\Firefox\Profiles\gd9ocqel.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2012.02.14 23:52:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.09.10 04:44:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2012.02.14 23:36:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.14 23:36:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.14 23:36:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.04.01 17:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 17:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 17:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 17:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 17:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Gainward] C:\Windows\TBPanel.exe (Gainward Co.)
O4 - HKLM..\Run: [SkyTel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Zboard] C:\Programme\Ideazon\ZEngine\Zboard.exe (Ideazon, Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Friendo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C1A1DF79-41B6-4C98-B3FA-1317CFC9EE09}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E65329E7-1429-4C75-BB64-468A44D0B558}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Friendo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Friendo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{42e20b82-7203-11de-913b-00044b0277d3}\Shell - "" = AutoRun
O33 - MountPoints2\{42e20b82-7203-11de-913b-00044b0277d3}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {242F03F3-16AD-1363-C0B2-1B0D02C057BD} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45BC47D7-A53B-45C6-60A2-B75477566CD0} - Internet Explorer
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6ECAD5B6-588F-C7F4-0260-2B9685F17A39} - Java (Sun)
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B69C891F-7A10-56C2-5702-52774812F974} - Microsoft Windows Media Player 11.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E4587C49-6630-1F4C-D283-1782E77200B4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - - File not found
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: ehTray.exe - hkey= - key= - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
MsConfig - StartUpReg: ffdwnd - hkey= - key= - File not found
MsConfig - StartUpReg: HP Software Update - hkey= - key= - File not found
MsConfig - StartUpReg: Launch LCore - hkey= - key= - File not found
MsConfig - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 2

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.02.17 00:49:39 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Neuer Ordner (4)
[2012.02.17 00:32:55 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Neuer Ordner (3)
[2012.02.14 23:38:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.02.14 23:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.02.14 17:47:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Friendo\Desktop\OTL.exe
[2012.02.12 22:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.12 22:42:10 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.02.12 22:40:10 | 009,502,424 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Friendo\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.09 22:32:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows
[2012.02.04 16:11:39 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\neu
[2012.02.04 02:52:11 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Versch
[2012.02.04 00:25:39 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Lustige Sachen
[2012.02.02 21:09:29 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Neuer Ordner (2)
[2012.01.31 12:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Inspector File Recovery
[2012.01.31 12:32:52 | 000,000,000 | ---D | C] -- C:\Program Files\PC Inspector File Recovery
[2012.01.31 12:18:20 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\gutzy klassenreise
[2012.01.31 12:15:58 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Thohomo Klassenreise
[2012.01.31 12:15:44 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Tag 4 Abreise
[2012.01.31 12:14:43 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Tag 3
[2012.01.31 12:13:41 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Tag 2
[2012.01.31 12:12:22 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Tag 1 Anreise
[2012.01.24 18:11:13 | 000,000,000 | ---D | C] -- C:\Users\Friendo\Desktop\Neuer Ordner
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.02.18 18:24:20 | 000,673,506 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.02.18 18:24:20 | 000,634,060 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.02.18 18:24:20 | 000,145,460 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.02.18 18:24:20 | 000,119,690 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.18 18:18:05 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.18 18:18:05 | 000,004,048 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.18 18:18:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.18 18:17:25 | 2951,254,016 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.17 16:14:32 | 000,231,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.14 23:44:54 | 001,662,532 | ---- | M] () -- C:\Users\Friendo\Desktop\Sonic Ether's Unbelievable Shaders v1.1.04 (Windows).zip
[2012.02.14 17:47:45 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Friendo\Desktop\OTL.exe
[2012.02.12 22:42:11 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.12 22:40:24 | 009,502,424 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Friendo\Desktop\mbam-setup-1.60.1.1000.exe
[2012.02.10 17:29:39 | 000,000,558 | ---- | M] () -- C:\Windows\DFC.INI
[2012.02.09 18:08:44 | 000,066,636 | ---- | M] () -- C:\Users\Friendo\Desktop\rage-comics-slurpee-time.png
[2012.02.07 01:04:49 | 000,191,506 | ---- | M] () -- C:\Users\Friendo\Desktop\gfhjfhj.jpg
[2012.02.06 15:48:50 | 000,153,600 | ---- | M] () -- C:\Users\Friendo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.05 14:46:57 | 047,622,782 | ---- | M] () -- C:\Users\Friendo\Desktop\Warhammer 40K - How To Paint Space Marines.pdf
[2012.02.04 03:41:05 | 000,172,210 | ---- | M] () -- C:\Users\Friendo\Desktop\Hanging_Gardens_of_Babylon.jpg
[2012.02.04 03:37:49 | 013,887,765 | ---- | M] () -- C:\Users\Friendo\Desktop\Chichen_Itza_3.jpg
[2012.02.04 03:35:06 | 000,875,936 | ---- | M] () -- C:\Users\Friendo\Desktop\Machu_Picchu_Peru1.jpg
[2012.02.02 21:31:51 | 000,319,790 | ---- | M] () -- C:\Users\Friendo\Desktop\drive_me_closer_i_want_to_hit_them_with_my_sword.png
[2012.02.02 21:28:42 | 005,010,006 | ---- | M] () -- C:\Users\Friendo\Desktop\Warhammer-40000-Dark-Millennium-crash-4e95b6be05f6e.jpg
[2012.02.02 21:26:16 | 000,198,551 | ---- | M] () -- C:\Users\Friendo\Desktop\img46fe6fe2cd8ff.jpg
[2012.02.02 01:38:42 | 001,359,892 | ---- | M] () -- C:\Users\Friendo\Desktop\ikke.JPG
[2012.01.31 12:32:52 | 000,001,643 | ---- | M] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.01.29 23:38:43 | 000,020,129 | ---- | M] () -- C:\Users\Friendo\Desktop\1327871103637.jpg
[2012.01.29 23:38:13 | 000,628,709 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875956754.png
[2012.01.29 23:38:06 | 000,335,399 | ---- | M] () -- C:\Users\Friendo\Desktop\1327876111101.jpg
[2012.01.29 23:37:44 | 000,070,561 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875524800.jpg
[2012.01.29 23:36:43 | 000,045,965 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875039046.jpg
[2012.01.29 23:36:14 | 000,239,381 | ---- | M] () -- C:\Users\Friendo\Desktop\1327874498937.jpg
[2012.01.29 23:36:07 | 000,409,036 | ---- | M] () -- C:\Users\Friendo\Desktop\1327874285589.png
[2012.01.29 23:35:18 | 000,335,852 | ---- | M] () -- C:\Users\Friendo\Desktop\1327876030844.jpg
[2012.01.29 23:35:10 | 000,079,255 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875580867.jpg
[2012.01.29 23:30:09 | 000,076,921 | ---- | M] () -- C:\Users\Friendo\Desktop\1327876083175.jpg
[2012.01.29 23:28:04 | 000,061,498 | ---- | M] () -- C:\Users\Friendo\Desktop\1327875874695.jpg
[2012.01.29 22:35:22 | 000,087,307 | ---- | M] () -- C:\Users\Friendo\Desktop\430938_10150509002731139_126696876138_8875038_2041578877_n.jpg
[2012.01.28 14:18:16 | 002,207,094 | ---- | M] () -- C:\Users\Friendo\Desktop\OnlineCodex.jar
[2012.01.28 01:20:25 | 000,002,801 | ---- | M] () -- C:\Users\Friendo\Desktop\pcgraphpng.php.png
[2012.01.25 01:29:30 | 000,000,390 | ---- | M] () -- C:\Users\Friendo\Documents\ps3keys 1.2.km
[2012.01.22 21:16:54 | 000,000,390 | ---- | M] () -- C:\Users\Friendo\Documents\ps3keys 1.1.km
[2012.01.22 21:13:22 | 000,000,387 | ---- | M] () -- C:\Users\Friendo\Documents\ps3keys.km
[2012.01.22 16:59:50 | 002,311,266 | ---- | M] () -- C:\Users\Friendo\Desktop\EagleEdit30.rar
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.02.14 23:44:50 | 001,662,532 | ---- | C] () -- C:\Users\Friendo\Desktop\Sonic Ether's Unbelievable Shaders v1.1.04 (Windows).zip
[2012.02.12 22:42:11 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.12 20:40:03 | 2951,254,016 | -HS- | C] () -- C:\hiberfil.sys
[2012.02.09 18:08:44 | 000,066,636 | ---- | C] () -- C:\Users\Friendo\Desktop\rage-comics-slurpee-time.png
[2012.02.07 01:04:48 | 000,191,506 | ---- | C] () -- C:\Users\Friendo\Desktop\gfhjfhj.jpg
[2012.02.05 14:42:50 | 047,622,782 | ---- | C] () -- C:\Users\Friendo\Desktop\Warhammer 40K - How To Paint Space Marines.pdf
[2012.02.04 03:41:05 | 000,172,210 | ---- | C] () -- C:\Users\Friendo\Desktop\Hanging_Gardens_of_Babylon.jpg
[2012.02.04 03:37:49 | 013,887,765 | ---- | C] () -- C:\Users\Friendo\Desktop\Chichen_Itza_3.jpg
[2012.02.04 03:35:06 | 000,875,936 | ---- | C] () -- C:\Users\Friendo\Desktop\Machu_Picchu_Peru1.jpg
[2012.02.04 00:37:19 | 000,087,083 | ---- | C] () -- C:\Users\Friendo\Desktop\1324335646651.jpg
[2012.02.02 21:31:51 | 000,319,790 | ---- | C] () -- C:\Users\Friendo\Desktop\drive_me_closer_i_want_to_hit_them_with_my_sword.png
[2012.02.02 21:28:42 | 005,010,006 | ---- | C] () -- C:\Users\Friendo\Desktop\Warhammer-40000-Dark-Millennium-crash-4e95b6be05f6e.jpg
[2012.02.02 21:26:15 | 000,198,551 | ---- | C] () -- C:\Users\Friendo\Desktop\img46fe6fe2cd8ff.jpg
[2012.02.02 01:32:57 | 001,359,892 | ---- | C] () -- C:\Users\Friendo\Desktop\ikke.JPG
[2012.01.31 12:32:52 | 000,006,200 | ---- | C] () -- C:\Windows\System32\INT13EXT.VXD
[2012.01.31 12:32:52 | 000,001,643 | ---- | C] () -- C:\Users\Public\Desktop\PC Inspector File Recovery.lnk
[2012.01.29 23:38:42 | 000,020,129 | ---- | C] () -- C:\Users\Friendo\Desktop\1327871103637.jpg
[2012.01.29 23:38:10 | 000,628,709 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875956754.png
[2012.01.29 23:38:04 | 000,335,399 | ---- | C] () -- C:\Users\Friendo\Desktop\1327876111101.jpg
[2012.01.29 23:37:43 | 000,070,561 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875524800.jpg
[2012.01.29 23:36:42 | 000,045,965 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875039046.jpg
[2012.01.29 23:36:13 | 000,239,381 | ---- | C] () -- C:\Users\Friendo\Desktop\1327874498937.jpg
[2012.01.29 23:36:05 | 000,409,036 | ---- | C] () -- C:\Users\Friendo\Desktop\1327874285589.png
[2012.01.29 23:35:16 | 000,335,852 | ---- | C] () -- C:\Users\Friendo\Desktop\1327876030844.jpg
[2012.01.29 23:35:10 | 000,079,255 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875580867.jpg
[2012.01.29 23:30:08 | 000,076,921 | ---- | C] () -- C:\Users\Friendo\Desktop\1327876083175.jpg
[2012.01.29 23:28:03 | 000,061,498 | ---- | C] () -- C:\Users\Friendo\Desktop\1327875874695.jpg
[2012.01.29 22:35:21 | 000,087,307 | ---- | C] () -- C:\Users\Friendo\Desktop\430938_10150509002731139_126696876138_8875038_2041578877_n.jpg
[2012.01.28 01:20:25 | 000,002,801 | ---- | C] () -- C:\Users\Friendo\Desktop\pcgraphpng.php.png
[2012.01.22 21:17:17 | 000,000,390 | ---- | C] () -- C:\Users\Friendo\Documents\ps3keys 1.2.km
[2012.01.22 21:13:41 | 000,000,390 | ---- | C] () -- C:\Users\Friendo\Documents\ps3keys 1.1.km
[2012.01.22 20:55:06 | 000,000,387 | ---- | C] () -- C:\Users\Friendo\Documents\ps3keys.km
[2012.01.22 16:59:44 | 002,311,266 | ---- | C] () -- C:\Users\Friendo\Desktop\EagleEdit30.rar
[2011.08.01 03:24:44 | 000,139,080 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.08.01 03:24:44 | 000,138,056 | ---- | C] () -- C:\Users\Friendo\AppData\Roaming\PnkBstrK.sys
[2011.08.01 03:24:28 | 000,270,240 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.08.01 03:24:22 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.06.30 20:28:18 | 000,000,680 | ---- | C] () -- C:\Users\Friendo\AppData\Local\d3d9caps.dat
[2011.06.10 00:58:28 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2010.11.23 20:42:38 | 000,146,191 | ---- | C] () -- C:\Windows\hpoins18.dat
[2010.11.23 20:42:28 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2010.05.27 12:57:38 | 000,153,600 | ---- | C] () -- C:\Users\Friendo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.27 11:08:26 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.13 18:48:35 | 000,000,398 | ---- | C] () -- C:\Windows\Wininit.ini
[2009.06.27 17:29:57 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.06.27 17:29:27 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.06.27 17:29:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.06.23 22:03:27 | 000,048,509 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.06.23 22:03:25 | 000,048,509 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.06.23 13:58:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.22 20:22:00 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2009.06.22 20:18:08 | 000,032,768 | ---- | C] () -- C:\Windows\TBPanelExt.dll
[2009.06.22 20:18:08 | 000,026,624 | ---- | C] () -- C:\Windows\TBZoom.exe
[2009.06.22 20:18:08 | 000,012,285 | ---- | C] () -- C:\Windows\Cadx3.ini
[2009.06.22 20:18:08 | 000,007,698 | ---- | C] () -- C:\Windows\cadx2.ini
[2009.06.22 20:18:08 | 000,005,120 | ---- | C] () -- C:\Windows\TBManage.dll
[2007.05.01 14:48:06 | 002,502,656 | ---- | C] () -- C:\Windows\System32\SaiCFF0C.Dll
[2007.05.01 14:48:06 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_0C.dll
[2007.05.01 14:48:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_10.dll
[2007.05.01 14:48:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_0A.dll
[2007.05.01 14:48:06 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_07.dll
[2007.05.01 14:48:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_09.dll
[2007.05.01 14:48:06 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_0402.dll
[2007.05.01 14:48:06 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiCFF0C_11.dll
[2006.11.02 16:33:31 | 000,673,506 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 16:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 16:33:31 | 000,145,460 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 16:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:37 | 000,231,016 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:33:01 | 000,634,060 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,119,690 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[color=#E56717]========== LOP Check ==========[/color]

[2012.02.14 23:48:48 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\.minecraft
[2011.09.15 02:09:48 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\Autodesk
[2011.05.07 15:38:03 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.23 17:29:06 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\FOG Downloader
[2011.05.28 23:20:46 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\go
[2011.06.08 12:03:04 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\Ideazon
[2011.07.24 18:48:41 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\LolClient
[2011.07.26 20:03:30 | 000,000,000 | ---D | M] -- C:\Users\Friendo\AppData\Roaming\TS3Client
[2012.02.17 16:31:51 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2010.05.27 12:56:12 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.09.15 18:14:47 | 000,000,000 | ---D | M] -- C:\36104bc24bd96014cfae69d0cc3aad
[2009.06.27 17:46:05 | 000,000,000 | -HSD | M] -- C:\Boot
[2012.02.17 02:56:01 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.06.22 17:18:26 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.27 10:57:32 | 000,000,000 | -HSD | M] -- C:\found.000
[2011.06.17 23:06:30 | 000,000,000 | ---D | M] -- C:\Fraps
[2009.06.23 21:39:50 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.06.27 16:40:18 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.02.14 23:36:18 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.02.09 22:32:12 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.06.22 17:18:26 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.02.18 18:33:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.06.06 21:26:39 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.23 23:47:38 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2009.06.22 18:41:15 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2009.06.22 18:41:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.06.22 18:41:14 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.06.22 19:09:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2009.06.22 19:09:24 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.10 22:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.06.22 18:41:14 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
[2008.01.18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2008.01.18 22:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.19 08:33:24 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2008.01.18 22:33:26 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_f42eb564dbd8a697\regedit.exe
[2006.11.02 10:45:35 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=F13123E76FDA33E55F11E0EB832E832A -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6000.16386_none_f1f7f368deed95c3\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.18 22:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 22:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\SoftwareDistribution\Download\c91af43e301542f65a88d59517636d32\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.01.18 22:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-17 15:25:49

< End of report >

18.02.2012, 21:02

Swisstreasure

Moderator

Beiträge: 5694

#14 Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

11.03.2012, 20:11

Gonzi

Member

Themenstarter

Beiträge: 32

#15 sry das ich mich jetzt erst wieder melde

ComboFix 12-03-11.01 - Friendo 11.03.2012 19:54:41.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2814.1659 [GMT 1:00]
ausgeführt von:: c:\users\Friendo\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Windows
c:\programdata\windows\dsdd.dat
c:\programdata\windows\nudr.dat
c:\users\Friendo\AppData\Local\Temp\acc98a83-4789-42d6-8c8f-ba0c09eb1879\CliSecureRT.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-11 bis 2012-03-11 ))))))))))))))))))))))))))))))
.
.
2012-03-11 19:01 . 2012-03-11 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-09 15:20 . 2012-02-08 06:03 6552120 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0DC76542-0E12-4F62-A013-4794C1ACD35B}\mpengine.dll
2012-02-14 22:42 . 2012-02-14 22:42 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-02-14 22:38 . 2012-02-14 22:38 -------- d-----w- c:\program files\Common Files\Java
2012-02-14 22:36 . 2012-02-14 22:36 -------- d-----w- c:\program files\Java
2012-02-12 21:42 . 2011-12-10 14:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 08:18 . 2009-10-02 23:49 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-14 22:36 . 2010-09-10 03:44 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\windows\TBPanel.exe" [2007-11-27 2189864]
"SkyTel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-16 1833504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-06-16 7547424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-03 281768]
"Zboard"="c:\program files\Ideazon\ZEngine\Zboard.exe" [2011-02-22 182784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-18 21:33 125952 ----a-w- c:\windows\ehome\ehtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 00:54 4240760 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-09-02 13:15 13351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-08-07 18:47 1242448 ----a-w- c:\program files\Steam\steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 13:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-18 21:33 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Free YouTube to MP3 Converter - c:\users\Friendo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Friendo\AppData\Roaming\Mozilla\Firefox\Profiles\gd9ocqel.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF - Ext: Multirow Bookmarks Toolbar: {FBF6D7FB-F305-4445-BB3D-FEF66579A033} - %profile%\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
.
.
------- Dateityp-Verknüpfung -------
.
.scr=AutoCADScriptFile
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
MSConfigStartUp-ffdwnd - c:\users\Friendo\AppData\Local\Mozilla\Firefox\firefox.exe
MSConfigStartUp-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
MSConfigStartUp-Launch LCore - c:\program files\Logitech Gaming Software\LCore.exe
MSConfigStartUp-LogMeIn Hamachi Ui - c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\conime.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-11 20:09:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-11 19:07
.
Vor Suchlauf: 2.352.574.464 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 11.818.631.168 Bytes frei
.
- - End Of File - - FCE61B43626ADFA797543FDCCBB03B7F

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2