Avira findet TR/PSW/Zbot740 |
||
---|---|---|
#0
| ||
17.06.2012, 13:25
Moderator
Beiträge: 5694 |
||
|
||
17.06.2012, 16:39
Member
Themenstarter Beiträge: 119 |
#32
Hallo Swiss,
es ist zum aus der Haut fahren. Ich bekomme wieder den Text... "keine zulässige WIN32 Anwendung. LG fratzi |
|
|
||
17.06.2012, 22:59
Moderator
Beiträge: 5694 |
#33
Windows 7 DVD in das Laufwerk legen, den Computer neu Starten und von der DVD booten lassen.
Nach der Maske für die Ländereinstellung auf Reparaturoptionen klicken. Danach den Punkt “Start Optionen wiederherstellen klicken und nun Eingabeaufforderung auswählen. Im neu erscheinen Fenster der DOS-Konsole den Befehl bootrec/fixmbr bzw. fixmbr eingeben. Als Ergebnis wird der MBR neu erstellt, worauf es eine Bestätigung als Meldungen geben sollte. Wenn das erfolgreich war,mit Exit die DOS-Konsole verlassen. Danach ein Neustart des Computers und Windows 7 sollte wie gewohnt gebootet und gestartet werden. |
|
|
||
18.06.2012, 09:17
Member
Themenstarter Beiträge: 119 |
#34
Guten Morgen Swiss,
ich hatte ja schon einmal gepostet, dass ich für den Packard Bell Computer keine Recovery CD mehr habe. Die sind nach dem Umzug verschwunden. Einzig die Treiber und Apps CD ist vorhanden. Wenn ich die MBR neu schreiben muss kann ich da eine normale Win7 CD nehmen? (gibt es als download bei chip u.ä.)Auf dem PC ist ja eine Reparaturkonsole. Damit kann ich den Auslieferungszustand wiederherstellen. Wird damit auch der MBR überschrieben? Werden nicht durch die Erstellung der MBR auch die versteckten Partitionen überschrieben wie Office klick und los und das Office Starter Paket? LG fratzi |
|
|
||
18.06.2012, 23:34
Moderator
Beiträge: 5694 |
#35
Hast Du OTL auch schon auf einem sauberen Rechner geladen und mittels Stick uaf den infizierten PC kopiert?
|
|
|
||
19.06.2012, 20:15
Member
Themenstarter Beiträge: 119 |
#36
Hallo Swiiss,
es ist geschafft... hier die otl- texte OTL logfile created on: 19.06.2012 19:56:57 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = J:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 68,00% Memory free 7,86 Gb Paging File | 6,43 Gb Available in Paging File | 81,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,95 Gb Total Space | 399,27 Gb Free Space | 87,38% Space Free | Partition Type: NTFS Drive D: | 457,46 Gb Total Space | 457,31 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive J: | 14,92 Gb Total Space | 14,86 Gb Free Space | 99,61% Space Free | Partition Type: FAT32 Computer Name: AGNES-PC | User Name: Agnes | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Processes (SafeList) ==========[/color] PRC - [2012.06.19 18:58:16 | 000,595,968 | ---- | M] (OldTimer Tools) -- J:\OTL.exe PRC - [2012.05.14 21:10:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.14 21:10:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.14 21:10:06 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe PRC - [2012.05.14 21:10:06 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.14 21:10:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.01.04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe PRC - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () -- C:\OEM\USBDECTION\USBS3S4Detection.exe PRC - [2009.10.13 20:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [color=#E56717]========== Modules (No Company Name) ==========[/color] [color=#E56717]========== Win32 Services (SafeList) ==========[/color] SRV:64bit: - [2010.01.13 16:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.06.15 21:13:41 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.14 21:10:07 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.14 21:10:06 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.14 21:10:06 | 000,375,760 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService) SRV - [2012.05.14 21:10:06 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService) SRV - [2010.06.08 15:19:27 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.29 01:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.15 23:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.12.09 11:24:16 | 000,076,320 | ---- | M] () [Auto | Running] -- C:\OEM\USBDECTION\USBS3S4Detection.exe -- (USBS3S4Detection) SRV - [2009.10.13 20:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R) SRV - [2009.10.09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0) SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) [color=#E56717]========== Driver Services (SafeList) ==========[/color] DRV:64bit: - [2012.05.14 21:10:07 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.05.14 21:10:07 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.03.04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.01.13 16:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag) DRV:64bit: - [2010.01.13 15:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2009.12.09 11:39:52 | 000,537,624 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) [color=#E56717]========== Standard Registry (SafeList) ==========[/color] [color=#E56717]========== Internet Explorer ==========[/color] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3810&r=17360211n206pe415v185y6661245n IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3810&r=17360211n206pe415v185y6661245n IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3810&r=17360211n206pe415v185y6661245n IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3810&r=17360211n206pe415v185y6661245n IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3810&r=17360211n206pe415v185y6661245n IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0407&m=imedia_s3810&r=17360211n206pe415v185y6661245n IE - HKCU\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 [color=#E56717]========== FireFox ==========[/color] FF - prefs.js - File not found FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.11 22:25:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.11 18:45:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.08.16 22:50:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.02.19 22:58:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnes\AppData\Roaming\mozilla\Extensions [2011.02.20 00:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnes\AppData\Roaming\mozilla\Firefox\Profiles\ce62cjxc.default\extensions [2011.02.21 00:44:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Agnes\AppData\Roaming\mozilla\Firefox\Profiles\ce62cjxc.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.02.21 00:44:49 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Agnes\AppData\Roaming\mozilla\Firefox\Profiles\ce62cjxc.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2011.02.21 00:44:49 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Agnes\AppData\Roaming\mozilla\Firefox\Profiles\ce62cjxc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.06.11 22:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnes\AppData\Roaming\mozilla\Firefox\Profiles\s7hs5kca.default\extensions [2012.06.09 20:49:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Agnes\AppData\Roaming\mozilla\Firefox\Profiles\s7hs5kca.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.06.11 22:29:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Agnes\AppData\Roaming\mozilla\Firefox\Profiles\s7hs5kca.default\extensions\staged [2012.06.09 20:49:49 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Agnes\AppData\Roaming\mozilla\Firefox\Profiles\s7hs5kca.default\extensions\toolbar@ask.com [2012.02.23 19:07:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012.06.11 22:25:10 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [OOTag] C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe (Microsoft) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [OOTag] C:\Program Files (x86)\Packard Bell\OOBEOffer\OOTag.exe (Microsoft) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKCU..\Run: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe" -bootmode File not found O4 - Startup: C:\Users\Agnes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk = File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EB164DD-D2EE-426A-8B21-C27CEC2FAC39}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.06.04 19:27:48 | 000,008,192 | ---- | M] (Microsoft) - J:\AutoOff.exe -- [ FAT32 ] O32 - AutoRun File - [2011.06.04 19:27:48 | 000,000,070 | ---- | M] () - J:\Autorun.inf -- [ FAT32 ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {54F10A09-8B4D-3D48-58DC-6736AD243F99} - Internet Explorer ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point [color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color] [2012.06.09 20:58:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.09 20:55:16 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Agnes\Desktop\esetsmartinstaller_enu.exe [2012.05.29 23:00:55 | 000,000,000 | ---D | C] -- C:\Users\Agnes\AppData\Local\Microsoft Games [2012.05.28 22:18:48 | 000,000,000 | ---D | C] -- C:\Users\Agnes\AppData\Roaming\DieselPuppet [2012.05.26 23:52:17 | 000,000,000 | ---D | C] -- C:\Users\Agnes\AppData\Roaming\SMIGames [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files - Modified Within 30 Days ==========[/color] [2012.06.19 19:58:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 19:58:58 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.19 19:55:57 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.19 19:55:57 | 000,654,602 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.19 19:55:57 | 000,616,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.19 19:55:57 | 000,130,216 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.19 19:55:57 | 000,106,606 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.19 19:51:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.19 19:51:26 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys [2012.06.18 22:46:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.14 19:56:31 | 000,271,152 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.06.09 20:56:04 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Agnes\Desktop\esetsmartinstaller_enu.exe [2012.05.29 22:59:10 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012.05.28 22:04:14 | 000,000,957 | ---- | M] () -- C:\Users\Agnes\Desktop\Weird Park - Broken Tune.lnk [2012.05.26 23:51:36 | 000,001,189 | ---- | M] () -- C:\Users\Agnes\Desktop\VooDoo Chronicles - The First Sign Premium Edition.lnk [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [color=#E56717]========== Files Created - No Company Name ==========[/color] [2012.05.28 22:04:14 | 000,000,957 | ---- | C] () -- C:\Users\Agnes\Desktop\Weird Park - Broken Tune.lnk [2012.05.26 23:51:36 | 000,001,189 | ---- | C] () -- C:\Users\Agnes\Desktop\VooDoo Chronicles - The First Sign Premium Edition.lnk [2011.10.25 22:28:02 | 000,000,268 | ---- | C] () -- C:\Windows\_delis32.ini [2011.08.14 19:33:34 | 000,001,893 | ---- | C] () -- C:\Windows\hpdj5700.ini [2011.04.20 22:41:50 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2011.04.10 12:20:11 | 001,526,976 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.03.07 00:44:44 | 000,000,010 | ---- | C] () -- C:\Windows\popcinfo.dat [2011.02.20 16:25:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [color=#E56717]========== LOP Check ==========[/color] [2011.03.30 23:21:49 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\A Gypsy's Tale - Der Turm des Schicksals [2012.01.15 20:02:34 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Alawar [2012.01.24 23:04:52 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Alawar Entertainment [2012.03.11 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Arkadium [2012.02.05 16:45:09 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Awem [2012.05.07 22:43:53 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\cerasus.media [2011.08.19 22:13:39 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Colibri Games [2011.09.28 21:01:42 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\DarkParablesBriarRose_BFG_SE [2012.05.28 22:18:48 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\DieselPuppet [2011.07.18 22:37:17 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\DivoGames [2012.01.02 00:55:43 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\ElementalsTheMagicKey [2011.04.13 23:16:41 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\EscapeTheMuseum2 [2012.02.20 22:08:02 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Freeze Tag [2012.02.15 23:23:50 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Friday's games [2012.01.17 21:46:45 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Frogwares [2012.04.11 18:59:09 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Funlinker [2012.01.07 15:31:06 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\GameHouse [2012.03.09 21:25:28 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Games [2012.04.29 19:23:16 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\GO Games [2011.09.03 00:42:37 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\GOA [2012.01.04 00:56:10 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Gogii [2012.05.09 21:54:03 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\HitPoint Studios [2011.07.06 21:18:06 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Islands [2011.09.23 21:52:52 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Islands2 [2012.03.16 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Islands3 [2011.12.04 17:48:12 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\iWin [2011.12.10 01:49:05 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\JaiboGames [2011.06.15 22:58:45 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\JoyBits [2011.10.25 23:10:42 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Leadertech [2012.01.13 23:50:37 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\MagicIndie [2012.02.19 18:59:36 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Merscom [2011.02.23 22:56:53 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Mystery of Mortlake Mansion [2011.07.30 00:04:34 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\NevoSoft [2011.12.31 00:39:00 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Nevosoft-Breeze [2011.10.03 22:11:09 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\PeaceCraft3 [2011.06.01 23:47:48 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Phantasmat_zylom_ce [2012.01.07 15:57:47 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\PlayFirst [2011.07.06 20:26:59 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\PlayPond [2011.02.20 01:01:28 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Princess Isabella [2011.08.07 00:12:31 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Sahmon Games [2011.07.30 00:30:07 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Settlement. Colossus [2012.01.11 21:58:55 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Silverback Productions [2011.11.01 01:19:22 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Skip-Bo [2012.05.26 23:52:17 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\SMIGames [2012.03.28 21:22:40 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\SpinTop Games [2011.04.15 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\ThreeDays2 [2011.12.18 23:42:19 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Thunderbird [2011.02.20 15:57:29 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\Tific [2011.04.26 18:25:04 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\TitanicMystery [2011.04.10 12:20:55 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\TP [2012.05.15 21:02:41 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\VampireSagaHL [2011.12.25 21:11:37 | 000,000,000 | ---D | M] -- C:\Users\Agnes\AppData\Roaming\World-Loom [2012.03.13 22:33:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT [color=#E56717]========== Purity Check ==========[/color] [color=#E56717]========== Custom Scans ==========[/color] [color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color] [2011.10.31 22:46:35 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2010.06.08 15:12:34 | 000,000,000 | ---D | M] -- C:\book [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.02.19 21:38:36 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.05.08 02:33:04 | 000,000,000 | ---D | M] -- C:\Intel [2011.02.21 00:42:18 | 000,000,000 | -H-D | M] -- C:\OEM [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2011.10.25 23:09:19 | 000,000,000 | R--D | M] -- C:\Program Files [2012.06.09 20:58:00 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2012.05.16 22:16:31 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.02.19 21:38:36 | 000,000,000 | -HSD | M] -- C:\Programme [2012.06.07 09:28:17 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.06.19 19:58:23 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.02.20 18:51:34 | 000,000,000 | R--D | M] -- C:\Users [2012.06.04 22:13:10 | 000,000,000 | ---D | M] -- C:\Windows [2012.05.28 21:49:09 | 000,000,000 | ---D | M] -- C:\Zylom Games [color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color] [color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color] [color=#A23BEC]< %systemroot%\*. /mp /s >[/color] [color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color] [2009.10.06 08:06:36 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=00B0358734CAA32C39D181FE6916B178 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_b8b0208ee0ce1889\explorer.exe [2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.10.06 08:35:29 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=6D4F9E4B640B413C6F73414327484C80 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_addea9f19345cd81\explorer.exe [2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2010.02.04 12:49:48 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2009.10.06 08:31:09 | 002,868,736 | ---- | M] (Microsoft Corporation) MD5=CA17F8620815267DC838E30B68CB5052 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20542_none_ae5b763cac6d568e\explorer.exe [2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2010.02.04 12:49:48 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe [2009.10.06 07:53:03 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=FC89FACA0473641CB625EDA9277D0885 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16434_none_b8335443c7a68f7c\explorer.exe [color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color] [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe [2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe [2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe [color=#A23BEC]< MD5 for: USERINIT.EXE >[/color] [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe [color=#A23BEC]< MD5 for: WININIT.EXE >[/color] [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe [color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color] [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color] [color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color] < End of report > extra text OTL Extras logfile created on: 19.06.2012 19:56:57 - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = J:\ 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,67 Gb Available Physical Memory | 68,00% Memory free 7,86 Gb Paging File | 6,43 Gb Available in Paging File | 81,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,95 Gb Total Space | 399,27 Gb Free Space | 87,38% Space Free | Partition Type: NTFS Drive D: | 457,46 Gb Total Space | 457,31 Gb Free Space | 99,97% Space Free | Partition Type: NTFS Drive J: | 14,92 Gb Total Space | 14,86 Gb Free Space | 99,61% Space Free | Partition Type: FAT32 Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days [color=#E56717]========== Extra Registry (SafeList) ==========[/color] [color=#E56717]========== File Associations ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) [color=#E56717]========== Shell Spawning ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [color=#E56717]========== Security Center Settings ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] [color=#E56717]========== Firewall Settings ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [color=#E56717]========== Authorized Applications List ==========[/color] [color=#E56717]========== Vista Active Open Ports Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0657197C-B7D0-4308-8A2A-5BE89810DFCF}" = lport=139 | protocol=6 | dir=in | app=system | "{087B3B3E-100D-4194-92D6-B95CFFAE5479}" = rport=445 | protocol=6 | dir=out | app=system | "{101B307A-2439-42E4-966B-A0D532CE24BF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{1119681C-6E08-45ED-8089-17AD1BDFC7C0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{20F4A61C-AB07-4191-9E3A-8B7611B6142F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{2F80A965-38D3-4D34-BA91-32D37E7CCC07}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{361C6F75-9AA8-4CB3-AD73-6578870CEEAD}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{396DA02B-ECB4-4A88-A529-DB27D8DD2709}" = rport=10243 | protocol=6 | dir=out | app=system | "{4DF61DC1-1C57-4683-B098-01398AA90BA6}" = rport=138 | protocol=17 | dir=out | app=system | "{50E93F67-0A09-403C-8FBC-F2EB7D127491}" = lport=2869 | protocol=6 | dir=in | app=system | "{665F5390-DBD2-47D8-9133-9982008D7583}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{72901513-091D-414C-9933-1E36B78B6833}" = lport=138 | protocol=17 | dir=in | app=system | "{975A8179-C27D-4AB2-A829-42AB8AFC57BE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{97D8A2C3-280D-4315-A312-AD8DE8BC487F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{97EF0142-5914-4F73-A203-312960EFF3AC}" = lport=137 | protocol=17 | dir=in | app=system | "{AAC86A12-B680-43BF-A342-1FD9A5DFDDB5}" = rport=137 | protocol=17 | dir=out | app=system | "{C1EEDCA2-EC74-4E8B-BE59-8E06B5116300}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D02EC267-8C66-4D53-99E3-5720B9F822D2}" = lport=2869 | protocol=6 | dir=in | app=system | "{E0416874-4D5C-4860-95A6-59689045CBC0}" = lport=10243 | protocol=6 | dir=in | app=system | "{E7E6EC75-C7B5-470B-80B0-7FDCA94B63E2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{EAE072D4-F692-4DC5-9089-0DD6675A88BF}" = rport=139 | protocol=6 | dir=out | app=system | "{F021F72E-0FA8-4050-80F7-CFE27A1920EF}" = lport=445 | protocol=6 | dir=in | app=system | "{F254461B-ED2E-4346-B78A-BA90E332B200}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | [color=#E56717]========== Vista Active Application Exception List ==========[/color] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{028FDD05-BB3E-4083-B78D-DF84838DEA20}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | "{0AA47B72-1B1A-41BE-8C72-954E9D39EE51}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{0BA4DEC5-6BE4-4C19-A039-D8DC3C3733E7}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{0C41D035-AA88-4732-B291-469E9F6E2E1E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{0E4A41AF-8D04-42BD-A212-8D8BA3F243AE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{1BFD7EE9-F423-4D56-BC6C-5008ABB960BB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{21C5459B-7D1D-4D0E-9E99-5134E29AF90A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{374A0CFE-7814-4F03-8F07-548E7E8146A8}" = protocol=6 | dir=out | app=system | "{3C3C6D77-1A82-4CCE-B6B2-24BB1E089F41}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4267FAAB-3E6C-4141-B228-A23E6E7051AD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{4B83AE0D-86A3-4F90-8A63-4A6612183A2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{4BE34450-0CDA-4935-B8D9-140153B7561D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{5FCD9B14-DDAE-4875-951F-7FA4DF6123FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{604E9E27-42F8-43B4-8940-7A5F08DEF1BF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{753888E4-657C-4029-BEDB-2E3A1CC0D6ED}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{8D2DB7BB-0060-48C6-AE12-72A778234E23}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{90B6AF49-7D8B-4720-80C8-0CCC55516206}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{991298B6-29C2-481C-A473-BAF4AE0ADA74}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{9A434D52-AA44-4572-A83F-6E0ACE7E26DF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{B7DFF05C-4C54-4CB0-9C92-13AE25EFC635}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | "{BA434F25-C512-4F39-8CDB-15E4AE97922C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{BB22988B-83EC-4D74-A574-3F20BA080F81}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "TCP Query User{93A85246-2D85-4ED0-9B8F-909284B1ED9A}C:\users\mommy\appdata\roaming\vikuat\yquh.exe" = protocol=6 | dir=in | app=c:\users\mommy\appdata\roaming\vikuat\yquh.exe | "TCP Query User{D9A9233F-7256-4576-A091-C976CC3FC2B5}C:\users\mommy\appdata\roaming\vikuat\yquh.exe" = protocol=6 | dir=in | app=c:\users\mommy\appdata\roaming\vikuat\yquh.exe | "UDP Query User{591DBFDF-24BD-48E4-928A-61DFCF31D63E}C:\users\mommy\appdata\roaming\vikuat\yquh.exe" = protocol=17 | dir=in | app=c:\users\mommy\appdata\roaming\vikuat\yquh.exe | "UDP Query User{C8728875-E143-4A5F-A358-00829C261355}C:\users\mommy\appdata\roaming\vikuat\yquh.exe" = protocol=17 | dir=in | app=c:\users\mommy\appdata\roaming\vikuat\yquh.exe | [color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{5F3E04B1-390D-35F3-4C08-D82C7FB95AE5}" = ccc-utility64 "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs "{C42B7876-FA88-4F4A-9A5F-E175AD143F2A}" = ATI Catalyst Install Manager "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{033063B9-94AF-DC7C-95D3-35F641D8AEBE}" = CCC Help English "{171D318E-31FD-954F-0C3E-21EB06C0E899}" = CCC Help Russian "{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0 "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help "{20460018-6444-825B-4EBA-40D8DD30F12C}" = CCC Help Danish "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 24 "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com "{2893F5FD-0C0E-0B0F-3C70-C141539174B8}" = CCC Help Czech "{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed "{362E1FE9-1FF7-EE96-E7FF-D5E661173FFB}" = Catalyst Control Center Graphics Full Existing "{440D3BE4-EC27-5F34-DB56-A76E7EDF8BB1}" = CCC Help Finnish "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CAFDDA4-65ED-F56B-CFC2-849E958AE6B1}" = CCC Help Korean "{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM "{4DA5BB7E-9CB8-5E01-7F96-46F1EE2F2D4F}" = CCC Help Chinese Standard "{4FFBF030-A72F-B9FD-B944-B7850BEBE80C}" = CCC Help Swedish "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{542A08AB-AFD4-B5A4-9780-A8507A738F7F}" = CCC Help Chinese Traditional "{5433D947-A97A-25D5-A84E-A5171D2B8D6A}" = CCC Help Hungarian "{545E8571-FAB5-5BFC-1B70-A6A8E4ACA298}" = CCC Help Thai "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml "{57020886-809C-746B-2303-8030A84A0EB8}" = CCC Help Turkish "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress "{5F7E6484-A2FB-778D-431D-D181C55C3F1C}" = CCC Help German "{60d60578-7500-4c23-9d6f-279eb1db884b}" = Nero 9 Essentials "{6D441C98-EB46-D873-66A0-3FA448B8AD08}" = CCC Help Japanese "{6DC5AFA1-10F0-D421-2147-C426D554F286}" = Catalyst Control Center Graphics Full New "{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-packardbell" = WildTangent Games App (Packard Bell Games) "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{722EB9DF-A9EF-129D-816F-C6F17769EDAA}" = CCC Help Italian "{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart "{79437AE7-3196-2C0C-0AF6-90B2AF22D8DA}" = CCC Help Greek "{7DF0573D-A96F-9133-2454-D80A62F9FA77}" = CCC Help Polish "{7F811A54-5A09-4579-90E1-C93498E230D9}" = Packard Bell Recovery Management "{8295C50D-F52A-E4E1-4230-C4110980C3A0}" = CCC Help Norwegian "{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help "{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19 "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A227815-272D-A304-015F-DA71AABADE0A}" = Catalyst Control Center Localization All "{8AAE1CA8-68A1-15F7-DCCD-311F3435EFC4}" = Catalyst Control Center Core Implementation "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{93BC4791-8EC4-363C-1274-4F1F8FB03F2B}" = Catalyst Control Center Graphics Previews Vista "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C984E3E-9B9B-CBCC-326D-A63CCE560C0C}" = Catalyst Control Center Graphics Light "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress "{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.1 MUI "{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger "{AFE5FFBC-CE6D-F6BE-7EAA-AA2760E75E03}" = CCC Help Spanish "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter "{C0C6AD06-71E3-934A-8232-4487B751177F}" = CCC Help Dutch "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C5634562-6215-543B-3E86-0CF513706972}" = CCC Help French "{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade "{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials "{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help "{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide "{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer "{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding "{EE171732-BEB4-4576-887D-CB62727F01CA}" = Packard Bell Updater "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter "{F4719A65-7FF1-6146-BCC3-419662516FCF}" = ccc-core-static "{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool "{FC541630-B9CF-7783-3D1C-7CE1094BDD97}" = CCC Help Portuguese "0fd0f6b44956cb2766bbd2c1777f3eb8" = Virtual Villagers 5 - New Believers "1a6860eb24d1408da168a07da9d8fbdb" = Tales of Lagoona - Orphans of the Ocean "3cb1e59e3f781367097efff509bd1537" = Mahjongg Dimensions Deluxe - Tiles in Time "8b9f129ce2fc50581550300def4096fc" = VooDoo Chronicles - The First Sign Premium Edition "9131b468f75938b04a5da83b28a5141b" = Island Tribe 3 "a5ca1c6c4feb0b356ccfb636f44b4f77" = Roads of Rome 3 "a8f1d0bcd4b9b29c92d0e8dc4789ae27" = SKIP-BO Castaway Caper(TM) "Abenteuer von Luxor" = Abenteuer von Luxor "Adobe AIR" = Adobe AIR "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0 "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "Bubble Odyssey_is1" = Bubble Odyssey 1.0 "cbc05b7ecd0d011d2def0393bcea86d9" = Royal Envoy 2 Deluxe "EPSON Scanner" = EPSON Scan "ESET Online Scanner" = ESET Online Scanner v3 "f391612f1dc75ecfd794b51eda4d1db0" = Weird Park - Broken Tune "f75f14af08912bb4a95c45153399bd7e" = Oddly Enough - Pied Piper "fbe83e4b6f63f3e850ac3907350adb95" = Bubble Shooter "Identity Card" = Identity Card "Karu" = Karu "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400 "Marble Pop 3D" = Marble Pop 3D "Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de) "Mozilla Thunderbird (6.0)" = Mozilla Thunderbird (6.0) "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Packard Bell InfoCentre" = Packard Bell InfoCentre "Packard Bell Registration" = Packard Bell Registration "Packard Bell Screensaver" = Packard Bell ScreenSaver "Packard Bell Software Suite SE" = Packard Bell Software Suite SE "Packard Bell Welcome Center" = Welcome Center "Pearl Poppers" = Pearl Poppers "Secret Of Six Seas" = Secret Of Six Seas "Sprill" = Sprill "WildTangent packardbell Master Uninstall" = Packard Bell Games "WinLiveSuite_Wave3" = Windows Live Essentials "WT078791" = Bejeweled 2 Deluxe "WT078806" = Insaniquarium Deluxe "WT078833" = Zuma Deluxe "WT078960" = Blasterball 3 "WT078964" = Bob the Builder Can-Do-Zoo "WT079020" = Faerie Solitaire "WT079024" = FATE - The Traitor Soul "WT079064" = Jewel Quest "WT079068" = Jewel Quest Solitaire 3 "WT079108" = Penguins! "WT079116" = Polar Bowler "WT079120" = Polar Golfer "WT079124" = Polar Pool "WT079177" = Virtual Villagers - A New Home "WT079184" = Yahtzee "WT079363" = Build-a-lot 2 "WT079366" = Chicken Invaders 3 - Revenge of the Yolk "WT079395" = Escape Rosecliff Island "WT079397" = Mahjongg Artifacts "WT079421" = Virtual Families [color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater "DrKawashima" = Dr Kawashima [color=#E56717]========== Last 20 Event Log Errors ==========[/color] [ Application Events ] Error - 02.06.2012 10:08:18 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.06.2012 11:46:54 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 03.06.2012 14:46:53 | Computer Name = xxx-PC | Source = SideBySide | ID = 16842815 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" des "version"-Attributs im assemblyIdentity-Element ist ungültig. Error - 03.06.2012 14:47:28 | Computer Name = xxx-PC | Source = SideBySide | ID = 16842787 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1". Definition: WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose. Error - 04.06.2012 16:33:58 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 04.06.2012 17:54:29 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 05.06.2012 14:55:30 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 05.06.2012 19:22:27 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 06.06.2012 17:57:38 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . Error - 08.06.2012 04:42:32 | Computer Name = xxx-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>. Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei. . < End of report > LG fratzi Dieser Beitrag wurde am 19.06.2012 um 20:25 Uhr von fratzi editiert.
|
|
|
||
19.06.2012, 21:02
Moderator
Beiträge: 5694 |
#37
Schritt 1
Fixen mit OTL • Starte bitte die OTL.exe. Vista-User mit Rechtsklick "als Administrator starten" • Kopiere nun den Inhalt in die Textbox. Code :OTL• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Run Fix Button. • Klick auf . • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument. Kopiere nun den Inhalt hier in Code-Tags in Deinen Thread Schritt 2 Mach das auch auf einem anderen Computer. Also die Datei laden. Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.• Starte die aswMBR.exe Vista und Win7 User mit Rechtsklick "als Admininstartor starten"• Klicke auf Scan • Warte bitte bis Scan finished successfully im DOS Fenster steht. • Drücke auf Save Log und speichere diese auf dem Desktop. Poste mir die aswMBR.txt in deiner nächsten Antwort. Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit. |
|
|
||
19.06.2012, 21:43
Member
Themenstarter Beiträge: 119 |
#38
Hallo Swiss,
hier der Text; Code All processes killed Soll ich die asw wieder auf den Stick ziehen? Und ist der Stick noch clean? Nicht das ich noch Männes Laptop infiziere LG fratzi |
|
|
||
20.06.2012, 02:01
Moderator
Beiträge: 5694 |
#39
Ja mach es so.
|
|
|
||
20.06.2012, 19:16
Member
Themenstarter Beiträge: 119 |
#40
hallo Swiss,
ich hoffe der Stick war nicht auch noch infiziert. Männe macht mich sonst rund. Hier der asw text Code aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software Was ich noch erwähnen sollte ich habe die Programme vom Stick aus als Admin gestartet. Deswegen haben sowohl otl als auch asw funktioniert. Wenn ich die Tools vom Rechner aus starten will bekomme ich meine "Lieblingsansage"...keine zulässige Win32 Anwendung. LG fratzi Dieser Beitrag wurde am 20.06.2012 um 19:23 Uhr von fratzi editiert.
|
|
|
||
20.06.2012, 23:26
Moderator
Beiträge: 5694 |
#41
Dann mach das nun auch miit Combofix. AUch mit einem Stick:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren. Lade ComboFix von einem dieser Download-Spiegel herunter: BleepingComputer - ForoSpyware * Wichtig !! Speichere ComboFix auf dem Desktop • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören. • Doppelklicke auf die ComboFix.exe und folge den Anweisungen. • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird. • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst. **Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren. Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen: Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren. Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei. |
|
|
||
21.06.2012, 19:42
Member
Themenstarter Beiträge: 119 |
#42
Hallo Swiss,
hier combo fix... nur hab ich dusselchen vergessen den netzwerkstecker wieder anzuschließen Code ComboFix 12-06-21.01 - 21.06.2012 19:23:37.1.4 - x64 Auf dem Rechner ist danach folgendes passiert : Die Sicherheitseinstellungen für das Internet und eingeschränkten Websites mußten wieder neu eingestellt werden. LG fratzi Dieser Beitrag wurde am 21.06.2012 um 20:01 Uhr von fratzi editiert.
|
|
|
||
22.06.2012, 14:09
Moderator
Beiträge: 5694 |
#43
Und kommt die Fehlermeldung mit keine zulässige Win32 Anwendung.
|
|
|
||
22.06.2012, 22:59
Member
Themenstarter Beiträge: 119 |
#44
Hallo Swiss,
leider ja. Ich habe otl gelöscht und neu runtergeladen. Und trotzdem kommt dieser Text. LG Fratzi |
|
|
||
23.06.2012, 14:09
Moderator
Beiträge: 5694 |
#45
Hmm was kann das sein! Mach noch folgendes Programm via USB Stick. Also lade das Programm zuerst vom USB Stick auf den desktop!!
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop. • Schließe alle laufenden Programme. • Trenne dich von Internet. • Deaktiviere deine AntiViren Software. • Starte TDSSkiller.exe mit Doppelklick. Vista und Win7 User mit Rechtsklick "als Administrator starten" • Drücke auf Start scan. Mache während dem Scan nichts am Rechner • Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen. • Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten. Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot. • Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden. • Bitte poste mir den Inhalt hier in deinen Thread. Bebilderte Anleitung zur Benutzung von TDSSKiller. |
|
|
||
Starte die aswMBR.exe
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"• Klicke auf Scan
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.
Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.