[Windows Vista-32 bit] MS Removal Tool

Adobe After Effects 6.5 Adobe Systems Inc. 22.05.2009 372MB 6.5 >>>gelegentlich
Adobe Flash Player 10 ActiveX Adobe Systems Incorporated 21.03.2011 10.2.153.1 >>>täglich sau oft ??
Adobe MPEG Encoder Adobe Systems Incorporated / MainConcept GmbH 22.05.2009 4,58MB 1.03.0000 >>>gelegentlich
Adobe Premiere 6.5 Adobe Systems, Inc. 22.05.2009 245MB 6.5 >>>gelegentlich
Adobe Reader 9 - Deutsch Adobe Systems Incorporated 05.02.2009 232MB 9.0.0 >>>gelegentlich
Any Video Converter 2.7.5 Any-Video-Converter.com 02.07.2009 62,1MB >>>gelegentlich
Apple Application Support Apple Inc. 19.05.2010 39,7MB 1.2.1 >>>kenn ich nicht, benutze ich nie bewusst
Apple Mobile Device Support Apple Inc. 19.05.2010 19,7MB 3.0.1.3 >>>kenn ich nicht, benutze ich nie bewusst
Apple Software Update Apple Inc. 19.05.2010 2,26MB 2.1.2.120 >>>kenn ich nicht, benutze ich nie bewusst
ATI Catalyst Install Manager ATI Technologies, Inc. 11.02.2009 13,7MB 3.0.710.0 >>>kenn ich nicht, benutze ich nie bewusst
Avira AntiVir Personal - Free Antivirus Avira GmbH 30.03.2011 84,7MB 10.0.0.635 >>>täglich
Battlefield 2(TM) 04.06.2009 4.087MB >>>selten
Battlefield 2: Special Forces 22.12.2009 848MB >>>selten
Battlefield: Bad Company™ 2 Electronic Arts 06.03.2010 1.773MB 1.0.0.0 >>>gelegentlich
Bonjour Apple Inc. 19.05.2010 0,76MB 2.0.1.2 >>>kenn ich nicht
CCleaner Piriform 02.04.2011 3,60MB 3.05 >>>gelegentlich
CorelDRAW(R) Graphics Suite X4 Corel Corporation 22.05.2009 1.406MB >>>sehr oft
CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension Corel Corporation 22.05.2009 1,56MB >>>sehr oft
CyberLink PowerDVD 8 CyberLink Corp. 22.02.2009 91,8MB 8.0.2217 >>>war installiert, wird nicht genutzt
CyberLink PowerProducer CyberLink Corp. 22.02.2009 296MB 5.1013 >>>war installiert, wird nicht genutzt
CyberLink TV Enhance CyberLink Corp. 21.05.2009 81,8MB 2.0.6011 >>>war installiert, wird nicht genutzt
Designer 2.0 fotobuch.de AG 20.06.2009 52,8MB 7.7.4 >>>einmalig bisher genutzt
Google Earth Google 21.05.2009 25,3MB 4.3.7284.3916 >>>gelegentlich
HP Customer Participation Program 10.0 HP 21.05.2009 217MB 10.0 >>>kam mit meinem drucker, nervt täglich weil es updaten will ich lass es aber nicht
HP Document Manager 1.0 HP 21.05.2009 3,21MB 1.0 >>>kam mit meinem drucker, nervt täglich weil es updaten will ich lass es aber nicht
HP Imaging Device Functions 10.0 HP 21.05.2009 3,22MB 10.0 >>>öfter
HP Officejet J4500 Series HP 21.05.2009 20,5MB 1.0 >>>öfter
HP Smart Web Printing HP 21.05.2009 8,29MB 3.5 >>>kam mit meinem drucker, nervt täglich weil es updaten will ich lass es aber nicht
HP Solution Center 10.0 HP 21.05.2009 3,21MB 10.0 >>>kam mit meinem drucker, nervt täglich weil es updaten will ich lass es aber nicht
ICQ6.5 ICQ 25.05.2009 48,2MB 6.5 >>>selten aber einige kontakte halte ich damit aufrecht
iTunes Apple Inc. 19.05.2010 160,0MB 9.1.1.12 >>>gelegentlich
Java(TM) 6 Update 13 Sun Microsystems, Inc. 03.06.2009 97,0MB 6.0.130 >>>hat man ja, denk ich
Macromedia Contribute Macromedia 25.05.2009 34,1MB 1.0 >>>gelegentlich
Macromedia Dreamweaver 4 Macromedia 25.05.2009 60,0MB 4.0 >>>gelegentlich
Macromedia Dreamweaver MX Macromedia 25.05.2009 121,1MB 6.1 >>>gelegentlich
Macromedia Extension Manager Macromedia 25.05.2009 0,55MB 1.5 >>>gelegentlich
Macromedia Fireworks 4 Macromedia 25.05.2009 33,7MB 4 >>>gelegentlich
Macromedia Fireworks MX Macromedia 25.05.2009 41,6MB 6 >>>gelegentlich
Macromedia Flash MX Macromedia 25.05.2009 80,7MB 6 >>>gelegentlich
Macromedia FreeHand MX Macromedia 25.05.2009 44,1MB 11 >>>gelegentlich
Malwarebytes' Anti-Malware Malwarebytes Corporation 02.04.2011 4,80MB >>>seit gestern täglich
MCE Software Encoder 1.1 CyberLink Corporation 21.05.2009 1,38MB 1.1.0.1918 >>>kenn ich nicht, benutze ich nie bewusst
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 05.02.2009 37,5MB >>>kenn ich nicht, benutze ich nie bewusst
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 05.02.2009 37,5MB >>>kenn ich nicht, benutze ich nie bewusst
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 25.01.2011 120,3MB 4.0.30319 >>>kenn ich nicht, benutze ich nie bewusst
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 25.01.2011 24,5MB 4.0.30319 >>>kenn ich nicht, benutze ich nie bewusst
Microsoft Silverlight Microsoft Corporation 05.02.2009 13,2MB 2.0.31005.0 >>>kenn ich nicht, benutze ich nie bewusst
Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 05.02.2009 0,32MB 3.1.0000 >>>kenn ich nicht, benutze ich nie bewusst
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 05.02.2009 1,74MB 3.1.0000 >>>kenn ich nicht, benutze ich nie bewusst
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 06.03.2010 0,33MB 8.0.59193 >>>kenn ich nicht, benutze ich nie bewusst
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 14.03.2010 0,58MB 9.0.30729 >>>kenn ich nicht, benutze ich nie bewusst
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 23.03.2011 0,58MB 9.0.30729.4148 >>>kenn ich nicht, benutze ich nie bewusst
Mozilla Firefox (3.6.2pre) Mozilla 26.03.2010 26,7MB 3.6.2pre (de) >>>selten
MSXML 4.0 SP2 (KB936181) Microsoft Corporation 05.02.2009 1,28MB 4.20.9848.0 >>>kenn ich nicht, benutze ich nie bewusst
MSXML 4.0 SP2 (KB941833) Microsoft Corporation 05.02.2009 1,28MB 4.20.9849.0 >>>kenn ich nicht, benutze ich nie bewusst
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 05.02.2009 1,29MB 4.20.9870.0 >>>kenn ich nicht, benutze ich nie bewusst
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.11.2009 1,34MB 4.20.9876.0 >>>kenn ich nicht, benutze ich nie bewusst
Nero 8 Essentials Nero AG 05.02.2009 1.835MB 8.3.124 >>>sehr selten
NVIDIA Drivers 21.05.2009 >>>kenn ich nicht, benutze ich nie bewusst
OCR Software by I.R.I.S. 10.0 HP 21.05.2009 3,21MB 10.0 >>>kenn ich nicht, benutze ich nie bewusst
OpenOffice.org 3.1 OpenOffice.org 03.06.2009 369MB 3.1.9399 >>>selten
Orbit Downloader Orbit Downloader: the ultra file & social media (YouTube etc..) download manager 08.01.2010 8,10MB >>>öfter, auch die beiden files hab ich damit runtergeladen. is als addon im explorer. gefällt mir
Picasa 2 Google, Inc. 21.05.2009 35,3MB 2.0 >>>kenn ich nicht, benutze ich nie bewusst
PunkBuster Services Even Balance, Inc. 06.03.2010 0.988 >>>gelegentlich für badcompany2
QuickTime Apple Inc. 19.05.2010 73,8MB 7.66.71.0 >>>gelegentlich
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.02.2009 9,76MB 6.0.1.5749 >>>gelegentlich
Registry Reviver ReviverSoft 02.04.2011 26,8MB >>>gestern mehrfach
ROCCAT Kone Mouse Driver 03.02.2011 0,93MB >>>nicht mehr genutzt, maus is beim "maleware-update" verendet
Shop for HP Supplies HP 21.05.2009 217MB 10.0 >>>wtf ? keine ahnung kam wohl mit dem druckerkram
TC Native Essentials 2.02 22.05.2009 3,58MB >>>kenn ich nicht, benutze ich nie bewusst
VLC media player 0.9.9 VideoLAN Team 22.05.2009 63,1MB 0.9.9 >>>sehr oft
Winamp (remove only) 25.05.2009 12,3MB >>>sehr oft
Windows Live Fotogalerie Microsoft Corporation 05.02.2009 21,0MB 12.0.1347.0718 >>>sehr oft
Windows Live installer Microsoft Corporation 05.02.2009 2,35MB 12.0.1471.1025 >>>kenn ich nicht, benutze ich nie bewusst
Windows Live Mail Microsoft Corporation 05.02.2009 22,6MB 12.0.1606.1023 >>>kenn ich nicht, benutze ich nie bewusst
Windows Live Messenger Microsoft Corporation 05.02.2009 30,6MB 8.5.1302.1018 >>>kenn ich nicht, benutze ich nie bewusst
Windows Live Sign-in Assistant Microsoft Corporation 05.02.2009 1,88MB 5.000.742.2 >>>kenn ich nicht, benutze ich nie bewusst
Windows Live Writer Microsoft Corporation 05.02.2009 17,1MB 12.0.1370.0325
WinRAR 18.02.2011 3,79MB >>>gelegentlich, auch nicht registriert
WinZip 14.5 WinZip Computing, S.L. 05.05.2010 19,2MB 14.5.9095 >>>gelegentlich, auch nicht registriert
X10 Hardware(TM) 21.05.2009 28,00KB >>>kenn ich nicht, benutze ich nie bewusst

[markusg]

bitte mal rechtsklick auf mbr.exe und als admin ausführen.
lasse das programm dann laufen, drücke dann y und enter.
dann 1 und enter
dann 0 und enter
gebe einen dateinamen ein.
mbr zb
dann enter
die neue datei ist im selben ordner wie mbrcheck.exe
lad die bei
File-Upload.net - Ihr kostenloser File Hoster!
hoch und sende mir den link per mail, link in meiner signatur

OTL logfile created on: 04.04.2011 20:51:00 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jrock\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,13 Gb Total Space | 208,20 Gb Free Space | 36,14% Space Free | Partition Type: NTFS
Drive D: | 20,03 Gb Total Space | 12,75 Gb Free Space | 63,65% Space Free | Partition Type: FAT32
Drive E: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: JROCKER | User Name: Jrock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\CCleaner\CCleaner.exe (Piriform Ltd)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10o_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Users\Jrock\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Users\Jrock\Desktop\MBRCheck.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - C:\Programme\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
PRC - C:\Programme\ROCCAT\Kone Mouse\OSD.exe (ROCCAT)
PRC - C:\Programme\Common Files\Adobe\Updater6\Adobe_Updater.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLLoginProxy.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Winamp\winampa.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)


========== Modules (SafeList) ==========

MOD - C:\Users\Jrock\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)


========== Driver Services (SafeList) ==========

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3986734565-41736602-17988091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = peak7 on deviantART
IE - HKU\S-1-5-21-3986734565-41736602-17988091-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3986734565-41736602-17988091-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3986734565-41736602-17988091-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.kabeldeutschland.de/portal"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.20 16:44:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.20 16:44:17 | 000,000,000 | ---D | M]

[2010.03.27 15:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jrock\AppData\Roaming\mozilla\Extensions
[2011.03.04 20:09:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jrock\AppData\Roaming\mozilla\Firefox\Profiles\2unfpf2x.default\extensi ons
[2011.03.04 20:09:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jrock\AppData\Roaming\mozilla\Firefox\Profiles\2unfpf2x.default\extensi ons\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.27 15:03:47 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2011.04.03 17:37:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [Kone] C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Programme\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-21-3986734565-41736602-17988091-1000..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-3986734565-41736602-17988091-1000..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-3986734565-41736602-17988091-1000..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Jrock\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3986734565-41736602-17988091-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3986734565-41736602-17988091-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jrock\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jrock\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005.11.01 12:54:36 | 000,000,000 | R--D | M] - E:\autorun -- [ UDF ]
O32 - AutoRun File - [2005.11.01 12:59:48 | 001,187,840 | R--- | M] () - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2005.11.01 12:59:47 | 000,000,043 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found


SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.04.04 20:32:37 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jrock\Desktop\OTL.exe
[2011.04.03 18:59:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.04.03 18:02:02 | 000,000,000 | ---D | C] -- C:\Users\Jrock\Desktop\tdsskiller
[2011.04.03 17:59:44 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jrock\Desktop\TDSSKiller.exe
[2011.04.03 17:51:40 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.04.03 17:44:19 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.04.03 17:43:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.04.03 17:34:09 | 000,000,000 | ---D | C] -- C:\Users\Jrock\AppData\Local\temp
[2011.04.03 17:25:10 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.04.03 17:25:10 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.04.03 17:25:10 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.04.03 17:25:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.04.03 17:24:35 | 000,000,000 | ---D | C] -- C:\Users\Jrock\AppData\Roaming\Avira
[2011.04.03 17:23:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.04.03 14:40:46 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2011.04.03 14:40:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.03 14:30:13 | 003,050,472 | ---- | C] (Piriform Ltd) -- C:\Users\Jrock\Desktop\ccsetup305.exe
[2011.04.03 14:06:51 | 000,000,000 | ---D | C] -- C:\Users\Jrock\AppData\Roaming\Malwarebytes
[2011.04.03 14:06:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.03 14:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.03 14:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.03 14:06:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.03 14:06:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.03 14:06:01 | 000,356,352 | ---- | C] (funkytoad.com) -- C:\Users\Jrock\Desktop\HostsXpert.exe
[2011.04.03 14:02:34 | 000,000,000 | ---D | C] -- C:\Users\Jrock\AppData\Roaming\Reviversoft
[2011.04.03 14:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reviversoft
[2011.04.03 14:02:24 | 000,016,704 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011.04.03 14:02:24 | 000,000,000 | ---D | C] -- C:\Programme\Reviversoft
[2011.04.03 13:59:05 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jrock\Desktop\mbam-setup.exe
[2011.04.03 13:59:05 | 004,707,608 | ---- | C] (ReviverSoft ) -- C:\Users\Jrock\Desktop\RegistryReviverSetup.exe
[2011.04.03 01:25:21 | 000,000,000 | ---D | C] -- C:\projects
[2011.03.10 22:34:37 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.03.10 22:34:37 | 000,323,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.03.10 22:34:37 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.03.10 22:34:37 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Programme\instmsia.exe

========== Files - Modified Within 30 Days ==========

[2011.04.04 20:40:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.04 19:26:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.04 19:26:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.04 19:26:03 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.03 22:43:58 | 000,016,384 | ---- | M] () -- C:\Users\Jrock\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.03 22:09:11 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.03 22:09:11 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.03 22:09:11 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.03 22:09:11 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.03 22:03:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.03 22:02:54 | 3220,414,464 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.03 17:37:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.04.03 17:22:52 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2011.04.03 17:22:51 | 000,007,512 | ---- | M] () -- C:\Users\Jrock\AppData\Local\d3d9caps.dat
[2011.04.03 17:16:18 | 001,263,721 | ---- | M] () -- C:\Users\Jrock\Desktop\tdsskiller.zip
[2011.04.03 17:16:04 | 004,312,776 | R--- | M] () -- C:\Users\Jrock\Desktop\ComboFix.exe
[2011.04.03 14:40:46 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.03 14:30:01 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\Start Registry Reviver.job
[2011.04.03 14:16:58 | 003,050,472 | ---- | M] (Piriform Ltd) -- C:\Users\Jrock\Desktop\ccsetup305.exe
[2011.04.03 14:06:43 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.03 14:02:25 | 000,002,013 | ---- | M] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2011.04.03 13:57:36 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jrock\Desktop\mbam-setup.exe
[2011.04.03 13:56:14 | 000,353,485 | ---- | M] () -- C:\Users\Jrock\Desktop\HostsXpert.zip
[2011.04.03 13:54:08 | 004,707,608 | ---- | M] (ReviverSoft ) -- C:\Users\Jrock\Desktop\RegistryReviverSetup.exe
[2011.03.31 17:38:14 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011.03.16 13:28:20 | 000,016,704 | ---- | M] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011.03.10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jrock\Desktop\TDSSKiller.exe
[2011.03.06 19:01:58 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jrock\Desktop\OTL.exe
[2011.03.05 23:14:14 | 000,137,256 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.03.05 23:14:04 | 000,218,808 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr

========== Files Created - No Company Name ==========

[2011.04.04 20:28:54 | 000,080,384 | ---- | C] () -- C:\Users\Jrock\Desktop\MBRCheck.exe
[2011.04.03 17:35:46 | 3220,414,464 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.03 17:25:10 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.04.03 17:25:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.04.03 17:25:10 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.04.03 17:25:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.04.03 17:25:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.04.03 17:23:01 | 004,312,776 | R--- | C] () -- C:\Users\Jrock\Desktop\ComboFix.exe
[2011.04.03 17:22:59 | 001,263,721 | ---- | C] () -- C:\Users\Jrock\Desktop\tdsskiller.zip
[2011.04.03 14:40:46 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.04.03 14:06:43 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.03 14:02:37 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\Start Registry Reviver.job
[2011.04.03 14:02:25 | 000,002,013 | ---- | C] () -- C:\Users\Public\Desktop\Registry Reviver.lnk
[2011.04.03 13:59:05 | 000,353,485 | ---- | C] () -- C:\Users\Jrock\Desktop\HostsXpert.zip
[2011.03.06 03:14:48 | 001,214,167 | ---- | C] () -- C:\Users\Jrock\Desktop\CIMG9462.JPG
[2011.03.06 03:14:47 | 001,204,916 | ---- | C] () -- C:\Users\Jrock\Desktop\CIMG9461.JPG
[2011.03.06 03:14:47 | 001,200,682 | ---- | C] () -- C:\Users\Jrock\Desktop\CIMG9460.JPG
[2011.03.06 03:14:47 | 001,183,704 | ---- | C] () -- C:\Users\Jrock\Desktop\CIMG9459.JPG
[2011.03.03 21:55:17 | 000,001,164 | ---- | C] () -- C:\Users\Jrock\AppData\Local\9A5FF4EA.il
[2011.03.03 21:55:17 | 000,000,280 | ---- | C] () -- C:\Users\Jrock\AppData\Local\IndexIE_9A5FF4EA.il
[2010.03.15 18:18:30 | 000,010,578 | -HS- | C] () -- C:\Users\Jrock\AppData\Local\nSVDb4q65iE
[2010.03.07 16:11:05 | 000,138,056 | ---- | C] () -- C:\Users\Jrock\AppData\Roaming\PnkBstrK.sys
[2010.03.07 16:11:05 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.03.07 16:10:45 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.03.07 16:10:43 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.03.07 16:10:42 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe
[2009.07.28 22:30:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.05.27 19:18:50 | 000,007,512 | ---- | C] () -- C:\Users\Jrock\AppData\Local\d3d9caps.dat
[2009.05.26 22:50:28 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[2009.05.26 00:15:41 | 000,000,192 | ---- | C] () -- C:\Windows\winamp.ini
[2009.05.23 17:33:54 | 000,016,384 | ---- | C] () -- C:\Users\Jrock\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.05.22 17:41:20 | 000,010,563 | R--- | C] () -- C:\Windows\hpwscr19.dat
[2009.05.22 17:10:55 | 000,202,630 | ---- | C] () -- C:\Windows\hpwins19.dat
[2009.05.22 16:04:15 | 000,003,636 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2009.04.24 17:01:52 | 140,387,071 | ---- | C] () -- C:\Programme\openofficeorg1.cab
[2009.04.24 17:01:34 | 009,819,136 | ---- | C] () -- C:\Programme\openofficeorg31.msi
[2009.04.23 18:29:54 | 000,000,336 | ---- | C] () -- C:\Programme\setup.ini
[2009.02.23 14:08:39 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2009.02.12 12:50:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.02.12 11:23:42 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2009.02.12 11:01:32 | 000,009,760 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2009.02.06 22:06:28 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.02.06 22:06:28 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.02.06 22:06:28 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.02.06 22:06:28 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.02.06 14:37:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.02.06 13:40:03 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.02.06 13:40:03 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.02.05 16:31:02 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2009.02.05 16:31:02 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.02.05 16:31:01 | 000,180,720 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.02.05 16:31:01 | 000,081,920 | ---- | C] () -- C:\Windows\System32\ATIODE.exe
[2009.02.05 16:31:01 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ATIODCLI.exe
[2009.01.28 05:32:46 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2008.01.07 16:08:10 | 000,000,997 | R--- | C] () -- C:\Windows\hpwmdl19.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,293,112 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

========== LOP Check ==========

[2010.03.04 00:19:52 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Alien Skin
[2010.10.05 18:29:58 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Any Video Converter
[2009.06.21 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\fotobuch.de AG
[2011.02.22 17:45:54 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\ICQ
[2009.06.04 09:28:46 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\OpenOffice.org
[2011.04.04 20:32:53 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Orbit
[2011.04.03 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Reviversoft
[2011.02.04 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\ROCCAT
[2011.04.03 20:12:12 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.03 14:30:01 | 000,000,316 | ---- | M] () -- C:\Windows\Tasks\Start Registry Reviver.job

========== Purity Check ==========



========== Custom Scans ==========


< %ALLUSERSPROFILE%\Application Data\*. >

< %ALLUSERSPROFILE%\Application Data\*.exe /s >

< %APPDATA%\*. >
[2009.05.23 22:44:56 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Adobe
[2010.03.04 00:19:52 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Alien Skin
[2010.10.05 18:29:58 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Any Video Converter
[2011.03.03 21:48:41 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Apple Computer
[2009.05.22 16:18:46 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\ATI
[2011.04.03 17:24:35 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Avira
[2009.05.24 22:32:41 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Corel
[2010.01.30 12:00:39 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\dvdcss
[2009.06.21 21:04:06 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\fotobuch.de AG
[2009.07.28 22:49:58 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Google
[2009.05.22 17:52:53 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\HP
[2011.02.22 17:45:54 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\ICQ
[2009.05.22 16:18:18 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Identities
[2009.12.23 23:13:02 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Macromedia
[2011.04.03 14:06:51 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Media Center Programs
[2009.10.19 19:56:39 | 000,000,000 | --SD | M] -- C:\Users\Jrock\AppData\Roaming\Microsoft
[2010.03.27 15:03:56 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Mozilla
[2009.07.16 15:30:16 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Nero
[2009.06.04 09:28:46 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\OpenOffice.org
[2011.04.04 20:32:53 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Orbit
[2011.04.03 14:02:34 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\Reviversoft
[2011.02.04 21:23:10 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\ROCCAT
[2010.02.26 22:27:12 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\skypePM
[2009.05.23 18:06:22 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\vlc
[2011.02.19 20:54:31 | 000,000,000 | ---D | M] -- C:\Users\Jrock\AppData\Roaming\WinRAR

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\ERDNT\cache\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bb eb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647b bd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.01.14 16:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\ERDNT\cache\atapi.sys
[2009.01.14 16:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009.01.14 16:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.01.14 16:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219 e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_ms hdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a218 9ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.01.14 16:19:31 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493ab c2795\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af1152788 7c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mi crosoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\ERDNT\cache\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327be fea467\nvstor.sys

< MD5 for: NVSTOR32.SYS >
[2007.12.08 08:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\drivers\nvstor32.sys
[2007.12.08 08:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) MD5=1A649B87A7B7C1220A2B16B121F2198E -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_933da2ea\nvstor32.sy s

< MD5 for: SCECLI.DLL >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\ERDNT\cache\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\sce cli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mi crosoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\sce cli.dll

< MD5 for: USERINIT.EXE >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

< MD5 for: WS2IFSL.SYS >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2009.01.28 05:34:54 | 000,442,368 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2008.01.21 04:24:26 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2008.01.21 04:24:26 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Jrock\Desktop\#.mp4:TOC.WMV

< End of report >

OTL Extras logfile created on: 04.04.2011 20:51:00 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Jrock\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 53,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,13 Gb Total Space | 208,20 Gb Free Space | 36,14% Space Free | Partition Type: NTFS
Drive D: | 20,03 Gb Total Space | 12,75 Gb Free Space | 63,65% Space Free | Partition Type: FAT32
Drive E: | 1,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: JROCKER | User Name: Jrock | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\Winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\Winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\Winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe" = C:\Program Files\fotobuch.de AG\Designer 2.0\Designer.exe:*esigner.exe -- ()
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\FirewallRules]
"{08B016BE-93CE-4D3D-B31D-AB14973ED50E}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{174322E6-60EE-412C-B12A-27092786C301}" = rport=137 | protocol=17 | dir=out | app=system |
"{1CE0C216-BA02-4359-AC8F-00428AA3389C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{453726F4-DD52-4C6F-9463-402EAFD888FF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{49772043-0C74-4319-AFCC-7B920D931E7E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4A203628-AD0C-4030-B89B-9C21BC41EF55}" = rport=138 | protocol=17 | dir=out | app=system |
"{64308B5F-79A5-47AE-8D33-6B8F5EDD28C9}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{70894914-77B6-4774-894F-9036E6029BA4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{9A474F53-AAB6-4ADE-AF75-D4072E7B9633}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{AC629DFC-184C-46F8-BBC9-43F23510DE11}" = lport=139 | protocol=6 | dir=in | app=system |
"{B84A8D80-0E25-4ED0-A0B7-5B2C8F4FD9B9}" = rport=139 | protocol=6 | dir=out | app=system |
"{BAECAEF0-017A-4445-B56B-12347AA841B8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C5011B5D-80F4-482A-A39D-6132EED3E93C}" = lport=138 | protocol=17 | dir=in | app=system |
"{C6A1855B-59C4-429B-88DF-72DE28B77C33}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C6DF6AEF-25E1-461F-86EE-BB01A8480FDD}" = lport=137 | protocol=17 | dir=in | app=system |
"{CB854859-18D6-42D2-B904-E2F132669F42}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D45BC930-45E0-4059-9C2C-6C5FF034288C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DFAFCBBF-E850-45F2-94B7-5433B6DC9D91}" = lport=445 | protocol=6 | dir=in | app=system |
"{EF500C8D-0640-4AB1-980D-32E3236382F9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{FD3F6F1B-0154-4674-9E9C-59072DB838B9}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\Fir ewallPolicy\FirewallRules]
"{15EB3CC1-8F6D-4AC9-95A4-1FFD47C94751}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{1A4A8ED7-BA49-4F30-BDE8-01267E5734E2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1E0B78B6-AFEB-442C-8C69-ADDEF052D56E}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{1EBFB645-FB9D-4266-966C-C177FA361D40}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{2E1D783D-5DC4-4693-BB56-8A24D7F011D3}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{313D98AA-5217-4DF4-BDF9-89C1D0A20810}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{37C4A742-0DA3-46AA-B52D-885DCF95ADBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{39322D26-D811-4BA0-A9C9-4E3BB71A61F2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3F15AC23-15BA-4B29-8438-12E81E1A5B18}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{44CC2439-7ED9-4DFB-BDFF-11D3F7685C35}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{4A0A8BB8-AFC3-409E-BAF3-C56F13C0D93D}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{66BA4074-E251-49D4-A70E-865F449ADB59}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{68EE34A7-BA18-4EF7-B04C-0739CA746396}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{6DE7DAF9-4100-49BF-BABF-64101FEC5F64}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{6F1E623D-05D9-466F-867D-990F61CD70F2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7661B3BC-8214-47A3-AA22-B1A4FD93E106}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{784EA9A1-2CB5-417A-8BFE-368DA7668CC6}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{7D1D6E15-FC79-4C6B-87D1-E1F1322EEA7C}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{858EB074-901C-4F26-B1C6-E24724AB4F55}" = protocol=6 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{91BAB8B9-4CF0-4604-A7C3-98175C9773F3}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{969065B8-07B1-49D0-AB96-42617E705442}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{9EC7C7A9-B57D-49A2-A367-F7C8FD54B804}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{AAFF38E6-E2C6-4400-8671-87EE4EC2DA31}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe |
"{B4B0B5BB-BE77-48D1-A85D-993F5CDD6B02}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{B784B7B6-C257-446E-8CAF-4BC33809D31E}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{BAC30623-404A-49B0-BD3B-168D3F9DADFA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C2241C4A-65C3-477C-85AB-6394FB29CE56}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{D01657D0-376B-4037-965F-3ECC748673BA}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe |
"{D9B84666-76DA-4E10-AA26-9FC02DA77CE2}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{DDCD9AB1-CFCD-4EB3-B69E-7C16429D0F4E}" = protocol=17 | dir=in | app=c:\windows\temp\kd_installer.exe |
"{DE1BD34A-1E81-4206-A12D-3D80E2AE4FAA}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{E19419CF-7562-4CC2-A070-40501FC5B659}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E4093A94-ACE7-4D73-A5A2-B384A2632472}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{E5F595F7-1669-4637-87C8-2004FFCAC95C}" = dir=in | app=c:\program files\homecinema\powerdvd8\powerdvd8.exe |
"{EA6D04A4-9B6A-4AE2-9986-92F93E57D99C}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{EF0FFE8E-C732-48CA-8581-E97EF5C140E4}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe |
"{F6C4C65C-0EAE-46BB-88DF-B8363EFF88E7}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{FF1AAE7C-1F10-4360-B41D-A1A22AA34961}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"TCP Query User{2A445819-3AFE-44D9-B8BD-2886D421C178}C:\program files\macromedia\dreamweaver mx\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\dreamweaver mx\dreamweaver.exe |
"TCP Query User{327249A3-4A03-47DF-846B-214B6E5DBAB1}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{3C42A689-C8C5-4DB6-8B06-D795167E1429}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"TCP Query User{51CE58E1-504D-4FBF-B1B1-2106AE6B7DC5}C:\program files\macromedia\fireworks mx\fireworks.exe" = protocol=6 | dir=in | app=c:\program files\macromedia\fireworks mx\fireworks.exe |
"TCP Query User{52E4527D-99BE-471A-96CE-32DEACF1FA16}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{B89F0EBA-B29D-40AF-A467-BC382583E85D}C:\program files\orbitdownloader\orbitdm.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitdm.exe |
"TCP Query User{F405B39B-416E-4224-BA09-3F31B2D4D34B}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"TCP Query User{FBD8665C-B09A-4584-BA06-B808FE24C508}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{0AB7DDA8-F34C-4AF2-8763-938689DC77D8}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{14E1F8C4-3253-497F-86BB-EE5CA50AF063}C:\program files\orbitdownloader\orbitdm.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitdm.exe |
"UDP Query User{1DBF545D-9E0A-4AE6-86F0-A79637A532E2}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{375D6573-DBD0-4273-A115-C493EA52057D}C:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{4A8E58CC-8907-4FEF-BD02-25C806AF724C}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{56C60F85-555E-426E-90FA-391E7208FFC6}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe |
"UDP Query User{66968BEC-D3CA-41F3-B542-6F4E74C83EB9}C:\program files\macromedia\dreamweaver mx\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\dreamweaver mx\dreamweaver.exe |
"UDP Query User{C5B2C5B2-D804-4AE6-9FDA-4D82A1E534C8}C:\program files\macromedia\fireworks mx\fireworks.exe" = protocol=17 | dir=in | app=c:\program files\macromedia\fireworks mx\fireworks.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW(R) Graphics Suite X4
"_{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0ED47137-C071-46CC-A243-E5E33271E10E}" = Windows Live Sign-in Assistant
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1A9DAB4D-46CD-4CBF-A9FC-28D8AA8D2FCF}" = CorelDRAW Graphics Suite X4 - Lang BR
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4AAC1705-64B8-DE09-018A-C6053958215C}" = Catalyst Control Center Localization All
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5C584ABC-0A83-40AC-83D5-B1695A96FEE2}" = Macromedia Contribute
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{61CEB2D7-8D3B-4247-B75E-A95F6699B90A}" = Adobe After Effects 6.5
"{64A6FBF8-8D1B-B09F-9B2B-2754FD1674C8}" = ccc-utility
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{72BCEB9A-85D8-D524-B131-475FC098033F}" = ATI Catalyst Install Manager
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76C7CAB5-4823-EDC0-E237-EC6A482E416B}" = Catalyst Control Center Graphics Full Existing
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7F05E704-30A6-421A-97A7-8EEB1C7FF000}" = CorelDRAW Graphics Suite X4
"{7F05E704-30A6-421A-97A7-8EEB1C7FF010}" = CorelDRAW Graphics SUite X4 - ICA
"{7F05E704-30A6-421A-97A7-8EEB1C7FF012}" = CorelDRAW Graphics Suite X4 - Capture
"{7F05E704-30A6-421A-97A7-8EEB1C7FF013}" = CorelDRAW Graphics Suite X4 - Draw
"{7F05E704-30A6-421A-97A7-8EEB1C7FF014}" = CorelDRAW Graphics Suite X4 - PP
"{7F05E704-30A6-421A-97A7-8EEB1C7FF016}" = CorelDRAW Graphics Suite X4 - Content
"{7F05E704-30A6-421A-97A7-8EEB1C7FF017}" = CorelDRAW Graphics Suite X4 - Filters
"{7F05E704-30A6-421A-97A7-8EEB1C7FF019}" = CorelDRAW Graphics Suite X4 - FontNav
"{7F05E704-30A6-421A-97A7-8EEB1C7FF100}" = CorelDRAW Graphics Suite X4 - Lang EN
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84342056-F133-7A1C-EF10-18CD6C64B64E}" = CCC Help German
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{924DAFFB-CA84-43a3-8205-A6E94461EC79}_is1" = Registry Reviver
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9486560E-72F9-E0D2-BAC2-C9F995D64D77}" = ccc-core-static
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{9811A185-3D3D-11D6-9E14-00036D172B00}" = Adobe MPEG Encoder
"{989112B0-74DB-4A40-932F-580049CD0B97}" = Visual Basic for Applications (R) Core - German
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D0798D0-AF6C-4E62-94B1-AEBF1A43E00A}" = CorelDRAW Graphics Suite X4 - IPM
"{9D306690-3173-42CD-94C6-9EF9318AF24B}" = CorelDRAW Graphics Suite X4 - Lang FR
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A4076F4B-D0BE-18F2-A2F1-BF0573110879}" = Skins
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A6C27FFF-75EF-4B5B-A64E-F9E128994908}" = CorelDRAW Graphics Suite X4 - Lang NL
"{A8833100-1481-11D4-9731-00C04F8EEB39}" = Macromedia Fireworks 4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABDA9912-5D00-11D4-BAE7-9367CA097955}" = Macromedia Dreamweaver 4
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AEFBAC58-2DDD-4CEF-BDFD-52A5A5F432ED}" = CorelDRAW Graphics Suite X4 - Lang DE
"{B4A05A2A-7FF9-214F-412D-A789B1751522}" = Catalyst Control Center Core Implementation
"{B61D21B6-469D-4423-B161-62DB20B8A70E}" = Visual Basic for Applications (R) Core - English
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{B996E2CA-5EA8-49FE-50B1-A266F8E7F8EC}" = Catalyst Control Center Graphics Light
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BF439B41-0252-48DE-8B8B-0430CB26A181}" = CorelDRAW Graphics Suite X4 - VBA
"{C212EBE3-784C-6AA1-0E6C-337E57396A49}" = CCC Help English
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4F4B96A-8823-915F-2A89-27FD17BE69F0}" = Catalyst Control Center Graphics Previews Vista
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE2DA11A-917F-4CF5-AB55-755EC115DD10}" = CorelDRAW(R) Graphics Suite X4 - Windows Shell Extension
"{CF2DC4B8-3D6C-4BAC-3F31-A0D7F2E15924}" = Catalyst Control Center Graphics Full New
"{D0160DD3-6F62-4F1E-B999-6C68D3AE7390}" = CorelDRAW Graphics Suite X4 - Lang IT
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2827848-7D2A-4547-9AD1-C965FB3E6344}" = CorelDRAW Graphics Suite X4 - Lang ES
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DB81779E-7CC5-4630-BCFC-754004956444}" = Visual Basic for Applications (R) Core
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F4AE0FB8-A49D-548F-C82D-7CCC03DE0A41}" = Catalyst Control Center InstallProxy
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Premiere 6.5" = Adobe Premiere 6.5
"Any Video Converter_is1" = Any Video Converter 2.7.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Designer 2.0_is1" = Designer 2.0
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"Picasa2" = Picasa 2
"PunkBusterSvc" = PunkBuster Services
"Shop for HP Supplies" = Shop for HP Supplies
"TCEssentials" = TC Native Essentials 2.02
"VLC media player" = VLC media player 0.9.9
"Winamp" = Winamp (remove only)
"WinRAR archiver" = WinRAR
"X10Hardware" = X10 Hardware(TM)

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 03.04.2011 16:04:35 | Computer Name = Jrocker | Source = WinMgmt | ID = 10
Description =

Error - 03.04.2011 16:04:37 | Computer Name = Jrocker | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03.04.2011 16:04:37 | Computer Name = Jrocker | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 03.04.2011 20:52:58 | Computer Name = Jrocker | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03.04.2011 20:52:58 | Computer Name = Jrocker | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1467

Error - 03.04.2011 20:52:58 | Computer Name = Jrocker | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1467

Error - 03.04.2011 20:52:59 | Computer Name = Jrocker | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 03.04.2011 20:52:59 | Computer Name = Jrocker | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2481

Error - 03.04.2011 20:52:59 | Computer Name = Jrocker | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2481

Error - 04.04.2011 13:27:05 | Computer Name = Jrocker | Source = MsiInstaller | ID = 11706
Description =

[ System Events ]
Error - 03.04.2011 11:34:12 | Computer Name = Jrocker | Source = Service Control Manager | ID = 7030
Description =

Error - 03.04.2011 11:35:52 | Computer Name = Jrocker | Source = HTTP | ID = 15016
Description =

Error - 03.04.2011 11:37:27 | Computer Name = Jrocker | Source = Service Control Manager | ID = 7022
Description =

Error - 03.04.2011 11:45:28 | Computer Name = Jrocker | Source = Service Control Manager | ID = 7030
Description =

Error - 03.04.2011 11:48:18 | Computer Name = Jrocker | Source = Service Control Manager | ID = 7030
Description =

Error - 03.04.2011 11:50:57 | Computer Name = Jrocker | Source = Service Control Manager | ID = 7030
Description =

Error - 03.04.2011 12:59:53 | Computer Name = Jrocker | Source = HTTP | ID = 15016
Description =

Error - 03.04.2011 13:01:28 | Computer Name = Jrocker | Source = Service Control Manager | ID = 7022
Description =

Error - 03.04.2011 16:02:59 | Computer Name = Jrocker | Source = HTTP | ID = 15016
Description =

Error - 03.04.2011 16:04:35 | Computer Name = Jrocker | Source = Service Control Manager | ID = 7022
Description =


< End of report >

[markusg]

dieser mbr is unbekannt, dies könnte bedeuten das du eine inektion auf dem pc hast, also eine weitere. ich kläre das mit dem autor von mbrcheck ab, dauert aber vllt 1 tag. kommt drauf an wie er antwortet

[markusg]

hmm, gibt es noch probleme mit deinem system, wenn ja welche.

[Der Leo]

Gibt es noch probleme oder fragen?

Deinstalliere folgende Programm.

Bonjour Apple Inc.
Designer 2.0 fotobuch.de
OpenOffice.org 3.1
Picasa 2 Google
Registry Reviver ReviverSoft
Shop for HP Supplies HP
Nero 8 Essentials Nero AG --> mit diesem removal Tool entfernen.
Nero General CleanTool - Download - CHIP Online
VLC media player 0.9.9 --> Stark veraltet
Java(TM) 6 Update 13 Sun Microsystems --> Stark veraltet

Download
VLC: VideoLAN - Official page for VLC media player, the Open Source video framework!
Java: Download der kostenlosen Java-Software

Außerdem lade dir den FileHippo Update Checker herunter und installiere ihn.
FileHippo.com Update Checker - FileHippo.com

Alle vorgeschlagenen Programme aktualisieren. Aber bitte keine Beta Versionen installieren. Sollte ein Programm auf Englisch sein so gehe auf die Herstellerseite und lade dort die Deutsche Version herunter.

Nutze dieses Tool zukünftig regelmäßig (1 im Monat). Den durch alte Programme gelangen die Viren schnell auf das System.

Windows Updates für Vista

Gehe auf Start --> Alle Programme --> Windows Updates.
Such nach neuen Updates und alles alle Updates installieren. Auch das Service Pack 2 nicht vergessen!