Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.06.2011, 02:05   #1
Quixot
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Erst mal einen schönen Abend... oder Morgen je nach dem
Habe mir heute irgendwo her einen schönen Virus eingehandelt.
Es begann damit, dass meine Sidebar mit Wetter App und Leo nicht mehr funktioniert hat und ich die Icons in der Taskleiste nicht mehr drücken konnte.
Habe hiernach durch schauen im Taskmanager Htx.exe, Hty.exe und Hvysua.exe gefunden, welche ich im Abgesichertem Modus gelöscht habe.
Zusätzlich hab ich die Registry von einer Htx.exe Verknüpfung gesäubert.
Habe zusätzlich eben noch Avast rüberschauen lassen, wobei 3 Viren gefunden wurden und in die Quarantäne gesteckt wurden.
Das Windowssicherheitsdienstcenter ist deaktiviert und lässt sich nicht starten, genau so verhält es sich mit MSE, welches ich nach dem Installieren von Avast gelöscht habe.
Mittlerweile lässt sich die Taskleiste wieder benutzen aber Anfragen bei Google werden auf Goingonearth weitergeleitet...
Hoffe ihr könnt mir helfen!
MfG
Quixot

Bin gerade mal die Liste durchgegangen und habe hier die Logs (=
defogger
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:09 on 25/06/2011 (xxx)
 
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
 
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
 
 
-=E.O.F=-
         
OTL
Code:
ATTFilter
OTL logfile created on: 25.06.2011 14:19:33 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\xxx\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,90% Memory free
8,00 Gb Paging File | 6,65 Gb Available in Paging File | 83,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233,88 Gb Total Space | 160,29 Gb Free Space | 68,54% Space Free | Partition Type: NTFS
Drive F: | 231,78 Gb Total Space | 50,94 Gb Free Space | 21,98% Space Free | Partition Type: NTFS
Drive G: | 99,00 Mb Total Space | 83,74 Mb Free Space | 84,59% Space Free | Partition Type: NTFS
 
Computer Name: xxx | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.06.17 17:09:28 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2011.06.03 14:24:04 | 003,608,920 | ---- | M] () -- F:\Tobit Radio.fx\Server\rfx-server.exe
PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.03.17 20:21:24 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.05.05 19:56:42 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2010.05.05 19:51:56 | 001,212,928 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2007.03.05 09:09:02 | 000,019,456 | ---- | M] (Creative Technology Ltd) -- C:\Windows\SysWOW64\CTHELPER.EXE
PRC - [2007.02.01 11:13:06 | 000,094,208 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
PRC - [2006.11.22 18:55:38 | 000,057,344 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe
PRC - [2005.10.21 19:12:22 | 000,040,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Entertainment Center\EAXLoadr.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.06.17 17:09:28 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\snxhk.dll
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Start_Pending] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.12 00:18:01 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.03 14:24:04 | 003,608,920 | ---- | M] () [Auto | Running] -- F:\Tobit Radio.fx\Server\rfx-server.exe -- (Radio.fx)
SRV - [2011.04.08 07:14:00 | 002,218,600 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.04.07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.03.17 20:21:24 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.09.21 10:59:52 | 001,957,672 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.07.08 16:06:28 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2010.07.08 15:35:16 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2010.07.06 18:14:56 | 000,716,024 | ---- | M] (Tunngle.net GmbH) [Disabled | Stopped] -- F:\Progs\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.21 01:53:42 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2010.01.21 01:53:42 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2009.07.20 13:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.10 21:18:13 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.10 13:59:48 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.13 03:17:30 | 000,122,624 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zghsmdm.sys -- (zghsmdm)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.18 06:24:46 | 000,038,424 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2010.07.27 22:14:17 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.06.04 16:10:39 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.06.04 16:10:39 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.05.05 21:30:52 | 001,561,688 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2010.05.05 21:30:42 | 000,118,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2010.05.05 21:30:34 | 000,213,080 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2010.05.05 21:30:26 | 000,015,960 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2010.05.05 21:30:18 | 000,179,288 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2010.05.05 21:30:10 | 000,684,376 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2010.05.05 21:30:02 | 000,580,696 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2010.05.05 21:29:52 | 001,417,304 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2010.05.05 21:29:42 | 000,094,808 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2010.05.05 21:29:34 | 000,202,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2010.03.04 18:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.11.23 18:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.23 18:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.16 08:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t) TAP-Win32 Adapter V9 (Tunngle)
DRV:64bit: - [2009.07.16 12:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.09 11:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.12.26 12:56:04 | 000,021,504 | ---- | M] (Avnex) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV:64bit: - [2008.02.22 19:54:00 | 000,019,496 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GearAspiWDM)
DRV:64bit: - [2007.09.10 10:50:26 | 000,527,360 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PAC7302.SYS -- (PAC7302)
DRV:64bit: - [2007.03.05 11:58:37 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007.03.05 11:58:29 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007.03.05 11:58:24 | 000,142,136 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007.03.05 11:58:18 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007.03.05 11:58:12 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007.03.05 11:58:07 | 000,681,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007.03.05 11:58:01 | 000,700,216 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV:64bit: - [2007.03.05 11:57:52 | 000,157,496 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV - [2010.05.27 03:43:00 | 000,014,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\MSI Afterburner\RTCore64.sys -- (RTCore64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 21 45 D0 D0 B0 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:20.1.0.4
FF - prefs.js..extensions.enabledItems: {987311C6-B504-4aa2-90BF-60CC49808D42}:2.2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.06.24 21:58:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.20 20:17:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.04 16:24:44 | 000,000,000 | ---D | M]
 
[2010.02.18 21:25:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2011.06.16 16:12:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\4xv1qzb0.default\extensions
[2010.03.20 23:46:04 | 000,000,000 | ---D | M] (BugMeNot) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\4xv1qzb0.default\extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}
[2011.04.14 21:37:25 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\4xv1qzb0.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.04.15 15:39:59 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\4xv1qzb0.default\extensions\DeviceDetection@logitech.com
[2011.06.23 23:16:07 | 000,000,944 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\4xv1qzb0.default\searchplugins\icqplugin.xml
[2011.06.20 20:17:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.05.04 16:24:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.05.04 21:53:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.16 16:19:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- 
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4XV1QZB0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\4XV1QZB0.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.06.16 06:32:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 20:38:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [CTHelper] C:\Windows\SysWow64\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [RCSystem] C:\Program Files (x86)\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [rfxsrvtray] F:\Tobit Radio.fx\Client\rfx-tray.exe (Tobit.Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll (NVIDIA)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15116/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6289e909-99c0-11df-bf54-001e8cb3fbaa}\Shell - "" = AutoRun
O33 - MountPoints2\{6289e909-99c0-11df-bf54-001e8cb3fbaa}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{a5f8e447-938b-11e0-89f0-001e8cb3fbaa}\Shell - "" = AutoRun
O33 - MountPoints2\{a5f8e447-938b-11e0-89f0-001e8cb3fbaa}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{db508eae-344d-11df-b7ed-001e8cb3fbaa}\Shell - "" = AutoRun
O33 - MountPoints2\{db508eae-344d-11df-b7ed-001e8cb3fbaa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 10.1
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6A52F506-BCFF-970B-0A12-8C804FFEF25E} - Macromedia Shockwave Director 10.1
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpFolder: C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk - C:\PROGRA~2\OPENOF~1.ORG\program\QUICKS~1.EXE - ()
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: Steam - hkey= - key= - f:\steam\steam.exe (Valve Corporation)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.25 14:16:30 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011.06.24 21:59:16 | 000,022,360 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.06.24 21:59:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.06.24 21:59:15 | 000,287,576 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.06.24 21:59:13 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.06.24 21:59:13 | 000,031,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.06.24 21:59:12 | 000,600,920 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.06.24 21:59:12 | 000,253,888 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.06.24 21:59:12 | 000,064,344 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.06.24 21:58:53 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.06.24 21:58:53 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.06.24 21:58:48 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.06.24 21:58:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.06.23 23:35:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\.gigaflat
[2011.06.23 23:35:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gigaflat - Free Usenet
[2011.06.23 23:35:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gigaflat
[2011.06.23 23:33:56 | 019,534,683 | ---- | C] (Bitrockers Inc.                                             ) -- C:\Users\xxx\Desktop\gigaflat-installer.exe
[2011.06.22 17:09:18 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\update
[2011.06.16 21:05:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.06.16 21:05:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.06.16 21:05:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\ATI Technologies
[2011.06.16 21:05:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2011.06.16 21:05:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.06.16 21:03:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011.06.16 21:03:30 | 000,000,000 | ---D | C] -- C:\Programme\ATI Technologies
[2011.06.16 16:19:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011.06.13 00:09:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Neuer Ordner
[2011.06.12 01:30:23 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\CrashRpt
[2011.06.11 16:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2011.06.11 15:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2011.06.10 21:18:13 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.06.10 21:18:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.06.10 20:41:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\WinRAR
[2011.06.10 20:41:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.06.10 20:41:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.06.10 20:41:25 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2011.06.07 16:57:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
[2011.06.07 16:57:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSI Afterburner
[2011.06.06 22:54:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2011.06.06 22:54:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2011.06.06 21:49:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\ATI
[2011.06.06 21:49:19 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\ATI
[2011.06.06 21:44:19 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2011.06.06 21:43:45 | 000,000,000 | ---D | C] -- C:\ATI
[2011.06.06 17:22:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.06.06 17:06:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2011.05.28 20:52:07 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\go
[2011.05.28 20:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO
[2010.05.05 19:59:10 | 000,060,928 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2010.05.05 19:38:18 | 000,012,800 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.25 14:15:39 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.25 14:15:39 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.06.25 14:15:38 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.06.25 14:15:33 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.06.25 14:15:31 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\GXQDVNGTKS.job
[2011.06.25 14:11:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.25 14:10:58 | 3220,086,784 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.25 14:10:15 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2011.06.25 14:10:15 | 000,061,256 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2011.06.25 14:10:15 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx
[2011.06.25 14:10:00 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.25 14:10:00 | 000,013,232 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.25 14:09:33 | 000,000,020 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2011.06.25 14:08:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.25 02:14:53 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.06.25 02:14:39 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.06.25 02:14:39 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.06.25 02:14:39 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.06.25 02:14:39 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.06.24 21:59:16 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.06.24 21:59:12 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.06.24 21:58:18 | 056,923,744 | ---- | M] () -- C:\Users\xxx\Desktop\setup_av_free601125.exe
[2011.06.24 21:41:28 | 003,362,144 | ---- | M] () -- C:\Users\xxx\Desktop\AppsMsnDe.exe
[2011.06.24 20:43:38 | 000,163,840 | RHS- | M] () -- C:\Windows\SysWow64\msexch407.dll
[2011.06.24 20:28:21 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.06.23 23:34:50 | 019,534,683 | ---- | M] (Bitrockers Inc.                                             ) -- C:\Users\xxx\Desktop\gigaflat-installer.exe
[2011.06.23 20:58:36 | 000,000,035 | ---- | M] () -- C:\Windows\SIERRA.INI
[2011.06.22 17:18:06 | 008,822,648 | ---- | M] () -- C:\Users\xxx\Documents\AsusUpdt_V71401.zip
[2011.06.19 17:35:17 | 000,029,861 | ---- | M] () -- C:\Users\xxx\Desktop\de.his.servlet.RequestDispatcherServlet.htm
[2011.06.17 17:09:28 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2011.06.16 16:04:51 | 000,289,992 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.06.13 00:00:55 | 000,000,000 | -H-- | M] () -- C:\Users\xxx\Documents\Default.rdp
[2011.06.11 16:01:14 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2011.06.11 16:01:14 | 000,001,189 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2011.06.10 21:18:13 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.06.06 23:00:42 | 000,000,945 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2011.06.06 22:14:24 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.06 21:48:26 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.25 14:09:33 | 000,000,020 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2011.06.25 14:08:48 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe
[2011.06.24 21:59:16 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.06.24 21:59:12 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2011.06.24 21:56:40 | 056,923,744 | ---- | C] () -- C:\Users\xxx\Desktop\setup_av_free601125.exe
[2011.06.24 21:40:15 | 003,362,144 | ---- | C] () -- C:\Users\xxx\Desktop\AppsMsnDe.exe
[2011.06.24 20:43:45 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.06.24 20:43:42 | 000,000,294 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.06.24 20:43:39 | 000,000,250 | -H-- | C] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.06.24 20:43:38 | 000,163,840 | RHS- | C] () -- C:\Windows\SysWow64\msexch407.dll
[2011.06.24 20:43:38 | 000,000,320 | -HS- | C] () -- C:\Windows\tasks\GXQDVNGTKS.job
[2011.06.22 17:11:37 | 008,822,648 | ---- | C] () -- C:\Users\xxx\Documents\AsusUpdt_V71401.zip
[2011.06.19 17:35:15 | 000,029,861 | ---- | C] () -- C:\Users\xxx\Desktop\de.his.servlet.RequestDispatcherServlet.htm
[2011.06.13 15:57:55 | 4155,117,567 | ---- | C] () -- C:\Users\xxx\Documents\sr-mw2a.iso
[2011.06.13 00:00:55 | 000,000,000 | -H-- | C] () -- C:\Users\xxx\Documents\Default.rdp
[2011.06.11 16:01:14 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2011.06.11 16:01:14 | 000,001,189 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2011.06.07 16:57:16 | 000,110,592 | ---- | C] () -- C:\Windows\SysNative\rtvcvfw32.dll
[2011.06.06 22:14:47 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.06.06 22:14:24 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.06.06 21:48:26 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.05.28 20:52:07 | 000,001,686 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.10.30 22:50:24 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2010.10.30 22:50:24 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2010.10.30 22:50:24 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2010.10.30 20:34:29 | 000,000,035 | ---- | C] () -- C:\Windows\SIERRA.INI
[2010.07.31 13:42:40 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2010.06.15 18:09:04 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.05.29 14:15:54 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.05.29 14:15:52 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.05.29 14:15:52 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.05.05 20:37:52 | 000,021,204 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2010.05.05 19:56:46 | 000,002,560 | ---- | C] () -- C:\Windows\SysWow64\CtxfiRes.dll
[2010.05.05 19:46:30 | 000,321,512 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2010.05.05 19:46:30 | 000,056,509 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2010.05.05 19:38:22 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2010.04.22 22:50:54 | 000,073,136 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.03.26 00:10:06 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.03.26 00:10:06 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.03.26 00:10:04 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.03.26 00:10:04 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.03.18 00:00:15 | 000,000,566 | ---- | C] () -- C:\Windows\SysWow64\SP7302.INI
[2010.02.19 16:17:53 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.02.19 00:41:44 | 000,000,029 | ---- | C] () -- C:\Windows\sfbm.INI
[2010.02.18 22:36:16 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2010.02.18 22:36:16 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2010.02.18 22:34:55 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2010.02.18 22:32:56 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.02.18 22:32:56 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.02.18 21:51:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.06.04 02:37:06 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.05.27 10:49:00 | 000,000,285 | ---- | C] () -- C:\Windows\SysWow64\kill.ini
[2007.03.05 09:10:20 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBURST.DLL
[2007.03.05 09:09:04 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\PSCONV.EXE
[2006.10.11 05:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2005.10.04 17:28:12 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CTMMACTL.DLL
 
========== LOP Check ==========
 
[2011.05.12 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Avnex
[2010.07.27 22:50:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2011.04.14 21:37:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.25 14:00:18 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\go
[2011.05.15 22:01:13 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2011.02.13 19:57:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2010.02.18 23:33:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Leadertech
[2010.05.21 17:18:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\LolClient
[2010.04.26 22:32:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2011.05.28 19:26:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MyPhoneExplorer
[2010.02.28 21:25:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2011.03.17 18:35:43 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PunkBuster
[2010.11.23 15:03:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Screaming Bee
[2010.09.23 00:10:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer
[2010.02.22 00:47:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\The Creative Assembly
[2010.02.19 16:22:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Tobit
[2010.03.15 17:58:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client
[2011.01.24 20:52:55 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Tunngle
[2011.03.17 20:21:12 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft
[2011.06.25 14:15:31 | 000,000,320 | -HS- | M] () -- C:\Windows\Tasks\GXQDVNGTKS.job
[2011.05.05 02:25:21 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.25 14:15:39 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.06.25 14:15:33 | 000,000,250 | -H-- | M] () -- C:\Windows\Tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.06.25 14:15:38 | 000,000,294 | -H-- | M] () -- C:\Windows\Tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.06.25 02:27:57 | 000,000,000 | -HSD | M] -- C:\#GDATA.Trash.Store#
[2010.11.22 13:02:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2011.06.06 21:43:45 | 000,000,000 | ---D | M] -- C:\ATI
[2011.05.05 02:27:03 | 000,000,000 | -HSD | M] -- C:\Boot
[2011.06.25 03:55:14 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.02.18 21:14:00 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.04.22 00:17:45 | 000,000,000 | ---D | M] -- C:\Fraps
[2010.04.09 19:17:13 | 000,000,000 | ---D | M] -- C:\Games
[2011.05.11 12:10:33 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.06.25 02:14:52 | 000,000,000 | R--D | M] -- C:\Programme
[2011.06.25 02:14:52 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.06.24 21:58:48 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.02.18 21:14:00 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.02.18 21:14:00 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.06.24 21:57:52 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.06.06 17:55:28 | 000,000,000 | R--D | M] -- C:\Users
[2011.06.24 21:58:53 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
========== Files - Unicode (All) ==========
[2010.11.22 13:04:21 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\沧睓섀c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TMContainer00000000000000000002.regtrans-ms
[2010.11.22 13:04:21 | 000,524,288 | -HS- | M] ()(C:\Windows\SysWow64\???c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\沧睓섀c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TMContainer00000000000000000001.regtrans-ms
[2010.11.22 13:04:21 | 000,065,536 | -HS- | M] ()(C:\Windows\SysWow64\???c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TM.blf) -- C:\Windows\SysWow64\沧睓섀c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TM.blf
[2010.11.22 13:01:35 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TMContainer00000000000000000002.regtrans-ms) -- C:\Windows\SysWow64\沧睓섀c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TMContainer00000000000000000002.regtrans-ms
[2010.11.22 13:01:35 | 000,524,288 | -HS- | C] ()(C:\Windows\SysWow64\???c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TMContainer00000000000000000001.regtrans-ms) -- C:\Windows\SysWow64\沧睓섀c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TMContainer00000000000000000001.regtrans-ms
[2010.11.22 13:01:35 | 000,065,536 | -HS- | C] ()(C:\Windows\SysWow64\???c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TM.blf) -- C:\Windows\SysWow64\沧睓섀c{23466e8d-f627-11df-abf4-001e8cb3fbaa}.TM.blf
[2010.11.22 13:01:34 | 000,262,144 | ---- | M] ()(C:\Windows\SysWow64\???c) -- C:\Windows\SysWow64\沧睓섀c
[2010.11.22 13:01:34 | 000,262,144 | ---- | C] ()(C:\Windows\SysWow64\???c) -- C:\Windows\SysWow64\沧睓섀c
[2010.11.22 13:01:34 | 000,005,120 | -HS- | M] ()(C:\Windows\SysWow64\???c.LOG1) -- C:\Windows\SysWow64\沧睓섀c.LOG1
[2010.11.22 13:01:34 | 000,005,120 | -HS- | C] ()(C:\Windows\SysWow64\???c.LOG1) -- C:\Windows\SysWow64\沧睓섀c.LOG1
[2010.11.22 13:01:34 | 000,000,000 | -HS- | M] ()(C:\Windows\SysWow64\???c.LOG2) -- C:\Windows\SysWow64\沧睓섀c.LOG2
[2010.11.22 13:01:34 | 000,000,000 | -HS- | C] ()(C:\Windows\SysWow64\???c.LOG2) -- C:\Windows\SysWow64\沧睓섀c.LOG2
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
 
< End of report >
         
Nun die OTL Extras
Code:
ATTFilter
OTL Extras logfile created on: 25.06.2011 14:19:33 - Run 1
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,83 Gb Available Physical Memory | 70,90% Memory free
8,00 Gb Paging File | 6,65 Gb Available in Paging File | 83,17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 233,88 Gb Total Space | 160,29 Gb Free Space | 68,54% Space Free | Partition Type: NTFS
Drive F: | 231,78 Gb Total Space | 50,94 Gb Free Space | 21,98% Space Free | Partition Type: NTFS
Drive G: | 99,00 Mb Total Space | 83,74 Mb Free Space | 84,59% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Users\***\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\***\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\***\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Users\***\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Users\***\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Users\***\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{495ADF2E-6DDD-7C45-E02A-F9B4AF6F2175}" = AMD Drag and Drop Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{54E192A6-AA33-1963-C96A-26AA7A3B41B4}" = ccc-utility64
"{55C09FC1-D2D8-495A-BD80-D6725F0DCA58}" = Logitech GamePanel Software 3.04.137
"{5857E7BE-2F6F-D41A-42B2-B668B19A5F30}" = AMD Media Foundation Decoders
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 270.61
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 270.61
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.1.34
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{09CF6AF5-9206-4FD7-9B08-BA6819FB47E3}" = Anno 1404
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 26
"{30D659E4-4405-6925-CDCF-EB8CD0C80DAC}" = Catalyst Control Center Graphics Previews Common
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE7978-4F13-5584-5E53-DCEE1CB115A5}" = Catalyst Control Center
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{85268C72-C609-E50A-7AB3-9B3582DFEE66}" = CCC Help English
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venice
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}" = Adobe Shockwave Player
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}" = Hercules Classic Link
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 2.2.0 Beta 3
"ALchemy" = Creative ALchemy
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio-Systemsteuerung
"avast" = avast! Free Antivirus
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Console Launcher" = Creative Konsole Starter
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"EADM" = EA Download Manager
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 6.1
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"MPE" = MyPhoneExplorer
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Picasa 3" = Picasa 3
"Pizza Syndicate" = Pizza Syndicate
"PunkBusterSvc" = PunkBuster Services
"SFBM" = SoundFont-Bank-Manager
"StarCraft II" = StarCraft II
"Steam App 10500" = Empire: Total War
"Steam App 240" = Counter-Strike: Source
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 5" = TeamViewer 5
"Tobit Radio.fx Server" = Radio.fx
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"Warcraft III" = Warcraft III
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Game Organizer" = EasyBits GO
"Warcraft III" = Warcraft III: All Products
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
und zu guter letzt ein vollständiger MBAM Log!
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org
 
Datenbank Version: 6946
 
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
 
25.06.2011 15:02:00
mbam-log-2011-06-25 (15-02-00).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|)
Durchsuchte Objekte: 343856
Laufzeit: 24 Minute(n), 34 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\4ECYTQ9SIC (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\W1WIWQ1NPG (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
c:\$Recycle.Bin\s-1-5-21-2446120390-1556055472-141581609-1001\$R4DFPH7.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2446120390-1556055472-141581609-1001\$RS67W9K.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2446120390-1556055472-141581609-1001\$RUQ5M06.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\$Recycle.Bin\s-1-5-21-2446120390-1556055472-141581609-1001\$RX7V2NF.exe (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.
         
Hoffe es war richtig so :/

Alt 26.06.2011, 13:25   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{6289e909-99c0-11df-bf54-001e8cb3fbaa}\Shell - "" = AutoRun
O33 - MountPoints2\{6289e909-99c0-11df-bf54-001e8cb3fbaa}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{a5f8e447-938b-11e0-89f0-001e8cb3fbaa}\Shell - "" = AutoRun
O33 - MountPoints2\{a5f8e447-938b-11e0-89f0-001e8cb3fbaa}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{db508eae-344d-11df-b7ed-001e8cb3fbaa}\Shell - "" = AutoRun
O33 - MountPoints2\{db508eae-344d-11df-b7ed-001e8cb3fbaa}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
[2011.06.25 14:15:39 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.06.25 14:15:38 | 000,000,294 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2011.06.25 14:15:33 | 000,000,250 | -H-- | M] () -- C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job
[2011.06.25 14:15:31 | 000,000,320 | -HS- | M] () -- C:\Windows\tasks\GXQDVNGTKS.job
[2011.05.12 19:57:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Avnex
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
:Commands
[purity]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________

__________________

Alt 26.06.2011, 14:54   #3
Quixot
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Schon mal vieeeeeeelen Dank! =) Neustart war nicht nötig.
Habs direkt gemacht und hier der Log:
Code:
ATTFilter
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6289e909-99c0-11df-bf54-001e8cb3fbaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6289e909-99c0-11df-bf54-001e8cb3fbaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6289e909-99c0-11df-bf54-001e8cb3fbaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6289e909-99c0-11df-bf54-001e8cb3fbaa}\ not found.
File H:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5f8e447-938b-11e0-89f0-001e8cb3fbaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5f8e447-938b-11e0-89f0-001e8cb3fbaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a5f8e447-938b-11e0-89f0-001e8cb3fbaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a5f8e447-938b-11e0-89f0-001e8cb3fbaa}\ not found.
File H:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db508eae-344d-11df-b7ed-001e8cb3fbaa}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db508eae-344d-11df-b7ed-001e8cb3fbaa}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{db508eae-344d-11df-b7ed-001e8cb3fbaa}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db508eae-344d-11df-b7ed-001e8cb3fbaa}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
File C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job not found.
File C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job not found.
File C:\Windows\tasks\{810401E2-DDE0-454e-B0E2-AA89C9E5967C}.job not found.
C:\Windows\Tasks\GXQDVNGTKS.job moved successfully.
C:\Users\Carsten\AppData\Roaming\Avnex\VCS7\Effects\NHV folder moved successfully.
C:\Users\Carsten\AppData\Roaming\Avnex\VCS7\Effects folder moved successfully.
C:\Users\Carsten\AppData\Roaming\Avnex\VCS7 folder moved successfully.
C:\Users\Carsten\AppData\Roaming\Avnex folder moved successfully.
ADS C:\ProgramData\TEMP:05EE1EEF deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.24.1 log created on 06262011_154735
         
LaunchU3.exe ist mein Usb-Stick der gesichert ist mit der U3-Software
__________________

Alt 26.06.2011, 14:55   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.06.2011, 15:07   #5
Quixot
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Code:
ATTFilter
2011/06/26 16:05:33.0403 3548	TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/26 16:05:33.0567 3548	================================================================================
2011/06/26 16:05:33.0567 3548	SystemInfo:
2011/06/26 16:05:33.0567 3548	
2011/06/26 16:05:33.0567 3548	OS Version: 6.1.7601 ServicePack: 1.0
2011/06/26 16:05:33.0567 3548	Product type: Workstation
2011/06/26 16:05:33.0567 3548	ComputerName: xxx
2011/06/26 16:05:33.0568 3548	UserName: xxx
2011/06/26 16:05:33.0568 3548	Windows directory: C:\Windows
2011/06/26 16:05:33.0568 3548	System windows directory: C:\Windows
2011/06/26 16:05:33.0568 3548	Running under WOW64
2011/06/26 16:05:33.0568 3548	Processor architecture: Intel x64
2011/06/26 16:05:33.0568 3548	Number of processors: 2
2011/06/26 16:05:33.0568 3548	Page size: 0x1000
2011/06/26 16:05:33.0568 3548	Boot type: Normal boot
2011/06/26 16:05:33.0568 3548	================================================================================
2011/06/26 16:05:34.0190 3548	Initialize success
2011/06/26 16:05:49.0482 4236	================================================================================
2011/06/26 16:05:49.0482 4236	Scan started
2011/06/26 16:05:49.0482 4236	Mode: Manual; 
2011/06/26 16:05:49.0482 4236	================================================================================
2011/06/26 16:05:49.0970 4236	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/06/26 16:05:50.0005 4236	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/06/26 16:05:50.0048 4236	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/06/26 16:05:50.0086 4236	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/26 16:05:50.0106 4236	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/26 16:05:50.0124 4236	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/26 16:05:50.0165 4236	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/06/26 16:05:50.0210 4236	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/06/26 16:05:50.0262 4236	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/06/26 16:05:50.0286 4236	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/06/26 16:05:50.0336 4236	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/26 16:05:50.0509 4236	amdkmdag        (9a4b92150a5e259a7159d914cc3a60d7) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/26 16:05:50.0665 4236	amdkmdap        (9deb889d152f9c9dba98be8986084535) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/26 16:05:50.0688 4236	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/26 16:05:50.0723 4236	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/06/26 16:05:50.0740 4236	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/26 16:05:50.0766 4236	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/06/26 16:05:50.0792 4236	androidusb      (fad35699987baa96e22e13b24ff44769) C:\Windows\system32\Drivers\androidusb.sys
2011/06/26 16:05:50.0841 4236	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/06/26 16:05:50.0873 4236	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/26 16:05:50.0900 4236	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/26 16:05:50.0950 4236	aswFsBlk        (f1dbe3d02ffcdee5246f29b0ecebe6e0) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/26 16:05:50.0982 4236	aswMonFlt       (f3e75dd1bcc358fb4629357ad09e7c84) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/26 16:05:51.0003 4236	aswRdr          (fccbdc045dc12afd1508205117e7ed11) C:\Windows\system32\drivers\aswRdr.sys
2011/06/26 16:05:51.0072 4236	aswSnx          (5824dca602a0a30e866bc2ac98c6d970) C:\Windows\system32\drivers\aswSnx.sys
2011/06/26 16:05:51.0096 4236	aswSP           (af07b4bef920f90205148f3a05e2974c) C:\Windows\system32\drivers\aswSP.sys
2011/06/26 16:05:51.0119 4236	aswTdi          (a3eca5af3b4823a523c285a8df0f9e4f) C:\Windows\system32\drivers\aswTdi.sys
2011/06/26 16:05:51.0136 4236	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/26 16:05:51.0161 4236	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/06/26 16:05:51.0213 4236	AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys
2011/06/26 16:05:51.0260 4236	atksgt          (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
2011/06/26 16:05:51.0311 4236	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/26 16:05:51.0336 4236	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/26 16:05:51.0367 4236	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/26 16:05:51.0401 4236	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/26 16:05:51.0435 4236	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/26 16:05:51.0461 4236	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/26 16:05:51.0474 4236	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/26 16:05:51.0495 4236	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/26 16:05:51.0518 4236	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/26 16:05:51.0532 4236	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/26 16:05:51.0546 4236	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/26 16:05:51.0563 4236	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/26 16:05:51.0587 4236	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/26 16:05:51.0611 4236	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/26 16:05:51.0642 4236	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/26 16:05:51.0680 4236	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/26 16:05:51.0851 4236	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/26 16:05:51.0878 4236	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/06/26 16:05:51.0921 4236	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/06/26 16:05:51.0961 4236	COMMONFX.DLL    (2b350f5bb24603405ad41ddf1457dd23) C:\Windows\system32\COMMONFX.DLL
2011/06/26 16:05:51.0985 4236	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/26 16:05:52.0011 4236	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/06/26 16:05:52.0053 4236	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/26 16:05:52.0120 4236	CT20XUT         (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
2011/06/26 16:05:52.0159 4236	CT20XUT.SYS     (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
2011/06/26 16:05:52.0206 4236	ctac32k         (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
2011/06/26 16:05:52.0242 4236	ctaud2k         (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
2011/06/26 16:05:52.0281 4236	CTAUDFX.DLL     (0d112ab66ce4f13e9ef5e2d84313476b) C:\Windows\system32\CTAUDFX.DLL
2011/06/26 16:05:52.0312 4236	CTEAPSFX.DLL    (8204c53fb1e9dad273b7f2ea870f037d) C:\Windows\system32\CTEAPSFX.DLL
2011/06/26 16:05:52.0339 4236	CTEDSPFX.DLL    (3b8343b297014262b8f84b564155284b) C:\Windows\system32\CTEDSPFX.DLL
2011/06/26 16:05:52.0362 4236	CTEDSPIO.DLL    (928fd42893d31193d7b870e247b05ffd) C:\Windows\system32\CTEDSPIO.DLL
2011/06/26 16:05:52.0385 4236	CTEDSPSY.DLL    (83008cd39487769370b3c70d5aa9fd1b) C:\Windows\system32\CTEDSPSY.DLL
2011/06/26 16:05:52.0409 4236	CTERFXFX.DLL    (b1463c36598a272966f654f585c06748) C:\Windows\system32\CTERFXFX.DLL
2011/06/26 16:05:52.0464 4236	CTEXFIFX        (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/06/26 16:05:52.0523 4236	CTEXFIFX.SYS    (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/06/26 16:05:52.0547 4236	CTHWIUT         (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/06/26 16:05:52.0575 4236	CTHWIUT.SYS     (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/06/26 16:05:52.0595 4236	ctprxy2k        (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
2011/06/26 16:05:52.0621 4236	CTSBLFX.DLL     (5c173e93331cc151e4c57832a79902c8) C:\Windows\system32\CTSBLFX.DLL
2011/06/26 16:05:52.0652 4236	ctsfm2k         (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
2011/06/26 16:05:52.0710 4236	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/06/26 16:05:52.0738 4236	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/26 16:05:52.0755 4236	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/26 16:05:52.0798 4236	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/26 16:05:52.0856 4236	dtsoftbus01     (fb9bef3401ee5ecc2603311b9c64f44a) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
2011/06/26 16:05:52.0902 4236	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/26 16:05:52.0978 4236	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/26 16:05:53.0073 4236	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/26 16:05:53.0101 4236	emupia          (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
2011/06/26 16:05:53.0133 4236	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/06/26 16:05:53.0234 4236	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/26 16:05:53.0250 4236	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/26 16:05:53.0285 4236	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/26 16:05:53.0311 4236	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/26 16:05:53.0330 4236	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/26 16:05:53.0344 4236	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/26 16:05:53.0384 4236	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/06/26 16:05:53.0445 4236	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/26 16:05:53.0463 4236	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/26 16:05:53.0493 4236	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/26 16:05:53.0536 4236	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/26 16:05:53.0563 4236	GearAspiWDM     (7508fcfb8d93556213f530dffaedec45) C:\Windows\system32\drivers\GEARAspiWDM.sys
2011/06/26 16:05:53.0657 4236	ha20x2k         (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
2011/06/26 16:05:53.0686 4236	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/26 16:05:53.0719 4236	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/06/26 16:05:53.0762 4236	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/26 16:05:53.0782 4236	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/26 16:05:53.0805 4236	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/26 16:05:53.0827 4236	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/26 16:05:53.0870 4236	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/26 16:05:53.0907 4236	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/06/26 16:05:53.0953 4236	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/06/26 16:05:53.0975 4236	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/26 16:05:54.0011 4236	hxctlflt        (4b7423fcc37664954460ac3e71752b62) C:\Windows\system32\DRIVERS\hxctlflt.sys
2011/06/26 16:05:54.0050 4236	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/06/26 16:05:54.0087 4236	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/06/26 16:05:54.0121 4236	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/26 16:05:54.0169 4236	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/06/26 16:05:54.0193 4236	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/26 16:05:54.0232 4236	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/26 16:05:54.0251 4236	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/06/26 16:05:54.0267 4236	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/26 16:05:54.0294 4236	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/26 16:05:54.0323 4236	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/06/26 16:05:54.0353 4236	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/06/26 16:05:54.0380 4236	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/26 16:05:54.0399 4236	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/26 16:05:54.0436 4236	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/26 16:05:54.0460 4236	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/26 16:05:54.0479 4236	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/26 16:05:54.0533 4236	LGBusEnum       (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
2011/06/26 16:05:54.0559 4236	LGVirHid        (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
2011/06/26 16:05:54.0593 4236	LHidFilt        (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/26 16:05:54.0646 4236	lirsgt          (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/06/26 16:05:54.0670 4236	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/26 16:05:54.0695 4236	LMouFilt        (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/26 16:05:54.0723 4236	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/26 16:05:54.0738 4236	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/26 16:05:54.0757 4236	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/26 16:05:54.0792 4236	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/26 16:05:54.0821 4236	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/26 16:05:54.0873 4236	MBAMProtector   (ed49fd1373de93617a1f6d128d98fe4d) C:\Windows\system32\drivers\mbam.sys
2011/06/26 16:05:54.0906 4236	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/26 16:05:54.0928 4236	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/26 16:05:54.0953 4236	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/26 16:05:54.0976 4236	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/26 16:05:55.0000 4236	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/26 16:05:55.0030 4236	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/26 16:05:55.0063 4236	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/06/26 16:05:55.0101 4236	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/06/26 16:05:55.0116 4236	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/26 16:05:55.0175 4236	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/06/26 16:05:55.0213 4236	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/26 16:05:55.0238 4236	mrxsmb10        (2086d463bd371d8a37d153897430916d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/26 16:05:55.0259 4236	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/26 16:05:55.0295 4236	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/06/26 16:05:55.0328 4236	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/06/26 16:05:55.0365 4236	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/26 16:05:55.0386 4236	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/26 16:05:55.0408 4236	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/06/26 16:05:55.0441 4236	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/26 16:05:55.0465 4236	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/26 16:05:55.0481 4236	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/26 16:05:55.0525 4236	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/06/26 16:05:55.0547 4236	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/06/26 16:05:55.0566 4236	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/26 16:05:55.0601 4236	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/26 16:05:55.0659 4236	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
2011/06/26 16:05:55.0690 4236	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/26 16:05:55.0727 4236	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/26 16:05:55.0780 4236	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/06/26 16:05:55.0809 4236	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/26 16:05:55.0834 4236	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/26 16:05:55.0876 4236	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/26 16:05:55.0909 4236	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/26 16:05:55.0924 4236	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/06/26 16:05:55.0946 4236	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/26 16:05:55.0967 4236	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/26 16:05:56.0002 4236	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/26 16:05:56.0023 4236	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/26 16:05:56.0049 4236	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/26 16:05:56.0130 4236	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/06/26 16:05:56.0189 4236	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/26 16:05:56.0224 4236	NVENETFD        (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/06/26 16:05:56.0453 4236	nvlddmkm        (a963c2c276a97b088ded5d7a83be8052) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/26 16:05:56.0676 4236	NVNET           (bd25e03ead63ac3365f25175b4dbd56a) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/06/26 16:05:56.0715 4236	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/06/26 16:05:56.0748 4236	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/06/26 16:05:56.0770 4236	nvstor64        (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/06/26 16:05:56.0808 4236	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/06/26 16:05:56.0839 4236	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/06/26 16:05:56.0908 4236	ossrv           (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
2011/06/26 16:05:56.0962 4236	PAC7302         (b87efc9994f53124622fa2a0caa6d828) C:\Windows\system32\DRIVERS\PAC7302.SYS
2011/06/26 16:05:56.0990 4236	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/26 16:05:57.0022 4236	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/06/26 16:05:57.0048 4236	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/06/26 16:05:57.0068 4236	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/06/26 16:05:57.0091 4236	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/26 16:05:57.0113 4236	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/26 16:05:57.0140 4236	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/26 16:05:57.0235 4236	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/26 16:05:57.0252 4236	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/26 16:05:57.0310 4236	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/26 16:05:57.0355 4236	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/26 16:05:57.0395 4236	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/26 16:05:57.0423 4236	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/26 16:05:57.0441 4236	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/26 16:05:57.0475 4236	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/26 16:05:57.0501 4236	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/26 16:05:57.0528 4236	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/26 16:05:57.0544 4236	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/26 16:05:57.0572 4236	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/26 16:05:57.0597 4236	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/26 16:05:57.0622 4236	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/26 16:05:57.0645 4236	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/26 16:05:57.0668 4236	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/26 16:05:57.0709 4236	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/06/26 16:05:57.0743 4236	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/06/26 16:05:57.0778 4236	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/26 16:05:57.0851 4236	RTCore64        (2e887e52e45bba3c47ccd0e75fc5266f) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys
2011/06/26 16:05:57.0895 4236	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/26 16:05:57.0935 4236	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/26 16:05:57.0985 4236	ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys
2011/06/26 16:05:58.0009 4236	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/26 16:05:58.0058 4236	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/26 16:05:58.0077 4236	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/26 16:05:58.0105 4236	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/26 16:05:58.0165 4236	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/06/26 16:05:58.0179 4236	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/26 16:05:58.0194 4236	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/26 16:05:58.0222 4236	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/26 16:05:58.0243 4236	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/26 16:05:58.0259 4236	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/26 16:05:58.0285 4236	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/26 16:05:58.0319 4236	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/26 16:05:58.0399 4236	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
2011/06/26 16:05:58.0438 4236	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/06/26 16:05:58.0472 4236	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/26 16:05:58.0499 4236	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/26 16:05:58.0538 4236	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/26 16:05:58.0565 4236	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/06/26 16:05:58.0620 4236	tap0901t        (b08740047145b9bce15bf75ca0f9718a) C:\Windows\system32\DRIVERS\tap0901t.sys
2011/06/26 16:05:58.0682 4236	Tcpip           (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\drivers\tcpip.sys
2011/06/26 16:05:58.0774 4236	TCPIP6          (92ce29d95ac9dd2d0ee9061d551ba250) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/26 16:05:58.0815 4236	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/26 16:05:58.0838 4236	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/26 16:05:58.0853 4236	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/26 16:05:58.0896 4236	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/26 16:05:58.0920 4236	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/06/26 16:05:58.0976 4236	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/26 16:05:59.0014 4236	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/06/26 16:05:59.0038 4236	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/26 16:05:59.0057 4236	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/26 16:05:59.0083 4236	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/26 16:05:59.0121 4236	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/26 16:05:59.0146 4236	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/06/26 16:05:59.0170 4236	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/26 16:05:59.0219 4236	usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
2011/06/26 16:05:59.0252 4236	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/26 16:05:59.0280 4236	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/06/26 16:05:59.0310 4236	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/26 16:05:59.0340 4236	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/26 16:05:59.0369 4236	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/26 16:05:59.0395 4236	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/26 16:05:59.0418 4236	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/26 16:05:59.0447 4236	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/26 16:05:59.0494 4236	VCSVADHWSer     (3a4b01c2bdb07dfef29b0b369487503a) C:\Windows\system32\DRIVERS\vcsvad.sys
2011/06/26 16:05:59.0516 4236	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/06/26 16:05:59.0542 4236	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/26 16:05:59.0566 4236	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/26 16:05:59.0605 4236	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/06/26 16:05:59.0625 4236	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/06/26 16:05:59.0652 4236	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/06/26 16:05:59.0693 4236	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/06/26 16:05:59.0723 4236	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/06/26 16:05:59.0753 4236	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/26 16:05:59.0782 4236	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/26 16:05:59.0809 4236	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/26 16:05:59.0861 4236	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/26 16:05:59.0870 4236	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/26 16:05:59.0904 4236	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/26 16:05:59.0934 4236	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/26 16:05:59.0975 4236	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/26 16:05:59.0990 4236	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/26 16:06:00.0056 4236	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/26 16:06:00.0105 4236	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/26 16:06:00.0153 4236	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/26 16:06:00.0207 4236	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/06/26 16:06:00.0252 4236	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/26 16:06:00.0315 4236	zghsmdm         (741d9bbfe2a392031157a39d921ce052) C:\Windows\system32\DRIVERS\zghsmdm.sys
2011/06/26 16:06:00.0342 4236	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/26 16:06:00.0350 4236	================================================================================
2011/06/26 16:06:00.0350 4236	Scan finished
2011/06/26 16:06:00.0350 4236	================================================================================
2011/06/26 16:06:00.0358 3252	Detected object count: 0
2011/06/26 16:06:00.0358 3252	Actual detected object count: 0
         


Alt 26.06.2011, 15:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba

Alt 26.06.2011, 15:44   #7
Quixot
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Hier der Combo Fix Log:
Code:
ATTFilter
ComboFix 11-06-25.05 - Carsten 26.06.2011  16:17:58.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.2945 [GMT 2:00]
ausgeführt von:: c:\users\Carsten\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Carsten\AppData\Local\Microsoft\Windows\Temporary Internet Files\koelschwetter.gadget
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-05-26 bis 2011-06-26  ))))))))))))))))))))))))))))))
.
.
2011-06-26 14:32 . 2011-06-26 14:32	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2011-06-26 14:32 . 2011-06-26 14:32	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-06-26 13:47 . 2011-06-26 13:47	--------	d-----w-	C:\_OTL
2011-06-25 12:34 . 2011-06-25 12:34	--------	d-----w-	c:\users\Carsten\AppData\Roaming\Malwarebytes
2011-06-25 12:34 . 2011-05-29 07:11	39984	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-06-25 12:34 . 2011-06-25 12:34	--------	d-----w-	c:\programdata\Malwarebytes
2011-06-25 12:34 . 2011-06-25 12:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-06-25 12:34 . 2011-05-29 07:11	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-06-24 19:59 . 2011-05-10 11:59	22360	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 19:59 . 2011-05-10 12:04	287576	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-06-24 19:59 . 2011-05-10 12:02	53592	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-06-24 19:59 . 2011-05-10 11:59	31064	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-06-24 19:59 . 2011-05-10 12:10	253888	----a-w-	c:\windows\system32\aswBoot.exe
2011-06-24 19:59 . 2011-05-10 12:04	600920	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-06-24 19:59 . 2011-05-10 11:59	64344	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-06-24 19:58 . 2011-05-10 12:10	40112	----a-w-	c:\windows\avastSS.scr
2011-06-24 19:58 . 2011-05-10 12:10	199304	----a-w-	c:\windows\SysWow64\aswBoot.exe
2011-06-24 19:58 . 2011-06-24 19:58	--------	d-----w-	c:\programdata\AVAST Software
2011-06-24 19:58 . 2011-06-24 19:58	--------	d-----w-	c:\program files\AVAST Software
2011-06-24 18:43 . 2011-06-24 18:43	163840	--sha-r-	c:\windows\SysWow64\msexch407.dll
2011-06-23 21:35 . 2011-06-23 21:36	--------	d-----w-	c:\users\Carsten\.gigaflat
2011-06-21 21:48 . 2011-06-21 21:48	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-06-21 21:48 . 2011-06-21 21:48	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-06-21 21:48 . 2011-06-21 21:48	1166144	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-06-20 18:17 . 2011-06-16 04:32	142296	----a-w-	c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-06-20 18:17 . 2010-01-01 08:00	2106216	----a-w-	c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-20 18:17 . 2010-01-01 08:00	1998168	----a-w-	c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-16 19:05 . 2011-06-16 19:05	--------	d-----w-	c:\programdata\ATI
2011-06-16 19:05 . 2011-06-16 19:05	--------	d-----w-	c:\program files (x86)\AMD APP
2011-06-16 19:05 . 2011-06-16 19:05	--------	d-----w-	c:\program files\Common Files\ATI Technologies
2011-06-16 19:05 . 2011-06-16 19:05	--------	d-----w-	c:\program files (x86)\Common Files\ATI Technologies
2011-06-16 19:03 . 2011-06-16 19:03	--------	d-----w-	c:\program files (x86)\ATI Technologies
2011-06-16 19:03 . 2011-06-16 19:04	--------	d-----w-	c:\program files\ATI Technologies
2011-06-16 14:19 . 2011-06-16 14:19	--------	d-----w-	c:\program files (x86)\Common Files\Java
2011-06-16 14:12 . 2011-06-16 14:12	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-15 17:46 . 2011-05-28 03:06	3135488	----a-w-	c:\windows\system32\win32k.sys
2011-06-15 17:46 . 2011-04-27 02:40	158208	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 17:46 . 2011-04-27 02:39	289280	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 17:46 . 2011-04-27 02:39	128000	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 17:46 . 2011-04-25 05:33	1923968	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-15 17:46 . 2011-04-25 02:34	499200	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-15 17:46 . 2011-04-29 03:06	467456	----a-w-	c:\windows\system32\drivers\srv.sys
2011-06-15 17:46 . 2011-04-29 03:05	410112	----a-w-	c:\windows\system32\drivers\srv2.sys
2011-06-15 17:46 . 2011-04-29 03:05	168448	----a-w-	c:\windows\system32\drivers\srvnet.sys
2011-06-15 17:45 . 2011-02-25 06:22	861696	----a-w-	c:\windows\system32\oleaut32.dll
2011-06-15 17:45 . 2011-02-25 05:34	571904	----a-w-	c:\windows\SysWow64\oleaut32.dll
2011-06-15 17:45 . 2011-05-03 05:29	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-15 17:45 . 2011-05-03 04:30	741376	----a-w-	c:\windows\SysWow64\inetcomm.dll
2011-06-11 23:30 . 2011-06-11 23:30	--------	d-----w-	c:\users\Carsten\AppData\Local\CrashRpt
2011-06-11 13:34 . 2011-06-11 13:34	--------	d-----w-	c:\program files (x86)\Activision
2011-06-10 19:18 . 2011-06-10 19:18	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-10 19:18 . 2011-06-10 19:18	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2011-06-07 14:57 . 2010-10-27 02:43	110592	----a-w-	c:\windows\system32\rtvcvfw32.dll
2011-06-07 14:57 . 2011-06-16 14:54	--------	d-----w-	c:\program files (x86)\MSI Afterburner
2011-06-06 20:54 . 2011-06-06 20:54	--------	d-----w-	c:\program files (x86)\Lavalys
2011-06-06 19:49 . 2011-06-06 19:49	--------	d-----w-	c:\users\Carsten\AppData\Roaming\ATI
2011-06-06 19:49 . 2011-06-06 19:49	--------	d-----w-	c:\users\Carsten\AppData\Local\ATI
2011-06-06 19:48 . 2011-06-06 19:48	0	----a-w-	c:\windows\ativpsrm.bin
2011-06-06 19:44 . 2011-06-06 19:44	--------	d-----w-	c:\program files\ATI
2011-06-06 19:43 . 2011-06-06 19:43	--------	d-----w-	C:\ATI
2011-06-06 19:33 . 2011-05-09 22:00	8718160	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{02F60189-E6A1-4935-B27B-0D409551A5F2}\mpengine.dll
2011-06-06 15:06 . 2011-06-06 15:06	--------	d-----w-	c:\programdata\NVIDIA Corporation
2011-05-28 18:52 . 2011-06-26 14:09	--------	d-----w-	c:\users\Carsten\AppData\Roaming\go
2011-05-28 18:52 . 2011-06-26 14:09	--------	d-----w-	c:\programdata\Easybits GO
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-25 04:26 . 2011-05-25 04:26	9359872	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53	23336960	----a-w-	c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31	17940992	----a-w-	c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07	151552	----a-w-	c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2011-04-20 02:09	688128	----a-w-	c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2011-04-20 02:07	811008	----a-w-	c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-05-25 03:04	462848	----a-w-	c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04	485376	----a-w-	c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03	204288	----a-w-	c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02	120320	----a-w-	c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-05-25 03:02	423424	----a-w-	c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02	356352	----a-w-	c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02	278528	----a-w-	c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01	16384	----a-w-	c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01	59392	----a-w-	c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01	43520	----a-w-	c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00	1113088	----a-w-	c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59	1828864	----a-w-	c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-05-25 02:59	3810816	----a-w-	c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-04-20 01:59	4219904	----a-w-	c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2011-04-20 01:30	4017152	----a-w-	c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2011-04-20 01:49	5008384	----a-w-	c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47	51200	----a-w-	c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47	46080	----a-w-	c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47	44544	----a-w-	c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47	44032	----a-w-	c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47	8489472	----a-w-	c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43	6847488	----a-w-	c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2011-04-20 01:38	4330496	----a-w-	c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38	53760	----a-w-	c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38	53760	----a-w-	c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38	52736	----a-w-	c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38	52736	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-05-25 02:33	5486592	----a-w-	c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-05-25 02:26	366592	----a-w-	c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26	262144	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26	14848	----a-w-	c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26	12800	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26	12800	----a-w-	c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25	39936	----a-w-	c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25	32768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25	309760	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2011-04-20 01:21	40960	----a-w-	c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-04-20 01:21	31744	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-04-20 01:21	38912	----a-w-	c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2011-04-20 01:21	29184	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24	53248	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2011-04-20 01:27	58880	----a-w-	c:\windows\system32\coinst.dll
2011-05-24 21:44 . 2011-05-24 21:44	61952	----a-w-	c:\windows\system32\OVDecode64.dll
2011-05-24 21:44 . 2011-05-24 21:44	59904	----a-w-	c:\windows\SysWow64\OVDecode.dll
2011-05-24 21:44 . 2011-05-24 21:44	16672768	----a-w-	c:\windows\system32\amdocl64.dll
2011-05-24 21:43 . 2011-05-24 21:43	12798976	----a-w-	c:\windows\SysWow64\amdocl.dll
2011-05-05 00:39 . 2011-05-05 00:39	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-05 00:39 . 2011-05-05 00:39	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2011-05-05 00:39 . 2011-05-05 00:39	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2011-05-05 00:39 . 2011-05-05 00:39	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2011-05-05 00:39 . 2011-05-05 00:39	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-05 00:39 . 2011-05-05 00:39	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2011-05-05 00:39 . 2011-05-05 00:39	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2011-05-05 00:39 . 2011-05-05 00:39	367104	----a-w-	c:\windows\SysWow64\html.iec
2011-05-05 00:39 . 2011-05-05 00:39	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2011-05-05 00:39 . 2011-05-05 00:39	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2011-05-05 00:39 . 2011-05-05 00:39	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2011-05-05 00:39 . 2011-05-05 00:39	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2011-05-05 00:39 . 2011-05-05 00:39	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2011-05-05 00:39 . 2011-05-05 00:39	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2011-05-05 00:39 . 2011-05-05 00:39	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2011-05-05 00:39 . 2011-05-05 00:39	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2011-05-05 00:39 . 2011-05-05 00:39	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2011-05-05 00:39 . 2011-05-05 00:39	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2011-05-05 00:39 . 2011-05-05 00:39	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2011-05-05 00:39 . 2011-05-05 00:39	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2011-05-05 00:39 . 2011-05-05 00:39	222208	----a-w-	c:\windows\system32\msls31.dll
2011-05-05 00:39 . 2011-05-05 00:39	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2011-05-05 00:39 . 2011-05-05 00:39	1389056	----a-w-	c:\windows\system32\wininet.dll
2011-05-05 00:39 . 2011-05-05 00:39	12288	----a-w-	c:\windows\system32\mshta.exe
2011-05-05 00:39 . 2011-05-05 00:39	114176	----a-w-	c:\windows\system32\admparse.dll
2011-05-05 00:39 . 2011-05-05 00:39	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2011-05-05 00:39 . 2011-05-05 00:39	49664	----a-w-	c:\windows\system32\imgutil.dll
2011-05-05 00:39 . 2011-05-05 00:39	48640	----a-w-	c:\windows\system32\mshtmler.dll
2011-05-05 00:39 . 2011-05-05 00:39	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2011-05-05 00:39 . 2011-05-05 00:39	111616	----a-w-	c:\windows\system32\iesysprep.dll
2011-05-05 00:39 . 2011-05-05 00:39	85504	----a-w-	c:\windows\system32\iesetup.dll
2011-05-05 00:39 . 2011-05-05 00:39	76800	----a-w-	c:\windows\system32\tdc.ocx
2011-05-05 00:39 . 2011-05-05 00:39	448512	----a-w-	c:\windows\system32\html.iec
2011-05-05 00:38 . 2011-05-05 00:38	603648	----a-w-	c:\windows\system32\vbscript.dll
2011-05-05 00:38 . 2011-05-05 00:38	30720	----a-w-	c:\windows\system32\licmgr10.dll
2011-05-05 00:38 . 2011-05-05 00:38	165888	----a-w-	c:\windows\system32\iexpress.exe
2011-05-05 00:38 . 2011-05-05 00:38	160256	----a-w-	c:\windows\system32\wextract.exe
2011-05-05 00:38 . 2011-05-05 00:38	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2011-05-05 00:18 . 2009-07-14 02:36	175616	----a-w-	c:\windows\system32\msclmd.dll
2011-05-05 00:18 . 2009-07-14 02:36	152576	----a-w-	c:\windows\SysWow64\msclmd.dll
2011-05-04 23:27 . 2011-05-04 23:27	51712	----a-w-	c:\windows\SysWow64\OpenCL.dll
2011-05-04 02:52 . 2011-05-04 14:24	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-05-02 11:54 . 2010-05-29 12:28	270408	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2011-05-02 11:54 . 2010-05-29 12:15	270408	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2011-04-26 21:04 . 2010-05-29 12:15	215128	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2011-04-22 22:15 . 2011-05-24 20:00	27520	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-04-19 20:10 . 2011-04-19 20:10	53760	----a-w-	c:\windows\system32\OpenCL.dll
2011-04-13 22:40 . 2011-04-13 22:40	4284416	----a-w-	c:\windows\SysWow64\GPhotos.scr
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"rfxsrvtray"="f:\tobit radio.fx\Client\rfx-tray.exe" [2010-01-13 686344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2006-12-06 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"RCSystem"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2006-11-22 57344]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"CTHelper"="CTHELPER.EXE" [2007-03-05 19456]
"AudioDrvEmulator"="c:\program files (x86)\Creative\Shared Files\Module Loader\DLLML.exe" [2006-11-22 57344]
"AsioThk32Reg"="CTASIO.DLL" [2010-05-05 51712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-24 336384]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-05-10 3459712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbam.exe" [2011-05-29 1047656]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CtxfiReg"="CTXFIREG.exe" [2010-05-05 47104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-2-18 1207312]
Radio.fx.LNK - f:\tobit radio.fx\Client\rfx-client.exe [2010-2-19 6644056]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-21 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-07-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-07-08 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Carsten\AppData\Local\Temp\EverestDriver.sys [x]
R3 G Data Tuner Service;G Data Tuner Service;c:\program files (x86)\G Data\TotalCare\AVKTuner\AVKTunerService.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-21 136176]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2010-05-27 14648]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-09-21 1957672]
R4 TunngleService;TunngleService;f:\progs\Tunngle\TnglCtrl.exe [2010-07-06 716024]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 366640]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 Radio.fx;Radio.fx Server;f:\tobit radio.fx\Server\rfx-server.exe [2011-06-03 3608920]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-07 378472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
S3 VCSVADHWSer;Avnex Virtual Audio Device (WDM);c:\windows\system32\DRIVERS\vcsvad.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-21 20:21]
.
2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-21 20:21]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10	134384	----a-w-	c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-12-10 415752]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-12-10 4271624]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-12-10 2093064]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\Carsten\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Carsten\AppData\Roaming\Mozilla\Firefox\Profiles\4xv1qzb0.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Pizza Syndicate - f:\spiele\Pizza Syndicate\AUTORUN.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,45,93,f2,f9,2d,d8,42,ab,b1,89,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,5e,45,93,f2,f9,2d,d8,42,ab,b1,89,\
.
[HKEY_USERS\S-1-5-21-2446120390-1556055472-141581609-1001\Software\SecuROM\License information*]
"datasecu"=hex:b7,17,8a,ee,a2,76,00,8f,c8,9b,b6,5c,e3,9f,ee,a2,63,98,84,16,b3,
   88,a6,94,d9,23,db,b0,69,e8,03,27,83,c8,b2,0a,ba,05,e1,e0,06,e9,b9,68,b7,ec,\
"rkeysecu"=hex:f4,c5,da,2f,e0,71,c6,dd,c4,39,4d,e4,17,48,42,e2
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-06-26  16:42:59
ComboFix-quarantined-files.txt  2011-06-26 14:42
.
Vor Suchlauf: 11 Verzeichnis(se), 172.202.401.792 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 172.243.562.496 Bytes frei
.
- - End Of File - - 2C6E0238A516F69093D1669A526CB403
         

Alt 26.06.2011, 15:58   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.06.2011, 17:08   #9
Quixot
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Hier erst mal das MBAM Log:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6954

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

26.06.2011 17:30:39
mbam-log-2011-06-26 (17-30-39).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|G:\|)
Durchsuchte Objekte: 342891
Laufzeit: 27 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
Hier SAS:
Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/26/2011 at 06:55 PM

Application Version : 4.54.1000

Core Rules Database Version : 7329
Trace Rules Database Version: 5141

Scan type       : Complete Scan
Total Scan Time : 01:17:00

Memory items scanned      : 816
Memory threats detected   : 0
Registry items scanned    : 13686
Registry threats detected : 0
File items scanned        : 167847
File threats detected     : 16

Adware.Tracking Cookie
	C:\Users\Carsten\AppData\Roaming\Microsoft\Windows\Cookies\carsten@doubleclick[8].txt
	cdn5.specificclick.net [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	games.adultswim.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	i.adultswim.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	icq.oberon-media.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	media.kyte.tv [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	media.mtvnservices.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	media.scanscout.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	media.xfire.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	media1.break.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	oddcast.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	richmedia.coolespiele.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	secure-uk.imrworldwide.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	secure-us.imrworldwide.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]
	www.99counters.com [ C:\Users\Carsten\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\5HFRRXWC ]

Trojan.Agent/Gen-Falcomp[RE]
	C:\WINDOWS\SYSWOW64\MSEXCH407.DLL
         
Trotzdem keinem Fund, lässt sich das Sicherheitscenter nicht aktivieren!
Das Forum ist super
Danke!
Eset wird auch noch gemacht!

Geändert von Quixot (26.06.2011 um 18:06 Uhr)

Alt 27.06.2011, 01:34   #10
Quixot
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Icon22

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Zu später Stunde das Eset-log =)
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=e4c63ba491754f4689f481446e67328a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-26 08:42:07
# local_time=2011-06-26 10:42:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4096 16777215 100 0 1721152 1721152 0 0
# compatibility_mode=5893 16776574 100 94 1723195 60745485 0 0
# compatibility_mode=8192 67108863 100 0 7426 7426 0 0
# scanned=179243
# found=0
# cleaned=0
# scan_time=5292
         
Allerdings immer noch die Meldung, dass Der Windows-Sicherheitscenterdienst nicht gestartet werden kann, obwohl der kurzzeitig mal ging, aber nur bis ich einen Neustart gemacht habe :/
MfG
Carsten

Alt 27.06.2011, 10:08   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Zitat:
C:\WINDOWS\SYSWOW64\MSEXCH407.DLL
Bitte bei uns mal hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.06.2011, 10:55   #12
Quixot
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Ehm, die gibt es nicht o.O
es gibt nur eine die MSEXCH40.DLL heißt :/

Alt 27.06.2011, 11:09   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Hast du es mit SUPERAntiSpyware schon entfernt?
War wohl auch nur ein Überrest.
Rechner ansonsten wieder im Lot?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.06.2011, 11:11   #14
Quixot
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Kann sein, dann müsste das aber doch im Log stehen oder? Hmm
Hmm das Sicherheitscenter lässt sich immer noch nicht aktivieren...

Alt 27.06.2011, 11:13   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Standard

Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba



Welche Fehlermeldung kommt denn wenn du den Dienst starten willst?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba
64-bit, 7-zip, alternate, audacity, c:\windows\system32\rundll32.exe, call of duty, deaktiviert, funktioniert, google redirect, hijack.zones, install.exe, langs, launch, league of legends, nicht mehr, nicht starten, nvidia update, plug-in, quarantäne, required, searchplugins, shortcut, spielen, sptd.sys, start menu, syswow64, taskmanager, trojan.agent/gen-falcomp[re], trojan.downloader, trojan.fakealert, trojan.fakealert.sa, trojan.fraudpack, trojan.fraudpack.gen



Ähnliche Themen: Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba


  1. Windows 8.1 schwarzer Desktop/keine Icons/keine Taskleiste + kleine andere Probleme
    Plagegeister aller Art und deren Bekämpfung - 02.02.2015 (17)
  2. Ändern von Icons von geöffneten Fenstern in der Taskleiste
    Alles rund um Windows - 12.08.2014 (3)
  3. Windows 7: Sidebar korrupt, Google beklagt temporär 'automated queries', temporäre Internetaussetzer
    Log-Analyse und Auswertung - 30.11.2013 (9)
  4. Google Redirect & Windows Sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 31.07.2013 (20)
  5. google redirect & windows-sicherheitscenterdienst nicht aktivierbar
    Log-Analyse und Auswertung - 28.06.2013 (25)
  6. Google Redirect Virus und Windows Sicherheitscenter deaktiviert und lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 10.03.2013 (16)
  7. google redirect , windows-sicherheitscenter lässt sich nicht aktivieren
    Log-Analyse und Auswertung - 05.01.2012 (2)
  8. Google Redirect / Goingonearth Virus
    Plagegeister aller Art und deren Bekämpfung - 02.08.2011 (13)
  9. Google-Umleitungen in IE und Firefox (goingonearth), Sicherheitscenter nicht aktivierbar
    Log-Analyse und Auswertung - 30.07.2011 (16)
  10. Google Redirect Virus "GoingonEarth"
    Plagegeister aller Art und deren Bekämpfung - 30.07.2011 (4)
  11. goingonearth Redirect & Windows Sicherheitscenter deaktiviert
    Log-Analyse und Auswertung - 21.06.2011 (24)
  12. Goingonearth redirect und Sicherheitscenter-Deaktivierung
    Log-Analyse und Auswertung - 13.06.2011 (4)
  13. Trojaner Kargany mit Win Security Essentials auf Win7 / goingonearth redirect
    Plagegeister aller Art und deren Bekämpfung - 17.05.2011 (3)
  14. Taskleiste & Desktop Icons verschwunden und Firefoxprobleme
    Plagegeister aller Art und deren Bekämpfung - 28.04.2011 (15)
  15. Google Redirect Virus "goingonearth" - wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (25)
  16. Keine Taskleiste&Icons
    Log-Analyse und Auswertung - 27.02.2007 (1)
  17. Icons verschwinden aus der Taskleiste ...?
    Alles rund um Windows - 16.10.2006 (1)

Zum Thema Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba - Erst mal einen schönen Abend... oder Morgen je nach dem Habe mir heute irgendwo her einen schönen Virus eingehandelt. Es begann damit, dass meine Sidebar mit Wetter App und Leo - Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba...
Archiv
Du betrachtest: Google Redirect Goingonearth, Windows Sidebar kaputt und Anfangs Icons der Taskleiste nicht benutzba auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.