Nach vermutlichem Virus Befall Daten weg !

cosinus · 11.09.2011, 15:26

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL-Custom:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Nico9 · 11.09.2011, 16:09

So hier OTL
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 11.09.2011 16:55:53 - Run 1
OTL by OldTimer - Version 3.2.27.0     Folder = C:\Users\Nico Fuhrmann\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 64,98% Memory free
6,19 Gb Paging File | 5,19 Gb Available in Paging File | 83,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456,93 Gb Total Space | 264,86 Gb Free Space | 57,96% Space Free | Partition Type: NTFS
Drive D: | 458,58 Gb Total Space | 458,22 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive E: | 6,48 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive J: | 998,10 Mb Total Space | 911,46 Mb Free Space | 91,32% Space Free | Partition Type: FAT32
 
Computer Name: NICOFUHRMANN-PC | User Name: Nico Fuhrmann | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.11 16:54:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Users\Nico Fuhrmann\Downloads\OTL.exe
PRC - [2011.06.28 17:16:15 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.25 09:25:02 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.03.28 20:31:16 | 000,193,920 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2011.03.28 16:15:17 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.28 16:14:56 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.08.22 14:10:38 | 000,438,399 | ---- | M] (Creative Technology Ltd.) -- C:\Programme\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe
PRC - [2008.08.06 17:00:00 | 000,028,672 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\V0415Mon.exe
PRC - [2008.03.26 13:21:30 | 005,369,856 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.29 12:25:10 | 000,598,016 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
PRC - [2008.01.29 12:24:46 | 000,163,840 | ---- | M] () -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.07 17:59:41 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.28 17:16:15 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.25 09:24:45 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.04.15 11:43:20 | 002,280,312 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.03.28 16:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.01.29 12:25:10 | 000,598,016 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.01.29 12:24:46 | 000,163,840 | ---- | M] () [Auto | Running] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.06.28 17:16:16 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 17:16:16 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.05.28 10:49:40 | 000,218,688 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011.05.25 09:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011.05.25 09:24:42 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.10 20:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010.02.17 20:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008.08.14 03:00:00 | 000,282,464 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\V0415Vid.sys -- (V0415Vid)
DRV - [2008.08.12 15:50:36 | 000,135,616 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008.01.29 13:55:00 | 001,042,464 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 16:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.01.15 17:57:08 | 000,031,616 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\livecamv.sys -- (RLDesignVirtualAudioCableWdm)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2828561
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Uptodown EN Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2828561&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.07 13:28:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.28 10:35:46 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Extensions
[2011.09.02 23:16:37 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Firefox\Profiles\m01tzwhl.default\extensions
[2011.08.19 15:21:16 | 000,000,000 | -H-D | M] (Uptodown EN Community Toolbar) -- C:\Users\Nico Fuhrmann\AppData\Roaming\mozilla\Firefox\Profiles\m01tzwhl.default\extensions\{40f5f417-32bb-4296-9446-c1e0094e7d82}
[2011.08.14 14:54:56 | 000,000,925 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla\Firefox\Profiles\m01tzwhl.default\searchplugins\conduit.xml
[2011.08.12 14:13:02 | 000,010,525 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla\Firefox\Profiles\m01tzwhl.default\searchplugins\gmx-suche.xml
[2011.06.03 15:48:27 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.06.03 15:48:28 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.05.30 01:30:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\NICO FUHRMANN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\M01TZWHL.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2011.05.30 14:34:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011.09.07 13:28:08 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.06.25 23:20:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.06.25 23:20:04 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.06.25 23:20:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.25 23:20:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.06.25 23:20:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.06.25 23:20:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Uptodown EN Toolbar) - {40f5f417-32bb-4296-9446-c1e0094e7d82} - C:\Programme\Uptodown_EN\prxtbUpto.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Live! Central] C:\Program Files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [V0415Mon.exe] C:\Windows\V0415Mon.exe (Creative Technology Ltd.)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [otpi.exe]  File not found
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Programme\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5D766E25-2E55-4E02-8688-54242078D464}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell - "" = AutoRun
O33 - MountPoints2\{2ea31e79-8901-11e0-92d1-001d72b07da0}\Shell\AutoRun\command - "" = I:\Installer.EXE
O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell - "" = AutoRun
O33 - MountPoints2\{e17d0521-8931-11e0-a301-001d72b07da0}\Shell\AutoRun\command - "" = 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Nico Fuhrmann^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
MsConfig - StartUpReg: Steam - hkey= - key= - C:\Program Files\Steam\Steam.exe (Valve Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SUPERAntiSpyware - hkey= - key= - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
MsConfig - StartUpReg: V0415Mon.exe - hkey= - key= - C:\Windows\V0415Mon.exe (Creative Technology Ltd.)
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.11 16:34:12 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Malwarebytes
[2011.09.11 16:33:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.09.11 16:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.11 16:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.11 16:33:54 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.11 16:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.09 21:07:46 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\Documents\4A Games
[2011.09.09 21:05:22 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\4A Games
[2011.09.09 21:05:00 | 000,000,000 | ---D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\NVIDIA
[2011.09.09 15:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2011.09.08 20:04:07 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Recovery
[2011.09.08 19:03:30 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Application Data
[2011.09.07 13:28:28 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{49C823BE-FD81-4253-AA77-AC22347DA7E0}
[2011.09.07 13:28:23 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{CB30E6B2-77F2-4A83-BBBB-3032E929B083}
[2011.09.02 14:17:25 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{0CC73F31-3918-4E0C-8731-15F6033BCA50}
[2011.09.02 14:17:14 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E68623EB-F4FB-4077-AC12-B74F49A131CC}
[2011.08.31 16:35:10 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Roaming\dvdcss
[2011.08.31 15:31:37 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{69F8C1CF-7BE3-4E67-82AA-C08BC3C2C200}
[2011.08.31 15:31:15 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{A84E3DF6-2373-4867-85C9-B1E8A97B5445}
[2011.08.28 19:45:16 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D93E8B31-CC97-4704-A52E-963426C0A598}
[2011.08.28 19:45:09 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E845B27F-657A-4E64-88CA-09AC1BA9431E}
[2011.08.22 14:34:30 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D0FBA9A0-860A-457A-AC2A-2CBBA542B70B}
[2011.08.22 14:34:13 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{01BD0AB0-6368-4515-ABC5-68E4F1BFB04E}
[2011.08.21 02:06:16 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{785A7B8C-F156-48A2-91FB-FDC75C96F1AC}
[2011.08.21 02:06:12 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{58E8EB75-7992-4A92-BD4F-429FAFAC7899}
[2011.08.20 17:13:48 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Documents\Sniper - Ghost Warrior
[2011.08.20 09:25:08 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{4E226090-A018-4874-9B53-F24BA9E2E62C}
[2011.08.20 09:25:03 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{CE10E8F8-22FF-4433-97B6-1CC8465C14EF}
[2011.08.19 15:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011.08.19 15:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine
[2011.08.19 15:21:04 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\Conduit
[2011.08.19 15:21:04 | 000,000,000 | ---D | C] -- C:\Program Files\Uptodown_EN
[2011.08.19 14:34:13 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{14D9D4A1-FD2D-424A-BE7D-E8AB87A3D50A}
[2011.08.19 14:34:04 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D58EB78D-4832-40B3-8A19-6DFB0E688652}
[2011.08.18 15:53:05 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{3C261A65-4E33-446E-8AFD-DFDB35755740}
[2011.08.18 15:53:01 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{FF9F340E-0404-4C42-82D9-5A914D1D4666}
[2011.08.17 13:30:47 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D713ABFA-D5D2-4FE2-990C-194EC56B5A7B}
[2011.08.17 13:30:42 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{19ACA745-D3F5-4733-A7EA-2DA7ABF32116}
[2011.08.16 13:03:02 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{5B4563CF-0CCD-4391-A017-B179650CFD86}
[2011.08.16 13:02:58 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{ED005C13-F2F6-48BC-86F7-2AC298E9D68A}
[2011.08.15 22:10:09 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\Desktop\Neuer Ordner (5)
[2011.08.15 15:54:26 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{FDF1D66A-BC20-4A68-AD45-579B72A81041}
[2011.08.15 15:54:18 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{07F9B0C9-6CA6-4E78-AF24-E3ADEE8C5662}
[2011.08.14 10:10:32 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{E81E21ED-8F2B-4282-8984-701FA747219B}
[2011.08.14 10:10:28 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{4D7BED63-5F77-407F-B40F-018B80F230D8}
[2011.08.13 20:49:20 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{D1F7F5E1-BEF4-4A84-AA05-00B1F4CD0940}
[2011.08.13 20:49:15 | 000,000,000 | -H-D | C] -- C:\Users\Nico Fuhrmann\AppData\Local\{A05AE64E-2B5A-4B34-84DB-4F7813A71A49}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.11 16:50:12 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.11 16:50:02 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.11 16:50:02 | 000,004,848 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.11 16:50:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.11 16:49:57 | 3219,615,744 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.11 16:34:00 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.11 16:30:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.11 12:06:18 | 000,065,198 | ---- | M] () -- C:\Users\Nico Fuhrmann\Desktop\t150.jpg
[2011.09.11 12:05:53 | 000,036,879 | ---- | M] () -- C:\Users\Nico Fuhrmann\Desktop\m146.jpg
[2011.09.08 20:04:07 | 000,000,611 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk
[2011.09.08 20:04:07 | 000,000,216 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.09.08 20:04:07 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.09.08 20:04:05 | 000,000,344 | -H-- | M] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.09.05 19:43:08 | 000,006,467 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\309538_254104091290415_100000724780132_841568_585936_s.jpg
[2011.09.04 22:17:05 | 000,160,501 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\mona-lisa.jpg
[2011.09.04 09:46:29 | 000,034,129 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Winterjam.jpg
[2011.09.03 11:20:39 | 007,605,760 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Türke türke.mp3
[2011.09.03 10:32:04 | 000,132,916 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011609.JPG
[2011.09.02 17:35:20 | 001,773,639 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011608.JPG
[2011.09.02 17:34:32 | 001,824,895 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02092011607.JPG
[2011.09.02 14:23:28 | 000,039,401 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\275105_100001592077413_7899947_n.jpg
[2011.09.01 09:11:30 | 002,024,495 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\01092011008.JPG
[2011.09.01 09:11:06 | 002,118,059 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\01092011007.JPG
[2011.08.31 18:54:28 | 000,638,972 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.08.31 18:54:28 | 000,604,566 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.08.31 18:54:28 | 000,130,818 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.08.31 18:54:28 | 000,107,898 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.08.31 15:38:30 | 000,231,848 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Stammkurs, frau otto.JPG
[2011.08.31 08:03:30 | 002,693,628 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\31082011599.JPG
[2011.08.30 21:21:43 | 000,210,106 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\BaugnezCrossroads1.JPG
[2011.08.27 18:27:54 | 000,018,944 | -H-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.24 18:52:09 | 000,260,747 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\fisher_f75_pic.jpg
[2011.08.20 16:26:54 | 000,000,215 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\Sniper Ghost Warrior.url
[2011.08.18 19:36:38 | 000,664,847 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Documents\Foto0418.jpg
[2011.08.18 19:09:54 | 000,233,489 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\9_c___Herr_Meier.JPG
[2011.08.16 18:50:49 | 000,654,342 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Documents\DSC03494-.jpg
[2011.08.15 22:21:58 | 000,081,136 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\02082011509.JPG
[2011.08.15 22:02:40 | 000,076,930 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\band_of_brothers_wallpaper_1280x1024_6.jpg
[2011.08.13 23:15:26 | 000,055,716 | -H-- | M] () -- C:\Users\Nico Fuhrmann\Desktop\13082011547.JPG
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.09.11 16:34:00 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.10 18:09:08 | 000,036,879 | ---- | C] () -- C:\Users\Nico Fuhrmann\Desktop\m146.jpg
[2011.09.10 18:06:24 | 000,065,198 | ---- | C] () -- C:\Users\Nico Fuhrmann\Desktop\t150.jpg
[2011.09.08 20:04:07 | 000,000,611 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\System Recovery.lnk
[2011.09.08 20:04:07 | 000,000,216 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fz
[2011.09.08 20:04:07 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~P1kAlMiG2Kb7Fzr
[2011.09.08 20:04:05 | 000,000,344 | -H-- | C] () -- C:\ProgramData\P1kAlMiG2Kb7Fz
[2011.09.05 19:43:07 | 000,006,467 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\309538_254104091290415_100000724780132_841568_585936_s.jpg
[2011.09.04 22:17:04 | 000,160,501 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\mona-lisa.jpg
[2011.09.04 09:44:23 | 000,034,129 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Winterjam.jpg
[2011.09.03 11:20:28 | 007,605,760 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Türke türke.mp3
[2011.09.03 10:09:34 | 001,824,895 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011607.JPG
[2011.09.03 10:09:34 | 001,773,639 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011608.JPG
[2011.09.03 10:09:34 | 000,132,916 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\02092011609.JPG
[2011.09.02 14:20:15 | 000,039,401 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\275105_100001592077413_7899947_n.jpg
[2011.09.01 19:12:34 | 002,118,059 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\01092011007.JPG
[2011.09.01 19:12:31 | 002,024,495 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\01092011008.JPG
[2011.08.31 15:33:08 | 000,231,848 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Stammkurs, frau otto.JPG
[2011.08.31 15:33:01 | 002,693,628 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\31082011599.JPG
[2011.08.24 18:52:07 | 000,260,747 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\fisher_f75_pic.jpg
[2011.08.20 16:26:54 | 000,000,215 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\Sniper Ghost Warrior.url
[2011.08.18 19:36:27 | 000,664,847 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Documents\Foto0418.jpg
[2011.08.18 19:09:52 | 000,233,489 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\9_c___Herr_Meier.JPG
[2011.08.16 18:50:37 | 000,654,342 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Documents\DSC03494-.jpg
[2011.08.15 22:02:26 | 000,076,930 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\band_of_brothers_wallpaper_1280x1024_6.jpg
[2011.08.13 23:13:52 | 000,055,716 | -H-- | C] () -- C:\Users\Nico Fuhrmann\Desktop\13082011547.JPG
[2011.07.08 15:45:55 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.06.25 15:20:43 | 000,031,616 | ---- | C] () -- C:\Windows\System32\drivers\livecamv.sys
[2011.06.22 14:57:52 | 000,139,224 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.06.22 14:57:52 | 000,022,328 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\PnkBstrK.sys
[2011.06.22 14:57:37 | 000,183,152 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.06.22 14:57:33 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2011.06.22 14:57:33 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.06.11 03:04:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.06.10 18:17:50 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.10 18:17:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.06.03 15:49:27 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.05.28 12:57:04 | 000,000,425 | -H-- | C] () -- C:\Windows\BRWMARK.INI
[2011.05.28 12:57:04 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.05.28 10:48:08 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.05.28 10:18:59 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2011.05.28 10:18:59 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2011.05.28 10:18:59 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2011.05.28 09:57:54 | 000,003,948 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2011.05.27 21:10:51 | 000,018,944 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.27 20:44:18 | 000,000,680 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\d3d9caps.dat
[2011.05.24 13:03:24 | 000,276,232 | -H-- | C] () -- C:\Users\Nico Fuhrmann\AppData\Local\ConduitInstaller.exe
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2006.11.02 17:33:31 | 000,638,972 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,130,818 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,276,712 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,604,566 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,107,898 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
 
========== LOP Check ==========
 
[2011.07.13 13:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\BOM
[2011.05.28 10:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\DAEMON Tools Lite
[2011.09.04 03:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\ICQ
[2011.07.08 17:03:13 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap
[2011.05.28 17:12:48 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\IrfanView
[2011.07.28 08:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Irub
[2011.07.12 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky
[2011.07.28 22:30:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx
[2011.05.30 01:36:44 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\OpenOffice.org
[2011.06.04 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\TubeBox
[2011.09.11 16:46:25 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.06.03 13:07:58 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Adobe
[2011.05.28 12:53:33 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Avira
[2011.07.13 13:38:17 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\BOM
[2011.07.27 13:10:39 | 000,000,000 | RH-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Brother
[2011.06.25 15:46:59 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Creative
[2011.05.28 10:51:53 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\DAEMON Tools Lite
[2011.08.31 16:35:10 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\dvdcss
[2011.09.04 03:13:41 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\ICQ
[2011.05.27 20:44:22 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Identities
[2011.07.08 17:03:13 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Igdoap
[2011.06.25 15:20:04 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\InstallShield
[2011.05.28 17:12:48 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\IrfanView
[2011.07.28 08:31:12 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Irub
[2011.07.12 09:00:35 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Koagky
[2011.05.28 14:11:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Macromedia
[2011.09.11 16:34:12 | 000,000,000 | ---D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Media Center Programs
[2011.09.08 19:03:31 | 000,000,000 | --SD | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft
[2011.05.28 10:35:46 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Mozilla
[2011.07.28 22:30:24 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Niopx
[2011.09.09 21:05:00 | 000,000,000 | ---D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\NVIDIA
[2011.05.30 01:36:44 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\OpenOffice.org
[2011.09.11 16:53:08 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\Skype
[2011.07.03 11:06:03 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\skypePM
[2011.05.28 17:09:10 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\SUPERAntiSpyware.com
[2011.06.04 22:16:26 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\TubeBox
[2011.06.18 14:33:56 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\vlc
[2011.07.08 01:25:16 | 000,000,000 | -H-D | M] -- C:\Users\Nico Fuhrmann\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.06.04 22:16:05 | 000,010,134 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe
[2011.06.04 22:16:05 | 000,034,494 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe
[2011.06.04 22:16:05 | 000,355,574 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe
[2011.06.04 22:16:05 | 000,080,992 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe
[2011.06.04 22:16:05 | 000,355,574 | RH-- | M] () -- C:\Users\Nico Fuhrmann\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2011.05.28 14:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2011.05.28 14:25:13 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2011.05.28 14:25:12 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2008.01.25 20:02:04 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=7DF63192BCF9C20EC2F7492E7F7544F9 -- C:\Windows\Temp\chipset_x86\IDE\WinVista\sataraid\nvstor32.sys
[2008.01.25 20:02:02 | 000,140,832 | ---- | M] (NVIDIA Corporation) MD5=FA7B8ECA6E845B244B7E30A9DCD82C6C -- C:\Windows\Temp\chipset_x86\IDE\WinVista\sata_ide\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2011.05.28 12:56:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2011.05.28 12:56:58 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 09:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2008.01.19 09:34:08 | 000,347,136 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2008.01.19 09:34:08 | 000,214,528 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
 
<           >

< End of report >

--- --- ---

Und Malwarebytes:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7695

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

11.09.2011 16:45:39
mbam-log-2011-09-11 (16-45-39).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 185214
Laufzeit: 5 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2F7ZUJ7G4IWWUF6VXQBJIKHST (Trojan.Agent) -> Value: 2F7ZUJ7G4IWWUF6VXQBJIKHST -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\xINAfOOBcRr (Trojan.FakeAlert) -> Value: xINAfOOBcRr -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4E3E0230AEBB4E96 (Trojan.SpyEyes) -> Value: 4E3E0230AEBB4E96 -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
c:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Infizierte Dateien:
c:\systemdata\217fa966b37.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\programdata\xinafoobcrr.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\programdata\p1kalmig2kb7fz.exe (Rogue.FakeHDD) -> Quarantined and deleted successfully.
c:\Users\nico fuhrmann\AppData\Local\Temp\2B2.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\nico fuhrmann\AppData\Local\Temp\audio_drivers_update_utility.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\nico fuhrmann\AppData\Local\Temp\tmpEDFA.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\nico fuhrmann\AppData\Local\Temp\0.0953075560232346.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
c:\Recycle.Bin\48d2f5e4efb28b3 (Trojan.Spyeyes) -> Quarantined and deleted successfully.
c:\Recycle.Bin\config.bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

Nach vermutlichem Virus Befall Daten weg !

Plagegeister aller Art und deren Bekämpfung: Nach vermutlichem Virus Befall Daten weg !

Nach vermutlichem Virus Befall Daten weg !

Nach vermutlichem Virus Befall Daten weg !

Ähnliche Themen: Nach vermutlichem Virus Befall Daten weg !