Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Viren Yabectot, Malware-gen, GenericBT beseitigt?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 13.09.2011, 12:01   #1
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Ich habe bei einem Virensuchlauf mit Avast!free 6 Virenfunde angezeigt bekommen - erstmalig. Das Avast-Programm hat vorgeschlagen, eine "Startzeit-Prüfung" durchzuführen, also vor dem Starten des Windows-Vista-Betriebssystems nach Viren zu suchen.
Dabei wurden gefunden:
"eBaysShurtcuts.exe ist infiziert von Win32:Yabector"

Vor Schreck habe ich hier "löschen" löschen gewählt

Außerdem habe ich dann in den Virencontainer von Avast verschoben und isoliert:
Malware-gen
Name:38870422-76a11923
Ursprünglicher Ort: C:\User\a\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34

Malware-gen
VBGScan.zip
C:\Program Files

Malware-gen
auf einer externen Festplatte mit Sicherungen
I:\09.11.09\AppData\local\Temp\Temp1_VBGScan.zip
VBGScan.exe

Ich habe jetzt im abgesicherten Modus Avast! und Spybot sowie Ad-Aware über das System laufen lassen.
Dabei hat Ad-Aware noch
1by1_166.exe
einen kleinen Musikplayer, den ich schon lange nicht mehr genutzt habe, als Schadsoftware gemeldet, so dass ich auch diese Datei in den Container verschoben und isoliert habe.

Avast meldet nun keine Viren mehr. Aber ist das System jetzt sauber?
Ich habe, wie hier empfohlen, defogger laufen lassen,
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:30 on 12/09/2011 (a)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
dann OTL

Code:
ATTFilter
OTL logfile created on: 12.09.2011 19:39:28 - Run 1
OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\a\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 58,86% Memory free
6,69 Gb Paging File | 5,54 Gb Available in Paging File | 82,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,50 Gb Total Space | 665,33 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32
 
Computer Name: A-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe
PRC - [2011.09.12 17:14:31 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.09.12 17:14:31 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2008.09.09 18:32:00 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 01:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2005.01.27 21:48:34 | 000,057,344 | ---- | M] (KYOCERA MITA Corporation) -- C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe
MOD - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.12 17:14:31 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.07.03 10:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2008.09.25 15:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2008.09.22 20:10:00 | 007,400,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.21 11:57:22 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.07 02:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 12:10:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.22 11:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions
[2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.24 17:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions
[2009.09.24 16:43:56 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2010.04.27 15:45:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.04 13:01:16 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008.12.13 18:52:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011.01.02 18:07:03 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2011.08.18 14:41:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 17:52:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.08.11 12:20:47 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\https-everywhere@eff.org
[2010.11.04 14:53:01 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\quickstores@quickstores.de
[2011.09.10 12:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.07 20:55:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.20 13:40:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.18 13:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.06 19:11:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.07.29 16:43:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.28 13:08:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2010.08.01 14:49:17 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.09.09 12:10:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 18:03:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 18:03:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.03.22 18:03:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.22 18:03:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.22 18:03:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.22 18:03:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.02.19 19:06:35 | 000,297,607 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 10280 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (T3ToolbarHelper Class) - {164E93C4-09BF-4647-9E0B-D5FBB1D35E63} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll ()
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DasÖrtliche Toolbar) - {6E5B18CB-0EB6-4461-88B8-33B4683613D5} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launcher] C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe (KYOCERA MITA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C8ED1F3-C984-4D61-A8E2-D71FD759C5F5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB6241D3-9F10-462A-85BB-34F3A7719B35}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE0E0CB-E7E0-4248-AF95-3F2A8DBC94A4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\Shell\AutoRun\command - "" = K:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.12 18:50:33 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe
[2011.09.12 17:12:09 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.09.12 17:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.09.12 17:10:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.28 13:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.28 13:06:18 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe
[2011.05.30 16:17:28 | 003,096,424 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup307.exe
[2011.04.23 14:33:32 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[2011.04.23 13:59:39 | 000,568,648 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe
[2011.04.04 19:24:26 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup305.exe
[2011.03.20 16:06:40 | 000,772,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.performance.exe
[2011.03.20 16:05:43 | 000,772,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.printing.exe
[2011.03.18 13:52:24 | 006,277,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2011.01.26 18:52:49 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup303.exe
[2011.01.13 22:01:31 | 002,827,728 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
[2011.01.06 17:49:33 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2010.12.30 17:03:35 | 004,044,900 | ---- | C] ((c) 2006-2008, Tom Thielicke                                ) -- C:\Program Files\tipp10_win_v2-0-3.exe
[2010.12.20 13:43:43 | 004,750,496 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2010.10.14 21:42:28 | 004,229,377 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitSetup4.0.3.exe
[2010.08.10 16:04:16 | 128,750,008 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareInstall.exe
[2010.05.03 13:02:38 | 005,461,276 | ---- | C] (Igor Pavlov) -- C:\Program Files\TMViewerSetup.exe
[2010.04.07 14:40:38 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup230.exe
[2010.03.02 14:31:34 | 008,853,856 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 3.0.3.exe
[2010.01.31 15:22:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2010.01.31 15:22:17 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2010.01.29 19:37:52 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup228.exe
[2010.01.28 19:18:12 | 002,572,472 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitDownloaderSetup.exe
[2009.12.02 14:06:33 | 001,128,916 | ---- | C] (www.hellopdf.com                                            ) -- C:\Program Files\pdf2wordsetup.exe
[2009.11.29 22:12:00 | 012,543,460 | ---- | C] (Andrea Vacondio) -- C:\Program Files\pdfsam-win32inst-v2_0_0.exe
[2009.10.26 15:44:08 | 077,086,488 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareInstallation.exe
[2009.10.14 14:26:51 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe
[2009.05.15 13:43:03 | 003,227,248 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup219.exe
[2009.05.01 11:28:15 | 218,474,518 | ---- | C] (Igor Pavlov) -- C:\Program Files\OOO31CBE.exe
[2009.04.27 15:16:35 | 003,190,688 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup218.exe
[2009.04.21 14:16:06 | 034,543,112 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareAE.exe
[2009.02.19 18:59:10 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Program Files\spybotsd162.exe
[2008.12.31 16:43:22 | 001,018,074 | ---- | C] (Heinzle Christof) -- C:\Program Files\lameplugin.exe
[2008.12.31 16:11:25 | 015,083,520 | ---- | C] (Safer Networking Limited                                    ) -- C:\Program Files\spybotsd160.exe
[2008.12.31 15:51:14 | 003,165,824 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup215.exe
[2008.12.30 15:12:28 | 002,170,309 | ---- | C] (Free Software Foundation) -- C:\Program Files\gnupg-w32cli-1.4.9.exe
[2008.12.29 19:36:10 | 002,188,592 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitDownloader281Setup.exe
[2008.12.13 22:19:13 | 006,557,639 | ---- | C] (Thorsten Fritz                                              ) -- C:\Program Files\kompozer-0.77.de-DE.win32.installer.exe
[2008.12.13 22:19:04 | 000,735,964 | ---- | C] (GegenStandpunkt Verlag, München) -- C:\Program Files\GS_Index_20071215.exe
[2008.12.13 22:19:02 | 004,986,208 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfplugin.exe
[2008.12.13 22:19:01 | 012,785,408 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfbrewer.exe
[2008.12.13 22:18:51 | 002,955,128 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup213.exe
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.12 19:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011.09.12 19:38:08 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.12 19:38:08 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.12 19:38:08 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.12 19:38:08 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.12 19:33:59 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.09.12 19:33:44 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.12 19:33:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.12 19:33:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.12 19:33:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.12 19:33:30 | 3485,663,232 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.12 19:30:36 | 000,000,000 | ---- | M] () -- C:\Users\a\defogger_reenable
[2011.09.12 19:11:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.12 18:51:34 | 000,302,592 | ---- | M] () -- C:\Users\a\Desktop\5mox39wg.exe
[2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe
[2011.09.12 18:50:18 | 000,050,477 | ---- | M] () -- C:\Users\a\Desktop\Defogger.exe
[2011.09.12 17:12:10 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.09.12 17:08:00 | 010,268,672 | ---- | M] () -- C:\Program Files\Ad-Aware95Install.msi
[2011.09.10 00:05:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
 
========== Files Created - No Company Name ==========
 
[2011.09.12 19:33:58 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.09.12 19:30:36 | 000,000,000 | ---- | C] () -- C:\Users\a\defogger_reenable
[2011.09.12 18:51:31 | 000,302,592 | ---- | C] () -- C:\Users\a\Desktop\5mox39wg.exe
[2011.09.12 18:50:17 | 000,050,477 | ---- | C] () -- C:\Users\a\Desktop\Defogger.exe
[2011.09.12 17:12:10 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.09.12 17:07:55 | 010,268,672 | ---- | C] () -- C:\Program Files\Ad-Aware95Install.msi
[2011.09.10 22:21:30 | 3485,663,232 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.13 13:33:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.08.13 13:33:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.08.03 18:11:00 | 021,073,936 | ---- | C] () -- C:\Program Files\vlc-1.1.11-win32.exe
[2011.07.29 16:37:17 | 002,448,352 | ---- | C] () -- C:\Program Files\mp3tagv249setup.exe
[2011.06.28 15:09:07 | 021,022,914 | ---- | C] () -- C:\Program Files\vlc-1.1.10-win32.exe
[2011.05.30 22:08:50 | 000,001,940 | ---- | C] () -- C:\Program Files\HiJackThis.lnk
[2011.05.30 22:07:51 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2011.04.28 16:07:16 | 002,446,680 | ---- | C] () -- C:\Program Files\mp3tagv248setup.exe
[2011.04.26 18:03:55 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011.04.04 17:08:58 | 000,247,053 | ---- | C] () -- C:\Program Files\mp3DC213.exe
[2011.03.31 13:08:00 | 020,586,196 | ---- | C] () -- C:\Program Files\vlc-1.1.8-win32.exe
[2011.03.18 13:56:26 | 020,364,702 | ---- | C] () -- C:\Program Files\vlc-1.1.7-win32.exe
[2011.03.14 19:59:08 | 004,437,496 | ---- | C] () -- C:\Program Files\Songr_1_9_17.zip
[2011.02.20 17:36:14 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe
[2010.12.22 23:45:41 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.12.09 17:21:36 | 019,985,265 | ---- | C] () -- C:\Program Files\vlc-1.1.5-win32.exe
[2010.10.26 17:08:18 | 000,226,402 | ---- | C] () -- C:\Program Files\mp3DC212.exe
[2010.10.14 21:43:16 | 000,008,619 | ---- | C] () -- C:\Program Files\obdeu.zip
[2010.08.28 12:44:33 | 019,657,194 | ---- | C] () -- C:\Program Files\vlc-1.1.4-win32.exe
[2010.08.20 14:23:40 | 019,563,096 | ---- | C] () -- C:\Program Files\vlc-1.1.3-win32.exe
[2010.08.08 14:51:33 | 000,058,984 | ---- | C] () -- C:\Program Files\225p1es_00_dwv_eng.zip
[2010.08.02 14:14:46 | 019,461,015 | ---- | C] () -- C:\Program Files\vlc-1.1.2-win32.exe
[2010.08.01 14:43:51 | 001,295,402 | ---- | C] () -- C:\Program Files\ag_mp3_plugin_setup.exe
[2010.07.27 14:10:19 | 151,343,200 | ---- | C] () -- C:\Program Files\OOo_3.2.1_Win_x86_install_de.exe
[2010.05.25 20:43:14 | 003,099,136 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010.05.25 20:41:42 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe
[2010.05.25 20:40:04 | 145,988,770 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010.05.25 19:46:20 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010.05.20 15:50:50 | 000,150,358 | ---- | C] () -- C:\Program Files\1by1_169.exe
[2010.05.03 13:26:03 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2010.04.08 17:00:16 | 002,439,075 | ---- | C] () -- C:\Program Files\fc_setup_ (2).zip
[2010.03.04 17:10:43 | 167,555,440 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2010.03.02 16:44:27 | 002,024,035 | ---- | C] () -- C:\Program Files\Firesave.exe
[2010.03.02 14:48:37 | 001,222,286 | ---- | C] () -- C:\Program Files\enigmail-1.0.1-tb-win.xpi
[2010.03.02 14:20:10 | 000,000,213 | ---- | C] () -- C:\Program Files\PFADE.ini
[2010.03.02 14:06:40 | 001,772,267 | ---- | C] () -- C:\Program Files\Thundersave_1.0.exe
[2010.02.19 14:40:40 | 044,518,776 | ---- | C] () -- C:\Program Files\setup_av_free_2_.exe
[2010.02.06 16:06:34 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe
[2010.01.31 15:22:18 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.01.31 15:22:18 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.01.31 15:22:17 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.01.28 19:53:14 | 000,127,083 | ---- | C] () -- C:\Program Files\1by1_168.exe
[2009.11.29 22:05:33 | 001,137,763 | ---- | C] () -- C:\Program Files\sun-pdfimport10.zip
[2009.10.07 13:45:28 | 149,845,064 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe
[2009.07.11 14:35:13 | 017,828,326 | ---- | C] () -- C:\Program Files\vlc-1.0.0-win32.exe
[2009.06.26 17:59:35 | 000,728,103 | ---- | C] () -- C:\Program Files\VAL v1.1.1 Setup.exe
[2009.05.26 18:53:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.26 18:52:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.08 23:15:49 | 016,742,799 | ---- | C] () -- C:\Program Files\vlc-0.9.9-win32.exe
[2009.05.07 15:31:52 | 147,695,064 | ---- | C] () -- C:\Program Files\OOo_3.1.0_Win32Intel_install_de.exe
[2009.05.05 16:01:41 | 000,212,713 | ---- | C] () -- C:\Program Files\mp3DC211.exe
[2009.05.05 15:59:51 | 000,121,784 | ---- | C] () -- C:\Program Files\1by1_167.exe
[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Program Files\openofficeorg31.msi
[2009.04.16 15:33:14 | 000,049,230 | ---- | C] () -- C:\Program Files\download_manager_tweak-0.7.2-fx.xpi
[2009.04.09 19:58:43 | 001,300,755 | ---- | C] () -- C:\Program Files\KKiller_v3.4.4.zip
[2009.02.26 18:29:19 | 000,037,658 | ---- | C] () -- C:\Program Files\duplicate_contact_manager-0.6-tb.xpi
[2009.01.27 20:28:46 | 000,111,016 | ---- | C] () -- C:\Program Files\image_zoom-0.3.1-fx+mz+tb+sm.xpi
[2009.01.10 21:37:39 | 156,172,680 | ---- | C] () -- C:\Program Files\ooo300.exe
[2009.01.04 19:29:10 | 000,938,576 | ---- | C] () -- C:\Program Files\7z463.exe
[2009.01.02 17:05:44 | 016,320,472 | ---- | C] () -- C:\Program Files\vlc-0.9.8a-win32.exe
[2008.12.31 18:34:50 | 007,949,158 | ---- | C] () -- C:\Program Files\kompozer-0.7.10-win32.zip
[2008.12.31 16:28:55 | 023,804,784 | ---- | C] () -- C:\Program Files\aaw2008_11n.exe
[2008.12.31 16:03:51 | 000,017,920 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.13 22:19:02 | 001,176,154 | ---- | C] () -- C:\Program Files\enigmail-0.95.6-tb+sm.xpi
[2008.12.13 22:18:50 | 000,189,429 | ---- | C] () -- C:\Program Files\mp3DC209.exe
[2008.12.13 20:35:07 | 000,000,296 | ---- | C] () -- C:\Users\a\AppData\Roaming\wklnhst.dat
[2008.12.13 18:50:37 | 000,792,771 | ---- | C] () -- C:\Program Files\MozBackup-1.4.8-DE.exe
[2008.12.13 18:29:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2008.12.13 18:27:40 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008.12.13 18:25:25 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.12.13 13:59:31 | 000,007,592 | ---- | C] () -- C:\Users\a\AppData\Local\d3d9caps.dat
[2008.10.20 10:35:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.17 17:15:05 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2008.10.17 16:56:47 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_11.bin
[2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_1.bin
[2008.10.17 16:56:47 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_000116BE_1.bin
[2008.10.08 14:51:57 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.10.08 13:26:22 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.10.08 13:01:08 | 000,000,023 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008.10.08 12:00:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,342,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.08.09 12:33:42 | 000,002,120 | ---- | C] () -- C:\Windows\System32\SETUP.INI
[1996.12.14 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1996.12.14 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2010.05.21 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\1by1
[2008.12.23 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Canon
[2008.12.29 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FreeCommander
[2011.04.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\gnupg
[2009.03.20 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\GrabPro
[2008.12.31 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\KompoZer
[2010.10.27 00:46:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mp3DirectCut
[2011.08.15 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mp3tag
[2009.07.13 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NewSoft
[2009.01.11 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\OpenOffice.org
[2011.08.12 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Orbit
[2010.10.14 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ProgSense
[2010.08.01 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\QuickStoresToolbar
[2008.12.13 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ScanSoft
[2008.12.11 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\T-Online
[2010.11.07 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Template
[2010.03.02 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Thunderbird
[2011.09.12 19:33:59 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.09.12 19:32:37 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.12 19:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 12.09.2011 19:39:28 - Run 1
OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\a\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 58,86% Memory free
6,69 Gb Paging File | 5,54 Gb Available in Paging File | 82,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,50 Gb Total Space | 665,33 Gb Free Space | 72,99% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32
 
Computer Name: A-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16F0F7F3-488C-4AA1-ABAB-22FAF3223912}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5F4397CD-37C3-40E3-B0B1-7274D6F100F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0EFF7527-4F0F-45D1-A5C0-2B0E4065E938}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{2BC8FB88-0687-40C3-A27F-49EE217CA7E7}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{2C2E74A2-D96F-48DA-8108-4873693CCE58}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{310ECEC3-7B74-4397-9743-F16D50E33FBC}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{45309D49-E570-4F8B-8509-F5EBC2F6295C}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{60D7F137-EDE0-437C-9F60-1C6270FECC32}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{67FD3586-C46B-485F-BDD0-CBBD5D3B4182}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{778542EF-662A-4ECC-B4D8-10073B7F1560}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{86D163A6-DF5D-4587-B47E-A24F199CB735}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{971F723D-E217-476B-92EC-F53560FEEC1D}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{C26D8B14-A27E-4318-ADBD-8D9F44435B78}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{EA561401-BF6A-4197-A382-4B9B84ADADED}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{F8FB2EF4-15A9-4C7A-A817-D4ACCEBB7F85}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"TCP Query User{0DBCEF11-A161-4FC9-A43C-B3A6DF67CB66}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{2269A1AC-35EA-4A68-B944-62B199FB548F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{4786D182-205D-4DA7-B821-1C4117C3F511}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"TCP Query User{7F554A2A-7692-4D32-816B-73AB91F69D76}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"TCP Query User{A1A7E116-EBE9-46DD-8BA0-1F485550A3BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{AD95235C-E55F-413A-9869-787161E0FCC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"TCP Query User{AE0903ED-5D4A-40C0-B731-50E45B24D9AA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{C9242C20-292C-4928-9FFD-A8F831B16242}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{372DBCEF-F778-423E-A119-3B6A210795EB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{45A757A6-C8A4-4D5E-A3DC-40B3D07BB8F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 
"UDP Query User{485BA21F-C68B-4F9E-B9FB-DCFEC2400C68}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{9BFEB6C3-CC44-498C-A550-89DC12F80897}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{ADBFAA37-3FF7-4C78-9103-D33B5F14525E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{AE07151E-0FD6-4254-8FFD-3F1D671150A1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{CCE7C458-827B-478D-9B66-797464074B01}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 
"UDP Query User{E1B0A721-4AF7-4A04-B9BB-C19638606219}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 27
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5079F5CA-210A-4C0C-9FBF-02CF77FB0EAC}" = NVIDIA PhysX v8.09.19
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54}" = Intel(R) Network Connections 13.2.8.0
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.17
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Trust Webcam
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 4.63
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin
"avast" = avast! Free Antivirus
"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0
"CCleaner" = CCleaner
"Das Örtliche Toolbar" = Das Örtliche Toolbar
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FreeCommander_is1" = FreeCommander 2009.02a
"FS-720 Utilities" = Kyocera FS-720 Version 1.0
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"KompoZer_is1" = KompoZer 0.77
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)
"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)
"Mp3tag" = Mp3tag v2.49
"Neue deutsche Rechtschreibung für Microsoft Office 9x" = Neue deutsche Rechtschreibung für Microsoft Office 9x
"NVIDIA Drivers" = NVIDIA Drivers
"Office8.0" = Microsoft Office 97, Professional Edition
"Orbit_is1" = Orbit Downloader
"Picasa 3" = Picasa 3
"PropFix" = Microsoft Office 97 Unique Identifier Removal Tool
"PROSetDX" = Intel(R) Network Connections 13.2.8.0
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Songr" = Songr
"TIPP10_is1" = TIPP10 Version 2.0.3
"VLC media player" = VLC media player 1.1.11
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"pdfsam" = pdfsam
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 04.08.2009 06:47:28 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 29.08.2009 11:49:32 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 19.09.2009 07:29:50 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 13.10.2009 08:48:02 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 14.10.2009 07:17:59 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 10.11.2009 06:50:43 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 29.12.2009 13:34:52 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 03.02.2010 05:39:40 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 04.02.2010 07:48:58 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
Error - 16.02.2010 17:06:50 | Computer Name = a-PC | Source = avast! | ID = 33554522
Description = 
 
[ Application Events ]
Error - 09.09.2011 08:33:47 | Computer Name = a-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2011 08:33:47 | Computer Name = a-PC | Source = Windows Search Service | ID = 3013
Description = 
 
Error - 09.09.2011 21:17:07 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2011 11:01:11 | Computer Name = a-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 10.09.2011 11:01:46 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2011 16:22:21 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 10.09.2011 17:31:45 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.09.2011 05:27:13 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.09.2011 05:49:50 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 12.09.2011 13:33:55 | Computer Name = a-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 11.09.2011 09:04:19 | Computer Name = a-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 11.09.2011 09:35:07 | Computer Name = a-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{BFE0E0CB-E7E0-4248-AF95-3F2A8DBC94A4} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 11.09.2011 09:35:07 | Computer Name = a-PC | Source = netbt | ID = 4321
Description = Der Name "A-PC           :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 0.0.0.0  registriert werden. Der Computer mit IP-Adresse 192.168.2.100
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 12.09.2011 11:12:10 | Computer Name = a-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         

Alt 13.09.2011, 12:45   #2
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Hier noch das Gmer-Log.
Beim Hochladen wurde mir angezeigt, es sei eine "Ungültige Datei", daher als zip.
__________________


Alt 13.09.2011, 13:13   #3
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Außerdem das Malwarebytes' Log (ich habe gesehen, dass das in einen anderen Thread hier vom kundigen Cosinus empfohlen wurde).
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7708

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

13.09.2011 14:07:18
mbam-log-2011-09-13 (14-07-18).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169166
Laufzeit: 2 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
__________________

Alt 13.09.2011, 14:31   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!


Führe danach auch bitte ESET aus, danach sehen wir weiter.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

n.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.09.2011, 14:36   #5
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Hier schon einmal der Vollscan von Malwarebytes, ich hatte schon mal diesen Schritt erahnt...

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 7708

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

13.09.2011 15:20:38
mbam-log-2011-09-13 (15-20-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 350228
Laufzeit: 51 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         


Alt 13.09.2011, 16:22   #6
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Hier das erfreuliche Ergebnis von ESET
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=64f3865ced9e534a86ddcac0eae771c3
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-09-13 03:16:33
# local_time=2011-09-13 05:16:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 79391430 79391430 0 0
# compatibility_mode=768 16777215 100 0 308782 308782 0 0
# compatibility_mode=5892 16776573 100 100 15441 153454224 0 0
# compatibility_mode=8192 67108863 100 0 306 306 0 0
# scanned=305168
# found=0
# cleaned=0
# scan_time=5496
         

Alt 13.09.2011, 18:53   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.09.2011, 20:24   #8
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Hier der Custom-OTL-Scan
Code:
ATTFilter
OTL logfile created on: 13.09.2011 21:01:36 - Run 2
OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\a\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 59,62% Memory free
6,69 Gb Paging File | 5,51 Gb Available in Paging File | 82,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,50 Gb Total Space | 664,11 Gb Free Space | 72,86% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32
Drive I: | 596,02 Gb Total Space | 306,53 Gb Free Space | 51,43% Space Free | Partition Type: FAT32
 
Computer Name: A-PC | User Name: a | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe
PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe
PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
PRC - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
PRC - [2008.09.09 18:32:00 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.09 01:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
PRC - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
PRC - [2005.01.27 21:48:34 | 000,057,344 | ---- | M] (KYOCERA MITA Corporation) -- C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe
MOD - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe
MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
MOD - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.12 17:14:31 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)
SRV - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.07.03 10:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2008.09.25 15:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2008.09.22 20:10:00 | 007,400,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.21 11:57:22 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2006.11.07 02:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 12:10:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.22 11:49:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions
[2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.08.24 17:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions
[2009.09.24 16:43:56 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}
[2010.04.27 15:45:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.04 13:01:16 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2008.12.13 18:52:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)
[2011.01.02 18:07:03 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}
[2011.08.18 14:41:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.11.18 17:52:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.08.11 12:20:47 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\https-everywhere@eff.org
[2010.11.04 14:53:01 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\quickstores@quickstores.de
[2011.09.10 12:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.07.07 20:55:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.12.20 13:40:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.18 13:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.06 19:11:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2011.07.29 16:43:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011.08.28 13:08:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}
[2010.08.01 14:49:17 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2011.09.09 12:10:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.07.19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.03.22 18:03:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.22 18:03:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.03.22 18:03:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.22 18:03:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.22 18:03:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.22 18:03:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.02.19 19:06:35 | 000,297,607 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 127.0.0.1	www.163ns.com
O1 - Hosts: 10280 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (T3ToolbarHelper Class) - {164E93C4-09BF-4647-9E0B-D5FBB1D35E63} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll ()
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DasÖrtliche Toolbar) - {6E5B18CB-0EB6-4461-88B8-33B4683613D5} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll ()
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Launcher] C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe (KYOCERA MITA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C8ED1F3-C984-4D61-A8E2-D71FD759C5F5}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB6241D3-9F10-462A-85BB-34F3A7719B35}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE0E0CB-E7E0-4248-AF95-3F2A8DBC94A4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: 
O24 - Desktop BackupWallPaper: 
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\Shell\AutoRun\command - "" = K:\Menu.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
MsConfig - StartUpReg: TVEService - hkey= - key= - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
MsConfig - State: "startup" - 2
MsConfig - State: "bootini" - 0
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.09.13 15:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.09.13 15:39:32 | 002,322,184 | ---- | C] (ESET) -- C:\Program Files\esetsmartinstaller_enu.exe
[2011.09.13 14:01:51 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Malwarebytes
[2011.09.13 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.09.13 14:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.09.13 14:01:40 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.09.13 14:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.09.13 14:00:10 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe
[2011.09.12 18:50:33 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe
[2011.09.12 17:12:09 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011.09.12 17:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011.09.12 17:10:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.28 13:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.28 13:06:18 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe
[2011.05.30 16:17:28 | 003,096,424 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup307.exe
[2011.04.23 14:33:32 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[2011.04.23 13:59:39 | 000,568,648 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe
[2011.04.04 19:24:26 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup305.exe
[2011.03.20 16:06:40 | 000,772,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.performance.exe
[2011.03.20 16:05:43 | 000,772,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.printing.exe
[2011.03.18 13:52:24 | 006,277,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2011.01.26 18:52:49 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup303.exe
[2011.01.13 22:01:31 | 002,827,728 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe
[2011.01.06 17:49:33 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe
[2010.12.30 17:03:35 | 004,044,900 | ---- | C] ((c) 2006-2008, Tom Thielicke                                ) -- C:\Program Files\tipp10_win_v2-0-3.exe
[2010.12.20 13:43:43 | 004,750,496 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe
[2010.10.14 21:42:28 | 004,229,377 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitSetup4.0.3.exe
[2010.08.10 16:04:16 | 128,750,008 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareInstall.exe
[2010.05.03 13:02:38 | 005,461,276 | ---- | C] (Igor Pavlov) -- C:\Program Files\TMViewerSetup.exe
[2010.04.07 14:40:38 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup230.exe
[2010.03.02 14:31:34 | 008,853,856 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 3.0.3.exe
[2010.01.31 15:22:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll
[2010.01.31 15:22:17 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2010.01.29 19:37:52 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup228.exe
[2010.01.28 19:18:12 | 002,572,472 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitDownloaderSetup.exe
[2009.12.02 14:06:33 | 001,128,916 | ---- | C] (www.hellopdf.com                                            ) -- C:\Program Files\pdf2wordsetup.exe
[2009.11.29 22:12:00 | 012,543,460 | ---- | C] (Andrea Vacondio) -- C:\Program Files\pdfsam-win32inst-v2_0_0.exe
[2009.10.26 15:44:08 | 077,086,488 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareInstallation.exe
[2009.10.14 14:26:51 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe
[2009.05.15 13:43:03 | 003,227,248 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup219.exe
[2009.05.01 11:28:15 | 218,474,518 | ---- | C] (Igor Pavlov) -- C:\Program Files\OOO31CBE.exe
[2009.04.27 15:16:35 | 003,190,688 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup218.exe
[2009.04.21 14:16:06 | 034,543,112 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareAE.exe
[2009.02.19 18:59:10 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Program Files\spybotsd162.exe
[2008.12.31 16:43:22 | 001,018,074 | ---- | C] (Heinzle Christof) -- C:\Program Files\lameplugin.exe
[2008.12.31 16:11:25 | 015,083,520 | ---- | C] (Safer Networking Limited                                    ) -- C:\Program Files\spybotsd160.exe
[2008.12.31 15:51:14 | 003,165,824 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup215.exe
[2008.12.30 15:12:28 | 002,170,309 | ---- | C] (Free Software Foundation) -- C:\Program Files\gnupg-w32cli-1.4.9.exe
[2008.12.29 19:36:10 | 002,188,592 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitDownloader281Setup.exe
[2008.12.13 22:19:13 | 006,557,639 | ---- | C] (Thorsten Fritz                                              ) -- C:\Program Files\kompozer-0.77.de-DE.win32.installer.exe
[2008.12.13 22:19:04 | 000,735,964 | ---- | C] (GegenStandpunkt Verlag, München) -- C:\Program Files\GS_Index_20071215.exe
[2008.12.13 22:19:02 | 004,986,208 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfplugin.exe
[2008.12.13 22:19:01 | 012,785,408 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfbrewer.exe
[2008.12.13 22:18:51 | 002,955,128 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup213.exe
[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe
 
========== Files - Modified Within 30 Days ==========
 
[2011.09.13 21:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2011.09.13 20:11:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.09.13 19:34:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.09.13 19:34:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.09.13 15:39:34 | 002,322,184 | ---- | M] (ESET) -- C:\Program Files\esetsmartinstaller_enu.exe
[2011.09.13 15:39:06 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.09.13 15:39:06 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.09.13 15:39:06 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.09.13 15:39:06 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.09.13 14:01:45 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.13 14:00:12 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe
[2011.09.13 13:43:27 | 000,010,722 | ---- | M] () -- C:\Users\a\Desktop\Gmer-Scanlog.zip
[2011.09.13 13:36:55 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.09.13 13:35:09 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.09.13 13:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.09.13 13:34:45 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2011.09.13 12:44:41 | 000,013,990 | ---- | M] () -- C:\Users\a\Desktop\OTL.zip
[2011.09.12 19:30:36 | 000,000,000 | ---- | M] () -- C:\Users\a\defogger_reenable
[2011.09.12 18:51:34 | 000,302,592 | ---- | M] () -- C:\Users\a\Desktop\5mox39wg.exe
[2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe
[2011.09.12 18:50:18 | 000,050,477 | ---- | M] () -- C:\Users\a\Desktop\Defogger.exe
[2011.09.12 17:12:10 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.09.12 17:08:00 | 010,268,672 | ---- | M] () -- C:\Program Files\Ad-Aware95Install.msi
[2011.09.10 00:05:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
 
========== Files Created - No Company Name ==========
 
[2011.09.13 14:01:45 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.09.13 13:43:27 | 000,010,722 | ---- | C] () -- C:\Users\a\Desktop\Gmer-Scanlog.zip
[2011.09.13 12:44:40 | 000,013,990 | ---- | C] () -- C:\Users\a\Desktop\OTL.zip
[2011.09.12 19:33:58 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011.09.12 19:30:36 | 000,000,000 | ---- | C] () -- C:\Users\a\defogger_reenable
[2011.09.12 18:51:31 | 000,302,592 | ---- | C] () -- C:\Users\a\Desktop\5mox39wg.exe
[2011.09.12 18:50:17 | 000,050,477 | ---- | C] () -- C:\Users\a\Desktop\Defogger.exe
[2011.09.12 17:12:10 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011.09.12 17:07:55 | 010,268,672 | ---- | C] () -- C:\Program Files\Ad-Aware95Install.msi
[2011.09.10 22:21:30 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys
[2011.08.13 13:33:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.08.13 13:33:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.08.03 18:11:00 | 021,073,936 | ---- | C] () -- C:\Program Files\vlc-1.1.11-win32.exe
[2011.07.29 16:37:17 | 002,448,352 | ---- | C] () -- C:\Program Files\mp3tagv249setup.exe
[2011.06.28 15:09:07 | 021,022,914 | ---- | C] () -- C:\Program Files\vlc-1.1.10-win32.exe
[2011.05.30 22:08:50 | 000,001,940 | ---- | C] () -- C:\Program Files\HiJackThis.lnk
[2011.05.30 22:07:51 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi
[2011.04.28 16:07:16 | 002,446,680 | ---- | C] () -- C:\Program Files\mp3tagv248setup.exe
[2011.04.26 18:03:55 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe
[2011.04.04 17:08:58 | 000,247,053 | ---- | C] () -- C:\Program Files\mp3DC213.exe
[2011.03.31 13:08:00 | 020,586,196 | ---- | C] () -- C:\Program Files\vlc-1.1.8-win32.exe
[2011.03.18 13:56:26 | 020,364,702 | ---- | C] () -- C:\Program Files\vlc-1.1.7-win32.exe
[2011.03.14 19:59:08 | 004,437,496 | ---- | C] () -- C:\Program Files\Songr_1_9_17.zip
[2011.02.20 17:36:14 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe
[2010.12.22 23:45:41 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.12.09 17:21:36 | 019,985,265 | ---- | C] () -- C:\Program Files\vlc-1.1.5-win32.exe
[2010.10.26 17:08:18 | 000,226,402 | ---- | C] () -- C:\Program Files\mp3DC212.exe
[2010.10.14 21:43:16 | 000,008,619 | ---- | C] () -- C:\Program Files\obdeu.zip
[2010.08.28 12:44:33 | 019,657,194 | ---- | C] () -- C:\Program Files\vlc-1.1.4-win32.exe
[2010.08.20 14:23:40 | 019,563,096 | ---- | C] () -- C:\Program Files\vlc-1.1.3-win32.exe
[2010.08.08 14:51:33 | 000,058,984 | ---- | C] () -- C:\Program Files\225p1es_00_dwv_eng.zip
[2010.08.02 14:14:46 | 019,461,015 | ---- | C] () -- C:\Program Files\vlc-1.1.2-win32.exe
[2010.08.01 14:43:51 | 001,295,402 | ---- | C] () -- C:\Program Files\ag_mp3_plugin_setup.exe
[2010.07.27 14:10:19 | 151,343,200 | ---- | C] () -- C:\Program Files\OOo_3.2.1_Win_x86_install_de.exe
[2010.05.25 20:43:14 | 003,099,136 | ---- | C] () -- C:\Program Files\openofficeorg32.msi
[2010.05.25 20:41:42 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe
[2010.05.25 20:40:04 | 145,988,770 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010.05.25 19:46:20 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini
[2010.05.20 15:50:50 | 000,150,358 | ---- | C] () -- C:\Program Files\1by1_169.exe
[2010.05.03 13:26:03 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe
[2010.04.08 17:00:16 | 002,439,075 | ---- | C] () -- C:\Program Files\fc_setup_ (2).zip
[2010.03.04 17:10:43 | 167,555,440 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2010.03.02 16:44:27 | 002,024,035 | ---- | C] () -- C:\Program Files\Firesave.exe
[2010.03.02 14:48:37 | 001,222,286 | ---- | C] () -- C:\Program Files\enigmail-1.0.1-tb-win.xpi
[2010.03.02 14:20:10 | 000,000,213 | ---- | C] () -- C:\Program Files\PFADE.ini
[2010.03.02 14:06:40 | 001,772,267 | ---- | C] () -- C:\Program Files\Thundersave_1.0.exe
[2010.02.19 14:40:40 | 044,518,776 | ---- | C] () -- C:\Program Files\setup_av_free_2_.exe
[2010.02.06 16:06:34 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe
[2010.01.31 15:22:18 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2010.01.31 15:22:18 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2010.01.31 15:22:17 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[2010.01.28 19:53:14 | 000,127,083 | ---- | C] () -- C:\Program Files\1by1_168.exe
[2009.11.29 22:05:33 | 001,137,763 | ---- | C] () -- C:\Program Files\sun-pdfimport10.zip
[2009.10.07 13:45:28 | 149,845,064 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe
[2009.07.11 14:35:13 | 017,828,326 | ---- | C] () -- C:\Program Files\vlc-1.0.0-win32.exe
[2009.06.26 17:59:35 | 000,728,103 | ---- | C] () -- C:\Program Files\VAL v1.1.1 Setup.exe
[2009.05.26 18:53:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.26 18:52:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.08 23:15:49 | 016,742,799 | ---- | C] () -- C:\Program Files\vlc-0.9.9-win32.exe
[2009.05.07 15:31:52 | 147,695,064 | ---- | C] () -- C:\Program Files\OOo_3.1.0_Win32Intel_install_de.exe
[2009.05.05 16:01:41 | 000,212,713 | ---- | C] () -- C:\Program Files\mp3DC211.exe
[2009.05.05 15:59:51 | 000,121,784 | ---- | C] () -- C:\Program Files\1by1_167.exe
[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Program Files\openofficeorg31.msi
[2009.04.16 15:33:14 | 000,049,230 | ---- | C] () -- C:\Program Files\download_manager_tweak-0.7.2-fx.xpi
[2009.04.09 19:58:43 | 001,300,755 | ---- | C] () -- C:\Program Files\KKiller_v3.4.4.zip
[2009.02.26 18:29:19 | 000,037,658 | ---- | C] () -- C:\Program Files\duplicate_contact_manager-0.6-tb.xpi
[2009.01.27 20:28:46 | 000,111,016 | ---- | C] () -- C:\Program Files\image_zoom-0.3.1-fx+mz+tb+sm.xpi
[2009.01.10 21:37:39 | 156,172,680 | ---- | C] () -- C:\Program Files\ooo300.exe
[2009.01.04 19:29:10 | 000,938,576 | ---- | C] () -- C:\Program Files\7z463.exe
[2009.01.02 17:05:44 | 016,320,472 | ---- | C] () -- C:\Program Files\vlc-0.9.8a-win32.exe
[2008.12.31 18:34:50 | 007,949,158 | ---- | C] () -- C:\Program Files\kompozer-0.7.10-win32.zip
[2008.12.31 16:28:55 | 023,804,784 | ---- | C] () -- C:\Program Files\aaw2008_11n.exe
[2008.12.31 16:03:51 | 000,017,920 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.13 22:19:02 | 001,176,154 | ---- | C] () -- C:\Program Files\enigmail-0.95.6-tb+sm.xpi
[2008.12.13 22:18:50 | 000,189,429 | ---- | C] () -- C:\Program Files\mp3DC209.exe
[2008.12.13 20:35:07 | 000,000,296 | ---- | C] () -- C:\Users\a\AppData\Roaming\wklnhst.dat
[2008.12.13 18:50:37 | 000,792,771 | ---- | C] () -- C:\Program Files\MozBackup-1.4.8-DE.exe
[2008.12.13 18:29:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL
[2008.12.13 18:27:40 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll
[2008.12.13 18:25:25 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008.12.13 13:59:31 | 000,007,592 | ---- | C] () -- C:\Users\a\AppData\Local\d3d9caps.dat
[2008.10.20 10:35:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.17 17:15:05 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2008.10.17 16:56:47 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_11.bin
[2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_1.bin
[2008.10.17 16:56:47 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_000116BE_1.bin
[2008.10.08 14:51:57 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2008.10.08 13:26:22 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat
[2008.10.08 13:01:08 | 000,000,023 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2008.10.08 12:00:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,342,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2004.08.09 12:33:42 | 000,002,120 | ---- | C] () -- C:\Windows\System32\SETUP.INI
[1996.12.14 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1996.12.14 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2010.05.21 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\1by1
[2008.12.23 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Canon
[2008.12.29 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FreeCommander
[2011.04.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\gnupg
[2009.03.20 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\GrabPro
[2008.12.31 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\KompoZer
[2010.10.27 00:46:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mp3DirectCut
[2011.08.15 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mp3tag
[2009.07.13 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NewSoft
[2009.01.11 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\OpenOffice.org
[2011.08.12 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Orbit
[2010.10.14 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ProgSense
[2010.08.01 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\QuickStoresToolbar
[2008.12.13 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ScanSoft
[2008.12.11 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\T-Online
[2010.11.07 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Template
[2010.03.02 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Thunderbird
[2011.09.13 13:35:09 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2011.09.13 13:33:33 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.09.13 21:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.05.21 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\1by1
[2010.12.20 14:00:26 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Adobe
[2008.12.23 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Canon
[2008.12.31 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\CyberLink
[2011.01.29 19:30:32 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\dvdcss
[2008.12.29 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FreeCommander
[2011.04.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\gnupg
[2009.01.12 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Google
[2009.03.20 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\GrabPro
[2008.12.11 22:26:01 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Identities
[2010.01.31 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\InstallShield
[2008.12.31 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\KompoZer
[2008.12.11 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Macromedia
[2011.09.13 14:01:51 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Media Center Programs
[2011.05.30 22:08:50 | 000,000,000 | --SD | M] -- C:\Users\a\AppData\Roaming\Microsoft
[2008.12.13 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mozilla
[2010.10.27 00:46:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mp3DirectCut
[2011.08.15 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mp3tag
[2009.01.02 17:48:05 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Nero
[2009.07.13 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NewSoft
[2009.01.11 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\OpenOffice.org
[2011.08.12 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Orbit
[2010.10.14 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ProgSense
[2010.08.01 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\QuickStoresToolbar
[2008.12.13 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ScanSoft
[2011.09.13 13:33:26 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Skype
[2011.07.07 20:54:06 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\skypePM
[2008.12.11 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\T-Online
[2008.12.13 18:56:29 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Talkback
[2010.11.07 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Template
[2010.03.02 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Thunderbird
[2011.03.31 13:28:41 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2011.05.30 22:08:50 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\a\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
[2009.07.20 16:00:17 | 000,583,168 | ---- | M] () -- C:\Users\a\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\C862.tmp_\sun-pdfimport.oxt\xpdfimport.exe
[2010.08.01 14:49:16 | 000,704,248 | ---- | M] () -- C:\Users\a\AppData\Roaming\QuickStoresToolbar\unins000.exe
[2010.03.10 15:13:58 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\a\AppData\Roaming\QuickStoresToolbar\Update.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys
[2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys
[2007.10.09 01:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 14.09.2011, 10:42   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell - "" = AutoRun
O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a
O33 - MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\Shell\AutoRun\command - "" = K:\Menu.exe
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.09.2011, 11:05   #10
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Hallo Arne,
ich habe blind deine Anweisung befolgt, hier das Ergebnis:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f647e40b-6d3e-11de-88d5-00040e465fb0}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f647e40b-6d3e-11de-88d5-00040e465fb0}\ not found.
File I:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6ce2080-0df4-11e0-abd0-0021857552ad}\ not found.
File K:\Menu.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: a
->Temp folder emptied: 13898790 bytes
->Temporary Internet Files folder emptied: 1191709 bytes
->Java cache emptied: 9671204 bytes
->FireFox cache emptied: 139504605 bytes
->Flash cache emptied: 915 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4092 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 157,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.28.0 log created on 09142011_115737

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
         

Alt 14.09.2011, 12:44   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.09.2011, 13:17   #12
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Das Tool war flott und hat nichts gefunden
Code:
ATTFilter
2011/09/14 14:15:04.0094 4756	TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17
2011/09/14 14:15:04.0499 4756	================================================================================
2011/09/14 14:15:04.0499 4756	SystemInfo:
2011/09/14 14:15:04.0499 4756	
2011/09/14 14:15:04.0499 4756	OS Version: 6.0.6002 ServicePack: 2.0
2011/09/14 14:15:04.0499 4756	Product type: Workstation
2011/09/14 14:15:04.0499 4756	ComputerName: A-PC
2011/09/14 14:15:04.0499 4756	UserName: a
2011/09/14 14:15:04.0499 4756	Windows directory: C:\Windows
2011/09/14 14:15:04.0499 4756	System windows directory: C:\Windows
2011/09/14 14:15:04.0499 4756	Processor architecture: Intel x86
2011/09/14 14:15:04.0499 4756	Number of processors: 4
2011/09/14 14:15:04.0499 4756	Page size: 0x1000
2011/09/14 14:15:04.0499 4756	Boot type: Normal boot
2011/09/14 14:15:04.0499 4756	================================================================================
2011/09/14 14:15:05.0045 4756	Initialize success
2011/09/14 14:15:12.0315 4284	================================================================================
2011/09/14 14:15:12.0315 4284	Scan started
2011/09/14 14:15:12.0315 4284	Mode: Manual; 
2011/09/14 14:15:12.0315 4284	================================================================================
2011/09/14 14:15:12.0814 4284	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/09/14 14:15:12.0861 4284	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/09/14 14:15:12.0892 4284	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/09/14 14:15:12.0923 4284	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/09/14 14:15:12.0970 4284	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/09/14 14:15:13.0048 4284	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/09/14 14:15:13.0079 4284	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/09/14 14:15:13.0111 4284	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/09/14 14:15:13.0126 4284	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/09/14 14:15:13.0157 4284	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/09/14 14:15:13.0189 4284	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/09/14 14:15:13.0204 4284	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/09/14 14:15:13.0235 4284	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/09/14 14:15:13.0251 4284	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/09/14 14:15:13.0267 4284	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/09/14 14:15:13.0329 4284	aswFsBlk        (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
2011/09/14 14:15:13.0360 4284	aswMonFlt       (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
2011/09/14 14:15:13.0391 4284	aswRdr          (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
2011/09/14 14:15:13.0438 4284	aswSnx          (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
2011/09/14 14:15:13.0485 4284	aswSP           (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
2011/09/14 14:15:13.0516 4284	aswTdi          (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
2011/09/14 14:15:13.0547 4284	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/09/14 14:15:13.0579 4284	atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
2011/09/14 14:15:13.0625 4284	AVMUNET         (980f4c96c73c61cc6fcf657a721b35d3) C:\Windows\system32\DRIVERS\avmunet.sys
2011/09/14 14:15:13.0672 4284	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/09/14 14:15:13.0719 4284	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/09/14 14:15:13.0766 4284	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/09/14 14:15:13.0813 4284	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/09/14 14:15:13.0828 4284	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/09/14 14:15:13.0859 4284	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/09/14 14:15:13.0891 4284	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/09/14 14:15:13.0906 4284	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/09/14 14:15:13.0922 4284	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/09/14 14:15:13.0953 4284	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/09/14 14:15:13.0984 4284	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/09/14 14:15:14.0015 4284	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/09/14 14:15:14.0047 4284	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
2011/09/14 14:15:14.0078 4284	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/09/14 14:15:14.0140 4284	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/09/14 14:15:14.0156 4284	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
2011/09/14 14:15:14.0187 4284	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/09/14 14:15:14.0218 4284	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/09/14 14:15:14.0312 4284	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/09/14 14:15:14.0359 4284	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/09/14 14:15:14.0452 4284	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/09/14 14:15:14.0515 4284	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/09/14 14:15:14.0639 4284	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/09/14 14:15:14.0671 4284	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/09/14 14:15:14.0764 4284	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/09/14 14:15:14.0795 4284	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/09/14 14:15:14.0827 4284	ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/09/14 14:15:14.0873 4284	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/09/14 14:15:14.0920 4284	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/09/14 14:15:14.0936 4284	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/09/14 14:15:14.0983 4284	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/09/14 14:15:14.0998 4284	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/09/14 14:15:15.0014 4284	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/09/14 14:15:15.0045 4284	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/09/14 14:15:15.0076 4284	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/09/14 14:15:15.0092 4284	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/09/14 14:15:15.0185 4284	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/09/14 14:15:15.0217 4284	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/09/14 14:15:15.0248 4284	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/09/14 14:15:15.0263 4284	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/09/14 14:15:15.0279 4284	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/09/14 14:15:15.0310 4284	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/09/14 14:15:15.0373 4284	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/09/14 14:15:15.0404 4284	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/09/14 14:15:15.0435 4284	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/09/14 14:15:15.0466 4284	iaStor          (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys
2011/09/14 14:15:15.0497 4284	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/09/14 14:15:15.0513 4284	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/09/14 14:15:15.0591 4284	IntcAzAudAddService (2e06052066ce4489cdfbfb8329ea52b1) C:\Windows\system32\drivers\RTKVHDA.sys
2011/09/14 14:15:15.0669 4284	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/09/14 14:15:15.0700 4284	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/09/14 14:15:15.0731 4284	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/09/14 14:15:15.0778 4284	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/09/14 14:15:15.0825 4284	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/09/14 14:15:15.0841 4284	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/09/14 14:15:15.0856 4284	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/09/14 14:15:15.0887 4284	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/09/14 14:15:15.0903 4284	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/09/14 14:15:15.0934 4284	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/09/14 14:15:15.0965 4284	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/09/14 14:15:15.0997 4284	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/09/14 14:15:16.0043 4284	KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/09/14 14:15:16.0106 4284	Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys
2011/09/14 14:15:16.0137 4284	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/09/14 14:15:16.0168 4284	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/09/14 14:15:16.0184 4284	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/09/14 14:15:16.0215 4284	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/09/14 14:15:16.0246 4284	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/09/14 14:15:16.0277 4284	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/09/14 14:15:16.0324 4284	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/09/14 14:15:16.0340 4284	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/09/14 14:15:16.0387 4284	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/09/14 14:15:16.0418 4284	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/09/14 14:15:16.0433 4284	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/09/14 14:15:16.0449 4284	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/09/14 14:15:16.0480 4284	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/09/14 14:15:16.0496 4284	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/09/14 14:15:16.0527 4284	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/09/14 14:15:16.0558 4284	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/09/14 14:15:16.0589 4284	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/09/14 14:15:16.0636 4284	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/09/14 14:15:16.0667 4284	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/09/14 14:15:16.0683 4284	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/09/14 14:15:16.0714 4284	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/09/14 14:15:16.0761 4284	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/09/14 14:15:16.0792 4284	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/09/14 14:15:16.0823 4284	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/09/14 14:15:16.0855 4284	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/09/14 14:15:16.0870 4284	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/09/14 14:15:16.0901 4284	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/09/14 14:15:16.0933 4284	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/09/14 14:15:16.0948 4284	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/09/14 14:15:16.0964 4284	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/09/14 14:15:17.0026 4284	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/09/14 14:15:17.0073 4284	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/09/14 14:15:17.0104 4284	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/09/14 14:15:17.0120 4284	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/09/14 14:15:17.0182 4284	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/09/14 14:15:17.0198 4284	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/09/14 14:15:17.0229 4284	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/09/14 14:15:17.0260 4284	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/09/14 14:15:17.0323 4284	netr28u         (2e812881ec96e80eae304877ed90206b) C:\Windows\system32\DRIVERS\netr28u.sys
2011/09/14 14:15:17.0369 4284	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/09/14 14:15:17.0401 4284	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/09/14 14:15:17.0432 4284	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/09/14 14:15:17.0494 4284	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/09/14 14:15:17.0541 4284	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/09/14 14:15:17.0557 4284	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/09/14 14:15:17.0744 4284	nvlddmkm        (433b35bcc2a5cb7ecb0b807d6ed38d4e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/09/14 14:15:17.0869 4284	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/09/14 14:15:17.0900 4284	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/09/14 14:15:17.0947 4284	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/09/14 14:15:18.0040 4284	NxpCap          (35ebe490c993f39091ce7bf89e725b0c) C:\Windows\system32\DRIVERS\NxpCap.sys
2011/09/14 14:15:18.0103 4284	ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/09/14 14:15:18.0165 4284	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/09/14 14:15:18.0196 4284	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/09/14 14:15:18.0212 4284	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/09/14 14:15:18.0259 4284	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/09/14 14:15:18.0305 4284	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/09/14 14:15:18.0321 4284	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/09/14 14:15:18.0383 4284	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/09/14 14:15:18.0477 4284	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/09/14 14:15:18.0493 4284	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/09/14 14:15:18.0571 4284	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/09/14 14:15:18.0602 4284	PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/09/14 14:15:18.0649 4284	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/09/14 14:15:18.0695 4284	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/09/14 14:15:18.0727 4284	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/09/14 14:15:18.0742 4284	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/09/14 14:15:18.0773 4284	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/09/14 14:15:18.0805 4284	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/09/14 14:15:18.0836 4284	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/09/14 14:15:18.0867 4284	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/09/14 14:15:18.0883 4284	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/09/14 14:15:18.0914 4284	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/09/14 14:15:18.0929 4284	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/09/14 14:15:18.0976 4284	RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/09/14 14:15:19.0039 4284	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/09/14 14:15:19.0070 4284	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/09/14 14:15:19.0117 4284	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/09/14 14:15:19.0179 4284	Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
2011/09/14 14:15:19.0195 4284	Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
2011/09/14 14:15:19.0226 4284	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/09/14 14:15:19.0304 4284	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/09/14 14:15:19.0335 4284	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/09/14 14:15:19.0351 4284	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/09/14 14:15:19.0397 4284	sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/09/14 14:15:19.0429 4284	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/09/14 14:15:19.0444 4284	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/09/14 14:15:19.0460 4284	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/09/14 14:15:19.0507 4284	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/09/14 14:15:19.0756 4284	SNPSTD3         (4b0e6dfe7905db8cb7318c0d23abc4ea) C:\Windows\system32\DRIVERS\snpstd3.sys
2011/09/14 14:15:19.0943 4284	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/09/14 14:15:19.0990 4284	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/09/14 14:15:20.0037 4284	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/09/14 14:15:20.0068 4284	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/09/14 14:15:20.0115 4284	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/09/14 14:15:20.0146 4284	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/09/14 14:15:20.0177 4284	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/09/14 14:15:20.0209 4284	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/09/14 14:15:20.0318 4284	Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys
2011/09/14 14:15:20.0380 4284	Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys
2011/09/14 14:15:20.0411 4284	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/09/14 14:15:20.0458 4284	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/09/14 14:15:20.0489 4284	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/09/14 14:15:20.0521 4284	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/09/14 14:15:20.0552 4284	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/09/14 14:15:20.0614 4284	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/09/14 14:15:20.0645 4284	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/09/14 14:15:20.0692 4284	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/09/14 14:15:20.0723 4284	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/09/14 14:15:20.0755 4284	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/09/14 14:15:20.0801 4284	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/09/14 14:15:20.0833 4284	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/09/14 14:15:20.0864 4284	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/09/14 14:15:20.0895 4284	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/09/14 14:15:20.0926 4284	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/09/14 14:15:20.0957 4284	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/09/14 14:15:20.0989 4284	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/09/14 14:15:21.0035 4284	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/09/14 14:15:21.0051 4284	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/09/14 14:15:21.0098 4284	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/09/14 14:15:21.0145 4284	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/09/14 14:15:21.0160 4284	usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/09/14 14:15:21.0207 4284	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/09/14 14:15:21.0223 4284	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/09/14 14:15:21.0285 4284	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/09/14 14:15:21.0301 4284	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/09/14 14:15:21.0316 4284	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/09/14 14:15:21.0347 4284	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/09/14 14:15:21.0394 4284	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/09/14 14:15:21.0425 4284	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/09/14 14:15:21.0488 4284	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/09/14 14:15:21.0503 4284	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/09/14 14:15:21.0550 4284	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/09/14 14:15:21.0581 4284	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/09/14 14:15:21.0628 4284	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/14 14:15:21.0644 4284	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/09/14 14:15:21.0691 4284	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/09/14 14:15:21.0722 4284	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/09/14 14:15:21.0831 4284	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
2011/09/14 14:15:21.0893 4284	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/09/14 14:15:21.0909 4284	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/09/14 14:15:21.0971 4284	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/09/14 14:15:22.0003 4284	X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys
2011/09/14 14:15:22.0034 4284	XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys
2011/09/14 14:15:22.0081 4284	MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/09/14 14:15:22.0096 4284	MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/09/14 14:15:22.0112 4284	Boot (0x1200)   (4aaf4a98fc25a4a7ad9008d4ba50c369) \Device\Harddisk0\DR0\Partition0
2011/09/14 14:15:22.0143 4284	Boot (0x1200)   (f45c975a42e0ca8b4940c9f6cce9320c) \Device\Harddisk0\DR0\Partition1
2011/09/14 14:15:22.0159 4284	Boot (0x1200)   (5ae4d43c37515529ab53725ce6cb1f4c) \Device\Harddisk1\DR1\Partition0
2011/09/14 14:15:22.0159 4284	================================================================================
2011/09/14 14:15:22.0159 4284	Scan finished
2011/09/14 14:15:22.0159 4284	================================================================================
2011/09/14 14:15:22.0174 4772	Detected object count: 0
2011/09/14 14:15:22.0174 4772	Actual detected object count: 0
         

Alt 14.09.2011, 14:34   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.09.2011, 16:35   #14
andrewJ
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Das Combofix-Log:
Code:
ATTFilter
ComboFix 11-09-14.01 - a 14.09.2011  17:16:33.1.4 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2416 [GMT 2:00]
ausgeführt von:: c:\users\a\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\Setup.exe
c:\users\a\Favorites\Cambridge-Azur-340-A-SE_571506.html
c:\users\a\Favorites\NAD-C-315-BEE_571384.html
c:\windows\system32\setup.ini
c:\windows\system32\ShellManager310E2D762.dll
Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\windows\Windows6.0-KB948465-X86.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-08-14 bis 2011-09-14  ))))))))))))))))))))))))))))))
.
.
2011-09-14 15:24 . 2011-09-14 15:31	--------	d-----w-	c:\users\a\AppData\Local\temp
2011-09-14 15:24 . 2011-09-14 15:24	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-09-14 11:00 . 2011-08-10 12:14	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-09-14 09:57 . 2011-09-14 09:57	--------	d-----w-	C:\_OTL
2011-09-13 13:39 . 2011-09-13 13:39	--------	d-----w-	c:\program files\ESET
2011-09-13 13:39 . 2011-09-13 13:39	2322184	----a-w-	c:\program files\esetsmartinstaller_enu.exe
2011-09-13 12:01 . 2011-09-13 12:01	--------	d-----w-	c:\users\a\AppData\Roaming\Malwarebytes
2011-09-13 12:01 . 2011-09-13 12:03	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-09-13 12:01 . 2011-08-31 15:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-09-13 12:00 . 2011-09-13 12:00	9466208	----a-w-	c:\program files\mbam-setup-1.51.1.1800.exe
2011-09-13 09:27 . 2011-08-12 02:44	7152464	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{AE87E91F-9E5B-4F0C-A327-2B46AA768E6C}\mpengine.dll	ERROR(0x00000005)
2011-09-12 15:12 . 2011-08-18 13:25	64512	----a-w-	c:\windows\system32\drivers\Lbd.sys
2011-09-12 15:07 . 2011-09-12 15:08	10268672	----a-w-	c:\program files\Ad-Aware95Install.msi
2011-08-28 11:08 . 2011-08-28 11:08	--------	d-----w-	c:\program files\Common Files\Java
2011-08-28 11:06 . 2011-08-28 11:06	908576	----a-w-	c:\program files\jxpiinstall.exe
2011-08-24 09:02 . 2011-07-11 13:25	2048	----a-w-	c:\windows\system32\tzres.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-06 20:45 . 2010-06-29 12:56	41184	----a-w-	c:\windows\avastSS.scr
2011-09-06 20:45 . 2008-12-13 20:23	199304	----a-w-	c:\windows\system32\aswBoot.exe
2011-09-06 20:38 . 2011-04-04 14:57	442200	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2011-09-06 20:37 . 2008-12-13 20:24	320856	----a-w-	c:\windows\system32\drivers\aswSP.sys
2011-09-06 20:36 . 2008-12-13 20:24	34392	----a-w-	c:\windows\system32\drivers\aswRdr.sys
2011-09-06 20:36 . 2008-12-13 20:24	52568	----a-w-	c:\windows\system32\drivers\aswTdi.sys
2011-09-06 20:36 . 2008-12-13 20:23	54616	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2011-09-06 20:36 . 2008-12-13 20:24	20568	----a-w-	c:\windows\system32\drivers\aswFsBlk.sys
2011-08-13 09:49 . 2011-06-22 13:04	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-12 02:44 . 2008-10-08 09:57	7152464	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll	ERROR(0x00000005)
2011-08-03 16:11 . 2011-08-03 16:11	21073936	----a-w-	c:\program files\vlc-1.1.11-win32.exe
2011-07-29 14:37 . 2011-07-29 14:37	2448352	----a-w-	c:\program files\mp3tagv249setup.exe
2011-07-22 02:54 . 2011-08-10 12:38	1797632	----a-w-	c:\windows\system32\jscript9.dll
2011-07-22 02:48 . 2011-08-10 12:38	1126912	----a-w-	c:\windows\system32\wininet.dll
2011-07-22 02:44 . 2011-08-10 12:38	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2011-07-19 03:05 . 2010-10-19 14:27	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-07-06 15:31 . 2011-08-10 12:31	214016	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-28 13:09 . 2011-06-28 13:09	21022914	----a-w-	c:\program files\vlc-1.1.10-win32.exe
2011-06-20 08:54 . 2011-08-10 12:31	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-06-20 08:54 . 2011-08-10 12:31	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-06-17 20:13 . 2011-08-10 12:31	905104	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-17 16:03 . 2011-08-10 12:31	375808	----a-w-	c:\windows\system32\winsrv.dll
2011-05-30 20:07 . 2011-05-30 20:07	1402880	----a-w-	c:\program files\HiJackThis.msi
2011-05-30 14:17 . 2011-05-30 14:17	3096424	----a-w-	c:\program files\ccsetup307.exe
2011-04-28 14:07 . 2011-04-28 14:07	2446680	----a-w-	c:\program files\mp3tagv248setup.exe
2011-04-26 16:04 . 2011-04-26 16:03	20533281	----a-w-	c:\program files\vlc-1.1.9-win32.exe
2011-04-23 12:33 . 2011-04-23 12:33	2832544	----a-w-	c:\program files\install_flash_player.exe
2011-04-23 11:59 . 2011-04-23 11:59	568648	----a-w-	c:\program files\GoogleEarthSetup.exe
2011-04-04 17:24 . 2011-04-04 17:24	3050664	----a-w-	c:\program files\ccsetup305.exe
2011-04-04 15:09 . 2011-04-04 15:08	247053	----a-w-	c:\program files\mp3DC213.exe
2011-03-31 11:08 . 2011-03-31 11:08	20586196	----a-w-	c:\program files\vlc-1.1.8-win32.exe
2011-03-20 14:06 . 2011-03-20 14:06	772384	----a-w-	c:\program files\Mats_Run.performance.exe
2011-03-20 14:05 . 2011-03-20 14:05	772896	----a-w-	c:\program files\Mats_Run.printing.exe
2011-03-18 11:56 . 2011-03-18 11:56	20364702	----a-w-	c:\program files\vlc-1.1.7-win32.exe
2011-03-18 11:52 . 2011-03-18 11:52	6277496	----a-w-	c:\program files\Silverlight.exe
2011-02-20 15:40 . 2011-02-20 15:36	168166968	----a-w-	c:\program files\OOo_3.3.0_Win_x86_install-wJRE_de.exe
2011-01-26 16:52 . 2011-01-26 16:52	3006368	----a-w-	c:\program files\ccsetup303.exe
2011-01-13 20:01 . 2011-01-13 20:01	2827728	----a-w-	c:\program files\install_flash_player_ax.exe
2011-01-06 15:49 . 2011-01-06 15:49	38147376	----a-w-	c:\program files\QuickTimeInstaller.exe
2010-12-30 15:04 . 2010-12-30 15:03	4044900	----a-w-	c:\program files\tipp10_win_v2-0-3.exe
2010-12-20 11:43 . 2010-12-20 11:43	4750496	----a-w-	c:\program files\Shockwave_Installer_Slim.exe
2010-12-09 15:21 . 2010-12-09 15:21	19985265	----a-w-	c:\program files\vlc-1.1.5-win32.exe
2010-10-26 15:08 . 2010-10-26 15:08	226402	----a-w-	c:\program files\mp3DC212.exe
2010-10-14 19:42 . 2010-10-14 19:42	4229377	----a-w-	c:\program files\OrbitSetup4.0.3.exe
2010-08-28 10:45 . 2010-08-28 10:44	19657194	----a-w-	c:\program files\vlc-1.1.4-win32.exe
2010-08-20 12:25 . 2010-08-20 12:23	19563096	----a-w-	c:\program files\vlc-1.1.3-win32.exe
2010-08-10 14:13 . 2010-08-10 14:04	128750008	----a-w-	c:\program files\Ad-AwareInstall.exe
2010-08-02 12:16 . 2010-08-02 12:14	19461015	----a-w-	c:\program files\vlc-1.1.2-win32.exe
2010-08-01 12:43 . 2010-08-01 12:43	1295402	----a-w-	c:\program files\ag_mp3_plugin_setup.exe
2010-07-27 12:20 . 2010-07-27 12:10	151343200	----a-w-	c:\program files\OOo_3.2.1_Win_x86_install_de.exe
2010-05-25 18:43 . 2010-05-25 18:43	3099136	----a-w-	c:\program files\openofficeorg32.msi
2010-05-20 13:50 . 2010-05-20 13:50	150358	----a-w-	c:\program files\1by1_169.exe
2010-05-03 11:02 . 2010-05-03 11:02	5461276	----a-w-	c:\program files\TMViewerSetup.exe
2010-04-07 12:40 . 2010-04-07 12:40	3376656	----a-w-	c:\program files\ccsetup230.exe
2010-03-04 15:42 . 2010-03-04 15:10	167555440	----a-w-	c:\program files\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
2010-03-02 14:44 . 2010-03-02 14:44	2024035	----a-w-	c:\program files\Firesave.exe
2010-03-02 12:32 . 2010-03-02 12:31	8853856	----a-w-	c:\program files\Thunderbird Setup 3.0.3.exe
2010-03-02 12:06 . 2010-03-02 12:06	1772267	----a-w-	c:\program files\Thundersave_1.0.exe
2010-02-19 12:43 . 2010-02-19 12:40	44518776	----a-w-	c:\program files\setup_av_free_2_.exe
2010-02-06 14:07 . 2010-02-06 14:06	18499623	----a-w-	c:\program files\vlc-1.0.5-win32.exe
2010-01-29 17:38 . 2010-01-29 17:37	3370400	----a-w-	c:\program files\ccsetup228.exe
2010-01-28 17:53 . 2010-01-28 17:53	127083	----a-w-	c:\program files\1by1_168.exe
2010-01-28 17:18 . 2010-01-28 17:18	2572472	----a-w-	c:\program files\OrbitDownloaderSetup.exe
2009-12-02 12:06 . 2009-12-02 12:06	1128916	----a-w-	c:\program files\pdf2wordsetup.exe
2009-11-29 20:12 . 2009-11-29 20:12	12543460	----a-w-	c:\program files\pdfsam-win32inst-v2_0_0.exe
2009-10-26 13:49 . 2009-10-26 13:44	77086488	----a-w-	c:\program files\Ad-AwareInstallation.exe
2009-10-14 12:26 . 2009-10-14 12:26	3309072	----a-w-	c:\program files\ccsetup224.exe
2009-10-07 11:55 . 2009-10-07 11:45	149845064	----a-w-	c:\program files\OOo_3.1.1_Win32Intel_install_de.exe
2009-07-11 12:36 . 2009-07-11 12:35	17828326	----a-w-	c:\program files\vlc-1.0.0-win32.exe
2009-06-26 15:59 . 2009-06-26 15:59	728103	----a-w-	c:\program files\VAL v1.1.1 Setup.exe
2009-05-15 11:43 . 2009-05-15 11:43	3227248	----a-w-	c:\program files\ccsetup219.exe
2009-05-08 21:16 . 2009-05-08 21:15	16742799	----a-w-	c:\program files\vlc-0.9.9-win32.exe
2009-05-07 13:42 . 2009-05-07 13:31	147695064	----a-w-	c:\program files\OOo_3.1.0_Win32Intel_install_de.exe
2009-05-05 14:01 . 2009-05-05 14:01	212713	----a-w-	c:\program files\mp3DC211.exe
2009-05-05 13:59 . 2009-05-05 13:59	121784	----a-w-	c:\program files\1by1_167.exe
2009-05-01 09:43 . 2009-05-01 09:28	218474518	----a-w-	c:\program files\OOO31CBE.exe
2009-04-27 13:16 . 2009-04-27 13:16	3190688	----a-w-	c:\program files\ccsetup218.exe
2009-04-27 10:03 . 2009-04-27 10:03	9818624	----a-w-	c:\program files\openofficeorg31.msi
2009-04-21 12:18 . 2009-04-21 12:16	34543112	----a-w-	c:\program files\Ad-AwareAE.exe
2009-02-19 17:00 . 2009-02-19 16:59	16409960	----a-w-	c:\program files\spybotsd162.exe
2009-01-04 17:29 . 2009-01-04 17:29	938576	----a-w-	c:\program files\7z463.exe
2009-01-02 15:07 . 2009-01-02 15:05	16320472	----a-w-	c:\program files\vlc-0.9.8a-win32.exe
2008-12-31 14:43 . 2008-12-31 14:43	1018074	----a-w-	c:\program files\lameplugin.exe
2008-12-31 14:30 . 2008-12-31 14:28	23804784	----a-w-	c:\program files\aaw2008_11n.exe
2008-12-31 14:13 . 2008-12-31 14:11	15083520	----a-w-	c:\program files\spybotsd160.exe
2008-12-31 13:51 . 2008-12-31 13:51	3165824	----a-w-	c:\program files\ccsetup215.exe
2008-12-30 13:12 . 2008-12-30 13:12	2170309	----a-w-	c:\program files\gnupg-w32cli-1.4.9.exe
2008-12-29 17:36 . 2008-12-29 17:36	2188592	----a-w-	c:\program files\OrbitDownloader281Setup.exe
2008-12-10 16:28 . 2008-12-13 16:50	792771	----a-w-	c:\program files\MozBackup-1.4.8-DE.exe
2008-10-29 14:55 . 2008-12-13 20:18	2955128	----a-w-	c:\program files\ccsetup213.exe
2008-10-14 14:45 . 2008-12-13 20:18	189429	----a-w-	c:\program files\mp3DC209.exe
2008-10-13 14:10 . 2009-01-10 19:37	156172680	----a-w-	c:\program files\ooo300.exe
2008-02-25 16:03 . 2008-12-13 20:19	735964	----a-w-	c:\program files\GS_Index_20071215.exe
2008-02-05 02:09 . 2008-12-13 20:19	6557639	----a-w-	c:\program files\kompozer-0.77.de-DE.win32.installer.exe
2006-12-13 18:53 . 2008-12-13 20:19	12785408	----a-w-	c:\program files\cibpdfbrewer.exe
2006-12-13 16:41 . 2008-12-13 20:19	4986208	----a-w-	c:\program files\cibpdfplugin.exe
2002-03-11 09:06 . 2002-03-11 09:06	1822520	----a-w-	c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45	1708856	----a-w-	c:\program files\instmsia.exe
2011-09-09 10:10 . 2011-03-22 16:03	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-09-06 20:45	122512	----a-w-	c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-22 13589024]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-22 92704]
"Launcher"="c:\program files\Kyocera\FS-720 Utilities\KMGLNC.exe" [2005-01-27 57344]
"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]
"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-06-30 339968]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
2011-09-12 15:14	1191216	----a-w-	c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 10:55	937920	----a-w-	c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-06-06 10:55	35736	----a-w-	c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]
2008-10-14 09:57	20480	----a-w-	c:\program files\Google\Google EULA\GoogleEULALauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-12-12 07:31	1840424	----a-w-	c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-12-02 14:29	2221352	----a-w-	c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2006-10-11 11:45	75304	----a-w-	c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2008-09-09 16:32	1833504	----a-w-	c:\windows\SkyTel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-09-28 12:16	185896	----a-w-	c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 11:06	254696	----a-w-	c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-10-20 09:27	39408	----a-w-	c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]
2008-10-14 00:52	180224	----a-w-	c:\program files\HomeCinema\TV Enhance\TVEService.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-12 2151640]
R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-11-07 14976]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 135664]
R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-08-21 645120]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-10-14 376937]
S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2008-10-14 184423]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2008-09-25 1332576]
S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-09-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 15:14]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 15:21]
.
2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 15:21]
.
2011-09-14 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
- c:\windows\system32\msfeedssync.exe [2011-03-15 16:20]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = about:blank
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\xce0990k.default\
FF - prefs.js: browser.startup.homepage - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-09-14 17:30
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PSIService.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\windows\system32\WUDFHost.exe
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-09-14  17:33:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-09-14 15:33
.
Vor Suchlauf: 8 Verzeichnis(se), 714.781.548.544 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 715.133.202.432 Bytes frei
.
- - End Of File - - 4BAD096EA0077A1B21A0CEADA0EC52E2
         

Alt 14.09.2011, 20:42   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Viren Yabectot, Malware-gen, GenericBT beseitigt? - Standard

Viren Yabectot, Malware-gen, GenericBT beseitigt?



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Viren Yabectot, Malware-gen, GenericBT beseitigt?
7-zip, ad-aware, antivirus, audiograbber, autorun, bho, ccsetup, converter, downloader, error, excel.exe, festplatte, firefox, flash player, google earth, hijack, home, iexplore.exe, index, ip-adresse, keine viren, logfile, microsoft office word, mozilla thunderbird, mp3, netzwerk, nvlddmkm.sys, office 2007, realtek, registry, rundll, safer networking, security, security update, senden, shell32.dll, starten, svchost.exe, usb, version=1.0, viren, yabector



Ähnliche Themen: Viren Yabectot, Malware-gen, GenericBT beseitigt?


  1. Malware, Viren, Ruckeln
    Log-Analyse und Auswertung - 23.10.2015 (1)
  2. Acer Windows 7-Rechner * Befall von Viren und Trojanern? * Antivir Rescue CD beseitigt Viren/Trojanernicht
    Plagegeister aller Art und deren Bekämpfung - 14.12.2014 (15)
  3. Viren und Malware gefunden
    Log-Analyse und Auswertung - 19.09.2014 (13)
  4. WIndows 7 stürzt mit Bluescreens ab, Malware beseitigt
    Alles rund um Windows - 24.05.2013 (11)
  5. Bundestrojaner(Trojan.Agent)explorer.exe in C/HKCU Software wird gefunden von Malware, aber kann nicht beseitigt werden
    Plagegeister aller Art und deren Bekämpfung - 11.10.2012 (13)
  6. GVU Zahlungsaufforderung Trojaner mit Malwarebytes Anti-Malware beseitigt Schritt 2
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (2)
  7. 50€ Virus scheinbar beseitigt, Malwarebytes Anti Malware (Keine Rückmeldung)
    Log-Analyse und Auswertung - 07.03.2012 (5)
  8. Windows Recovery Malware. Halbwegs beseitigt.
    Log-Analyse und Auswertung - 15.04.2011 (20)
  9. Trojaner, Malware entdeckt, beseitigt? csrss.exe nicht im Win32-Modus, usw.
    Plagegeister aller Art und deren Bekämpfung - 23.02.2011 (21)
  10. Rogue-Malware "EASY SCAN" alias "HDD Low" Problem beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 30.12.2010 (9)
  11. Exploit.PDF-JS.Gen,Trojan.Win32.GenericBT&Win32.BackdoorPoison entdeckt und entfernt - Logfile
    Log-Analyse und Auswertung - 20.09.2010 (11)
  12. [Windows 7]Malware kann nicht beseitigt werden
    Log-Analyse und Auswertung - 15.05.2010 (1)
  13. Viren/Malware?
    Plagegeister aller Art und deren Bekämpfung - 08.05.2010 (1)
  14. Malware Defense/Security Alert --->Alles beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 11.01.2010 (8)
  15. Malware beseitigt? kurzen Ratschlag bitte, danke!:)
    Plagegeister aller Art und deren Bekämpfung - 08.07.2009 (1)
  16. Malware-Batzen beseitigt, wie sicher kann ich sein?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2008 (22)
  17. Viren/Malware unter Vista?
    Plagegeister aller Art und deren Bekämpfung - 21.04.2007 (1)

Zum Thema Viren Yabectot, Malware-gen, GenericBT beseitigt? - Ich habe bei einem Virensuchlauf mit Avast!free 6 Virenfunde angezeigt bekommen - erstmalig. Das Avast-Programm hat vorgeschlagen, eine "Startzeit-Prüfung" durchzuführen, also vor dem Starten des Windows-Vista-Betriebssystems nach Viren zu suchen. - Viren Yabectot, Malware-gen, GenericBT beseitigt?...
Archiv
Du betrachtest: Viren Yabectot, Malware-gen, GenericBT beseitigt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.