Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: "YOUR PROTECTION" und "TDSS" volkommen gelöscht?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.04.2010, 22:21   #1
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Hallo zusammen

Ich hab gestern bekanntschaft mit "YOUR PROTECTION" gemacht. Ich habe eine vermeintlich neue Version eines Flashplayers insatllieren wollen als plötzlich die Wahrnung von Avira Antivir kam. Eine installations anfrage eines weitern Programms habe ich verweigert, was es war weiß ich nicht mehr aber da es ja nicht installiert worden ist denk ich ist es auch nicht so wichtig.

Habe dann zunächst Ad-Aware installiert und das Prograamm Scannen lassen.
Kam folgendes bei rum:

Code:
ATTFilter
Logfile created: 07.04.2010 21:04:28
Ad-Aware version: 8.2.2
User performing scan: Martin

*********************** Definitions database information ***********************
Lavasoft definition file: 149.198
Genotype definition file version: 2010/04/06 15:06:27

******************************** Scan results: *********************************
Scan profile name: Vollständiger Scan  (ID: full)
Objects scanned: 211413
Objects detected: 22


Type              Detected
==========================
Processes.......:        1
Registry entries:        4
Hostfile entries:        0
Files...........:        2
Folders.........:        2
LSPs............:        0
Cookies.........:       13
Browser hijacks.:        0
MRU objects.....:        0



Removed items:
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *atdmt* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408910 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *2o7* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408943 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *tradedoubler* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408964 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *doubleclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408875 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: c:\program files (x86)\your protection Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429948 Family ID: 2494514
Description: c:\users\martin\appdata\roaming\microsoft\windows\start menu\programs\your protection Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429954 Family ID: 2494514

Quarantined items:
Description: c:\users\***\appdata\local\temp\mplay32xe.exe Family Name: Win32.FraudTool.PaladinAntivirus/B Engine: 1 Clean status: Reboot required Item ID: 0 Family ID: 0
Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Protection: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429941 Family ID: 2494514
Description: HKLM:SOFTWARE\Your Protection: Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429942 Family ID: 2494514
Description: HKU:S-1-5-21-3031591490-684083384-409637594-1001\Software\Microsoft\Windows\CurrentVersion\Run:mplay32xe.exe Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429943 Family ID: 2494514
Description: HKLM:SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved:{5E2121EE-0300-11D4-8D3B-444553540000} Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429946 Family ID: 2494514
Description: c:\users\***\desktop\your protection.lnk Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429949 Family ID: 2494514 MD5: 385b14effe06f249b8a7a19e4a0766d6
Description: c:\users\***\desktop\your protection support.lnk Family Name: Win32.FraudTool.PaladinAntivirus Engine: 1 Clean status: Success Item ID: 3429950 Family ID: 2494514 MD5: 0b5a8aeeb006fc93628584b6a72034c0

Scan and cleaning complete: Finished correctly after 2186 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Vollständiger Scan
  ID: folderstoscan, enabled:1, value: C:\,D:\,E:\,F:\
  ID: useantivirus, enabled:1, value: true
  ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: true
    ID: scanhostsfile, enabled:1, value: true
    ID: scanmru, enabled:1, value: true
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
      ID: closebrowsers, enabled:1, value: false
  ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: true
    ID: onlyexecutables, enabled:1, value: false
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
      ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
  ID: addtocontextmenu, enabled:1, value: true
  ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: *to be filled in automatically*\alert.wav

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
  ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
  ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:1, value: Daily 1
      ID: time, enabled:1, value: Wed Apr 07 21:01:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily2, enabled:1, value: Daily 2
      ID: time, enabled:1, value: Wed Apr 07 03:01:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily3, enabled:1, value: Daily 3
      ID: time, enabled:1, value: Wed Apr 07 09:01:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily4, enabled:1, value: Daily 4
      ID: time, enabled:1, value: Wed Apr 07 15:01:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly1, enabled:1, value: Weekly
      ID: time, enabled:1, value: Wed Apr 07 21:01:00 2010
      ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: true
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: true
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
  ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
  ID: showtrayicon, enabled:1, value: true
  ID: autoentertainmentmode, enabled:1, value: true
  ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
  ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
  ID: layers, enabled:1
    ID: useantivirus, enabled:1, value: true
    ID: usespywareheuristics, enabled:1, value: true
  ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
  ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: onaccessprotection, enabled:1, value: true
    ID: registryprotection, enabled:1, value: true
    ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: ***-PC
Processor name: Intel(R) Core(TM) i5 CPU       M 520  @ 2.40GHz
Processor identifier: Intel64 Family 6 Model 37 Stepping 2
Processor speed: ~2394MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 9474, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 2858827776 bytes
Physical memory total: 4218281984 bytes
Virtual memory available: 1671823360 bytes
Virtual memory total: 2147352576 bytes
Memory load: 32%
Microsoft  (build 7600)
Windows startup mode:

Running processes:
PID: 328 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 476 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 540 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 568 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 608 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 624 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 632 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 728 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 796 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 892 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 932 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1020 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 408 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 480 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 704 name: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1288 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1336 name: C:\Windows\System32\hpservice.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1396 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1472 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1520 name: C:\Windows\System32\wlanext.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1528 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1584 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1664 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1696 name: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1716 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1828 name: C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1848 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1892 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1912 name: C:\Program Files (x86)\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1956 name: C:\Windows\SysWOW64\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2004 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2040 name: C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1036 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1192 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1368 name: C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1740 name: C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2084 name: C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2116 name: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2432 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2504 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2732 name: C:\Windows\System32\taskhost.exe owner: *** domain: ***-PC
PID: 2812 name: C:\Windows\System32\dwm.exe owner: *** domain: ***-PC
PID: 2840 name: C:\Windows\explorer.exe owner: *** domain: ***-PC
PID: 3024 name: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe owner: *** domain: ***-PC
PID: 3032 name: C:\Program Files\IDT\WDM\sttray64.exe owner: *** domain: ***-PC
PID: 3040 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: *** domain: ***-PC
PID: 3048 name: C:\Program Files\Windows Sidebar\sidebar.exe owner: *** domain: ***-PC
PID: 2584 name: C:\Users\***\AppData\Local\Temp\mplay32xe.exe owner: *** domain: ***-PC
PID: 2828 name: C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE owner: *** domain: ***-PC
PID: 2960 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: *** domain: ***-PC
PID: 2672 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3252 name: C:\Program Files\Synaptics\SynTP\SynTPHelper.exe owner: *** domain: ***-PC
PID: 3300 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3708 name: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe owner: *** domain: ***-PC
PID: 3944 name: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe owner: *** domain: ***-PC
PID: 3952 name: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe owner: *** domain: ***-PC
PID: 3972 name: C:\Windows\System32\taskeng.exe owner: *** domain: ***-PC
PID: 3980 name: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe owner: *** domain: ***-PC
PID: 4068 name: C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe owner: *** domain: ***-PC
PID: 3172 name: C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe owner: *** domain: ***-PC
PID: 3176 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe owner: *** domain: ***-PC
PID: 3424 name: C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe owner: *** domain: ***-PC
PID: 3196 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: *** domain: ***-PC
PID: 3220 name: C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3272 name: C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe owner: *** domain: ***-PC
PID: 3264 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3640 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 164 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2352 name: C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe owner: *** domain: ***-PC
PID: 336 name: C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe owner: *** domain: ***-PC
PID: 1216 name: C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe owner: *** domain: ***-PC
PID: 2208 name: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4192 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4212 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4412 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Martin domain: Martin-PC
PID: 4444 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWWSC.exe owner: SYSTEM domain: NT-AUTORITÄT

Startup items:
Name: WebCheck
          imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: Corel File Shell Monitor
          imagepath: C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
Name: 
          imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name: 
          imagepath: autocheck autochk *

Running services:
Name: AeLookupSvc
          displayname: Anwendungserfahrung
Name: AESTFilters
          displayname: Andrea ST Filters Service
Name: AntiVirSchedulerService
          displayname: Avira AntiVir Planer
Name: AntiVirService
          displayname: Avira AntiVir Guard
Name: Appinfo
          displayname: Anwendungsinformationen
Name: Apple Mobile Device
          displayname: Apple Mobile Device
Name: AudioEndpointBuilder
          displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
          displayname: Windows-Audio
Name: BFE
          displayname: Basisfiltermodul
Name: Bonjour Service
          displayname: Dienst "Bonjour"
Name: Browser
          displayname: Computerbrowser
Name: Com4QLBEx
          displayname: Com4QLBEx
Name: CryptSvc
          displayname: Kryptografiedienste
Name: DcomLaunch
          displayname: DCOM-Server-Prozessstart
Name: Dhcp
          displayname: DHCP-Client
Name: Dnscache
          displayname: DNS-Client
Name: DPS
          displayname: Diagnoserichtliniendienst
Name: EapHost
          displayname: Extensible Authentication-Protokoll
Name: eventlog
          displayname: Windows-Ereignisprotokoll
Name: EventSystem
          displayname: COM+-Ereignissystem
Name: ezSharedSvc
          displayname: Easybits Shared Services for Windows
Name: fdPHost
          displayname: Funktionssuchanbieter-Host
Name: FDResPub
          displayname: Funktionssuche-Ressourcenveröffentlichung
Name: gpsvc
          displayname: Gruppenrichtlinienclient
Name: hidserv
          displayname: Zugriff auf Eingabegeräte
Name: HomeGroupListener
          displayname: Heimnetzgruppen-Listener
Name: HomeGroupProvider
          displayname: Heimnetzgruppen-Anbieter
Name: hpqwmiex
          displayname: hpqwmiex
Name: hpsrv
          displayname: HP Service
Name: ICQ Service
          displayname: ICQ Service
Name: iphlpsvc
          displayname: IP-Hilfsdienst
Name: iPod Service
          displayname: iPod-Dienst
Name: KeyIso
          displayname: CNG-Schlüsselisolation
Name: LanmanServer
          displayname: Server
Name: LanmanWorkstation
          displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
          displayname: Lavasoft Ad-Aware Service
Name: LightScribeService
          displayname: LightScribeService Direct Disc Labeling Service
Name: lmhosts
          displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MMCSS
          displayname: Multimediaklassenplaner
Name: MpsSvc
          displayname: Windows-Firewall
Name: Netman
          displayname: Netzwerkverbindungen
Name: netprofm
          displayname: Netzwerklistendienst
Name: NlaSvc
          displayname: NLA (Network Location Awareness)
Name: nsi
          displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
          displayname: NVIDIA Display Driver Service
Name: p2pimsvc
          displayname: Peernetzwerkidentitäts-Manager
Name: p2psvc
          displayname: Peernetzwerk-Gruppenzuordnung
Name: PcaSvc
          displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
          displayname: Plug & Play
Name: PNRPsvc
          displayname: Peer Name Resolution-Protokoll
Name: Power
          displayname: Stromversorgung
Name: ProfSvc
          displayname: Benutzerprofildienst
Name: PSI_SVC_2
          displayname: Protexis Licensing V2
Name: RichVideo
          displayname: Cyberlink RichVideo Service(CRVS)
Name: RpcEptMapper
          displayname: RPC-Endpunktzuordnung
Name: RpcSs
          displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
          displayname: Sicherheitskonto-Manager
Name: Schedule
          displayname: Aufgabenplanung
Name: SeaPort
          displayname: SeaPort
Name: SENS
          displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
          displayname: Shellhardwareerkennung
Name: Spooler
          displayname: Druckwarteschlange
Name: SSDPSRV
          displayname: SSDP-Suche
Name: STacSV
          displayname: Audio Service
Name: SysMain
          displayname: Superfetch
Name: Themes
          displayname: Designs
Name: TrkWks
          displayname: Überwachung verteilter Verknüpfungen (Client)
Name: upnphost
          displayname: UPnP-Gerätehost
Name: UxSms
          displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: WdiServiceHost
          displayname: Diagnosediensthost
Name: WdiSystemHost
          displayname: Diagnosesystemhost
Name: WinHttpAutoProxySvc
          displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
          displayname: Windows-Verwaltungsinstrumentation
Name: Wlansvc
          displayname: Automatische WLAN-Konfiguration
Name: WMPNetworkSvc
          displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
          displayname: Enumeratordienst für tragbare Geräte
Name: WSearch
          displayname: Windows Search
Name: wudfsvc
          displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
         
Ich habe dann versucht wie in der Beschreibung "Your Protection entfernen" (.....board.de/84400-your-protection-entfernen.html) vorzugehen.
Mit "rkill.com" Malware-Prozesse gestoppt und ohne Probleme Malwarebytes installiert und scannen lassen.
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3966

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.04.2010 22:46:46
mbam-log-2010-04-07 (22-46-46).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 287343
Laufzeit: 28 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 1
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Users\***\AppData\Roaming\Your Protection (Rogue.YourProtection) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\593A.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\asd7416.tmp.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\dhdhtrdhdrtr5y (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\TMP592B.tmp (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Local\Temp\_VOID6a69.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\***\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Your Protection.lnk (Rogue.YourProtection) -> Quarantined and deleted successfully.
         
Bis hierhin verlief alles reibungslos aber mit dem Rootkit.TDSS enfernen hatte ich dann probleme, weil das Programm von Kaspersky nicht mit meiner 64bit Version von Windows 7 kompatibel ist.
(http://www.trojaner-board.de/82358-t...entfernen.html)

Ich hab dann nach den dort stehenden dateien gesucht sie aber nicht gefunden. Heißt das jetzt mein PC ist sauber oder könnten da jetzt durchaus noch unerwünschtes zu finden sein?

CCleaner habe ich durchlaufen lassen. Benötigt ihr infos über diesen vorgang eine Logdatei oder den Reg.-eintrag den ich gespeichert habe?

RSIT läuft leider nicht (AutoIT Error Line -1: Error: Variable used without being declared.)

Könnt ihr mir auch ohne die Logdatei des RSIT helfen? Ich werd aufjedenfall nochmal versuchen das zum laufen zu bekommen!



Gruß, Martinius!

Alt 09.04.2010, 13:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Hallo und

Zitat:
RSIT läuft leider nicht (AutoIT Error Line -1: Error: Variable used without being declared.)
Wenn RSIT nicht startet: im Kompatibilitätsmodus ausführen (Rechtsklick auf RSIT.exe, Reiter Kompatibilität) => Windows XP einstellen und ausführen
__________________

__________________

Alt 09.04.2010, 16:57   #3
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Danke

Hier die Log-Datei:

Code:
ATTFilter
Logfile of random's system information tool 1.06 (written by random/random)
Run by Martin at 2010-04-09 16:41:05
Microsoft Windows 7 Home Premium  Service Pack 3
System drive C: has 372 GB (81%) free of 460 GB
Total RAM: 4023 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:06, on 09.04.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe
C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Martin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Martin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
O4 - HKLM\..\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix: 
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11346 bytes

======Scheduled tasks folder======

C:\Windows\tasks\HPCeeScheduleForMartin.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-03-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]
Windows Live Toolbar Helper - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll [2009-02-06 1068904]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Corel File Shell Monitor"=C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe [2009-08-25 15544]
"HPCam_Menu"=c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-08-20 322104]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"HP Software Update"=C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]
""= []
"WirelessAssistant"=C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2009-07-23 498744]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]
"iTunesHelper"=C:\Program Files (x86)\iTunes\iTunesHelper.exe [2010-03-26 142120]
"Diamondback"=C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe [2009-10-12 226816]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1475072]

C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AppInfo]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\BFE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\bowser]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\dfsc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Dot3Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Eaphost]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\EFS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\IKEEXT]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\KeyIso]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSDrv]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MPSSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb10]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mrxsmb20]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NativeWifiP]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ndiscap]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\netprofm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NlaSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Nsi]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nsiproxy.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\NTDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PolicyAgent]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Power]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\ProfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdbss]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\rdpencdd.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\RpcEptMapper]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\sacsvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SCardSvr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SWPRV]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TabletInputService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TBS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\TrustedInstaller]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VaultSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\VDS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vmms]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgr.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\volmgrx.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WinDefend]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wlansvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{50DD5230-BA8A-11D1-BF5D-0000F805F530}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"DisableLockWorkstation"=0
"DisableChangePassword"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"HideFastUserSwitching"=0
"DisableTaskMgr"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=
"ForceActiveDesktopOn"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a378636-3c24-11df-8b76-806e6f6e6963}]
shell\AutoRun\command - G:\Autorun.exe


======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-04-08 19:47:52 ----D---- C:\rsit
2010-04-08 19:47:52 ----D---- C:\Program Files (x86)\trend micro
2010-04-08 19:38:37 ----D---- C:\Program Files (x86)\CCleaner
2010-04-08 17:22:09 ----A---- C:\TDSSKiller.2.2.8.1_08.04.2010_17.22.09_log.txt
2010-04-08 17:21:45 ----A---- C:\TDSSKiller.2.2.8.1_08.04.2010_17.21.45_log.txt
2010-04-07 22:09:17 ----D---- C:\Users\***\AppData\Roaming\Malwarebytes
2010-04-07 22:09:07 ----D---- C:\ProgramData\Malwarebytes
2010-04-07 22:09:06 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-04-07 20:57:59 ----HDC---- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-04-07 20:57:55 ----D---- C:\ProgramData\Lavasoft
2010-04-07 20:57:55 ----D---- C:\Program Files (x86)\Lavasoft
2010-04-07 16:47:17 ----D---- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
2010-04-05 00:02:59 ----D---- C:\Program Files (x86)\DVDVideoSoft
2010-04-05 00:02:59 ----D---- C:\Program Files (x86)\Common Files\DVDVideoSoft
2010-04-03 18:38:53 ----D---- C:\Program Files (x86)\Common Files\Steam
2010-04-03 18:38:50 ----D---- C:\Program Files (x86)\Steam
2010-04-03 18:38:15 ----A---- C:\Windows\system32\XAudio2_5.dll
2010-04-03 18:38:14 ----A---- C:\Windows\system32\xactengine3_5.dll
2010-04-03 18:38:14 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2010-04-03 18:38:13 ----A---- C:\Windows\system32\D3DX9_42.dll
2010-04-03 18:38:13 ----A---- C:\Windows\system32\d3dx11_42.dll
2010-04-03 18:38:13 ----A---- C:\Windows\system32\d3dx10_42.dll
2010-04-03 18:38:13 ----A---- C:\Windows\system32\d3dx10_41.dll
2010-04-03 18:38:13 ----A---- C:\Windows\system32\d3dcsx_42.dll
2010-04-03 18:38:13 ----A---- C:\Windows\system32\D3DCompiler_41.dll
2010-04-03 18:38:12 ----A---- C:\Windows\system32\XAudio2_4.dll
2010-04-03 18:38:12 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2010-04-03 18:38:12 ----A---- C:\Windows\system32\D3DX9_41.dll
2010-04-03 18:38:11 ----A---- C:\Windows\system32\xactengine3_4.dll
2010-04-03 18:38:11 ----A---- C:\Windows\system32\X3DAudio1_6.dll
2010-04-03 18:38:11 ----A---- C:\Windows\system32\d3dx10_40.dll
2010-04-03 18:38:11 ----A---- C:\Windows\system32\D3DCompiler_40.dll
2010-04-03 18:38:10 ----A---- C:\Windows\system32\XAudio2_3.dll
2010-04-03 18:38:10 ----A---- C:\Windows\system32\XAudio2_2.dll
2010-04-03 18:38:10 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2010-04-03 18:38:10 ----A---- C:\Windows\system32\XAPOFX1_1.dll
2010-04-03 18:38:10 ----A---- C:\Windows\system32\xactengine3_3.dll
2010-04-03 18:38:10 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2010-04-03 18:38:10 ----A---- C:\Windows\system32\D3DX9_40.dll
2010-04-03 18:38:09 ----A---- C:\Windows\system32\XAudio2_1.dll
2010-04-03 18:38:09 ----A---- C:\Windows\system32\XAPOFX1_0.dll
2010-04-03 18:38:09 ----A---- C:\Windows\system32\xactengine3_2.dll
2010-04-03 18:38:09 ----A---- C:\Windows\system32\D3DX9_39.dll
2010-04-03 18:38:09 ----A---- C:\Windows\system32\d3dx10_39.dll
2010-04-03 18:38:09 ----A---- C:\Windows\system32\D3DCompiler_39.dll
2010-04-03 18:38:08 ----A---- C:\Windows\system32\XAudio2_0.dll
2010-04-03 18:38:08 ----A---- C:\Windows\system32\xactengine3_1.dll
2010-04-03 18:38:08 ----A---- C:\Windows\system32\X3DAudio1_4.dll
2010-04-03 18:38:08 ----A---- C:\Windows\system32\D3DX9_38.dll
2010-04-03 18:38:08 ----A---- C:\Windows\system32\d3dx10_38.dll
2010-04-03 18:38:08 ----A---- C:\Windows\system32\D3DCompiler_38.dll
2010-04-03 18:38:07 ----A---- C:\Windows\system32\xactengine3_0.dll
2010-04-03 18:38:07 ----A---- C:\Windows\system32\X3DAudio1_3.dll
2010-04-03 18:38:07 ----A---- C:\Windows\system32\D3DX9_37.dll
2010-04-03 18:38:07 ----A---- C:\Windows\system32\d3dx10_37.dll
2010-04-03 18:38:07 ----A---- C:\Windows\system32\D3DCompiler_37.dll
2010-04-02 21:40:32 ----D---- C:\Users\***\AppData\Roaming\Avira
2010-04-02 17:54:08 ----D---- C:\Program Files (x86)\Razer
2010-04-02 17:53:40 ----D---- C:\Users\***\AppData\Roaming\InstallShield
2010-04-02 16:47:13 ----D---- C:\Program Files (x86)\Electronic Arts
2010-04-02 11:04:21 ----D---- C:\ProgramData\Sun
2010-04-02 11:04:21 ----D---- C:\Program Files (x86)\Common Files\Java
2010-04-02 11:04:11 ----A---- C:\Windows\system32\javaws.exe
2010-04-02 11:04:11 ----A---- C:\Windows\system32\javaw.exe
2010-04-02 11:04:11 ----A---- C:\Windows\system32\java.exe
2010-04-01 23:42:13 ----D---- C:\Users\***\AppData\Roaming\vlc
2010-04-01 23:41:52 ----D---- C:\Program Files (x86)\VideoLAN
2010-04-01 22:08:26 ----D---- C:\ProgramData\Last.fm
2010-04-01 22:07:24 ----D---- C:\Program Files (x86)\Last.fm
2010-04-01 20:46:54 ----D---- C:\Program Files (x86)\ICQ-Banner-Remover
2010-04-01 20:17:45 ----D---- C:\Program Files (x86)\ICQ6Toolbar
2010-04-01 20:17:43 ----D---- C:\ProgramData\ICQ
2010-04-01 20:16:39 ----D---- C:\Users\***\AppData\Roaming\ICQ
2010-04-01 20:16:36 ----D---- C:\Program Files (x86)\ICQ7.1
2010-04-01 19:34:38 ----D---- C:\Users\***\AppData\Roaming\Apple Computer
2010-04-01 19:34:29 ----A---- C:\Windows\system32\GEARAspi.dll
2010-04-01 19:34:12 ----D---- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2010-04-01 19:34:12 ----D---- C:\Program Files (x86)\iTunes
2010-04-01 19:32:33 ----D---- C:\ProgramData\Apple Computer
2010-04-01 19:32:33 ----D---- C:\Program Files (x86)\QuickTime
2010-04-01 19:31:47 ----D---- C:\Program Files (x86)\Apple Software Update
2010-04-01 19:31:24 ----D---- C:\Program Files (x86)\Bonjour
2010-04-01 19:31:18 ----D---- C:\ProgramData\Apple
2010-04-01 19:31:18 ----D---- C:\Program Files (x86)\Common Files\Apple
2010-04-01 19:10:27 ----D---- C:\Users\***\AppData\Roaming\Mozilla
2010-04-01 19:10:14 ----D---- C:\Program Files (x86)\Mozilla Firefox
2010-04-01 17:31:50 ----A---- C:\Windows\system32\win_utilman.exe
2010-04-01 17:31:47 ----D---- C:\Users\***\AppData\Roaming\_MDLogs
2010-03-31 21:53:19 ----A---- C:\Windows\system32\msv1_0.dll
2010-03-31 21:51:04 ----D---- C:\Program Files (x86)\MSXML 4.0
2010-03-31 17:32:21 ----D---- C:\Users\***\AppData\Roaming\HP Support Assistant
2010-03-31 17:25:38 ----D---- C:\Users\***\AppData\Roaming\CyberLink
2010-03-31 17:08:08 ----A---- C:\Windows\system32\wmp.dll
2010-03-31 17:08:08 ----A---- C:\Windows\system32\CertEnroll.dll
2010-03-31 17:08:07 ----A---- C:\Windows\system32\wmploc.DLL
2010-03-31 17:07:59 ----A---- C:\Windows\system32\secproc_isv.dll
2010-03-31 17:07:59 ----A---- C:\Windows\system32\secproc.dll
2010-03-31 17:07:58 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2010-03-31 17:07:58 ----A---- C:\Windows\system32\secproc_ssp.dll
2010-03-31 17:07:58 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2010-03-31 17:07:58 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2010-03-31 17:07:58 ----A---- C:\Windows\system32\RMActivate_isv.exe
2010-03-31 17:07:58 ----A---- C:\Windows\system32\RMActivate.exe
2010-03-31 17:07:57 ----A---- C:\Windows\system32\t2embed.dll
2010-03-31 17:07:57 ----A---- C:\Windows\system32\fontsub.dll
2010-03-31 17:07:57 ----A---- C:\Windows\system32\explorer.exe
2010-03-31 17:07:57 ----A---- C:\Windows\system32\atmfd.dll
2010-03-31 17:07:57 ----A---- C:\Windows\explorer.exe
2010-03-31 17:07:56 ----A---- C:\Windows\system32\wow32.dll
2010-03-31 17:07:56 ----A---- C:\Windows\system32\user.exe
2010-03-31 17:07:56 ----A---- C:\Windows\system32\setup16.exe
2010-03-31 17:07:56 ----A---- C:\Windows\system32\ntvdm64.dll
2010-03-31 17:07:56 ----A---- C:\Windows\system32\instnm.exe
2010-03-31 17:07:54 ----A---- C:\Windows\system32\mshtml.dll
2010-03-31 17:07:53 ----A---- C:\Windows\system32\ieframe.dll
2010-03-31 17:07:52 ----A---- C:\Windows\system32\wininet.dll
2010-03-31 17:07:52 ----A---- C:\Windows\system32\urlmon.dll
2010-03-31 17:07:52 ----A---- C:\Windows\system32\mstime.dll
2010-03-31 17:07:52 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-03-31 17:07:52 ----A---- C:\Windows\system32\iedkcs32.dll
2010-03-31 17:07:46 ----A---- C:\Windows\system32\tzres.dll
2010-03-31 17:07:40 ----A---- C:\Windows\system32\quartz.dll
2010-03-31 17:07:39 ----A---- C:\Windows\system32\tsbyuv.dll
2010-03-31 17:07:39 ----A---- C:\Windows\system32\msyuv.dll
2010-03-31 17:07:39 ----A---- C:\Windows\system32\msvidc32.dll
2010-03-31 17:07:39 ----A---- C:\Windows\system32\msrle32.dll
2010-03-31 17:07:39 ----A---- C:\Windows\system32\mciavi32.dll
2010-03-31 17:07:39 ----A---- C:\Windows\system32\jscript.dll
2010-03-31 17:07:39 ----A---- C:\Windows\system32\iyuv_32.dll
2010-03-31 17:07:39 ----A---- C:\Windows\system32\avifil32.dll
2010-03-31 17:07:38 ----A---- C:\Windows\system32\CPFilters.dll
2010-03-31 17:07:37 ----A---- C:\Windows\system32\psisdecd.dll
2010-03-31 17:07:35 ----A---- C:\Windows\system32\msasn1.dll
2010-03-30 21:33:37 ----D---- C:\ProgramData\Recovery
2010-03-30 21:29:41 ----D---- C:\ProgramData\Avira
2010-03-30 21:29:41 ----D---- C:\Program Files (x86)\Avira
2010-03-30 21:26:38 ----D---- C:\Users\***\AppData\Roaming\HpUpdate
2010-03-30 21:20:25 ----D---- C:\Users\***\AppData\Roaming\hpqLog
2010-03-30 21:16:09 ----D---- C:\Users\***\AppData\Roaming\Macromedia
2010-03-30 21:16:07 ----D---- C:\Users\***\AppData\Roaming\Adobe
2010-03-30 21:15:25 ----A---- C:\ProgramData\HPWALog.txt
2010-03-30 21:14:58 ----D---- C:\Users\***\AppData\Roaming\Identities
2010-03-30 21:00:48 ----D---- C:\Users\***\AppData\Roaming\Hewlett-Packard
2010-03-30 20:59:21 ----SD---- C:\Users\***\AppData\Roaming\Microsoft
2010-03-30 20:59:21 ----D---- C:\Users\***\AppData\Roaming\Media Center Programs
2010-03-30 20:59:12 ----SHD---- C:\Programme
2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Vorlagen
2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Startmenü
2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Favoriten
2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Dokumente
2010-03-30 20:59:12 ----SHD---- C:\ProgramData\Anwendungsdaten
2010-03-30 20:59:12 ----SHD---- C:\Dokumente und Einstellungen

======List of files/folders modified in the last 1 months======

2010-04-09 16:41:06 ----D---- C:\Windows\Temp
2010-04-09 16:32:59 ----HD---- C:\ProgramData
2010-04-09 16:31:14 ----D---- C:\Windows
2010-04-08 21:33:09 ----D---- C:\Windows\debug
2010-04-08 19:47:52 ----D---- C:\Program Files (x86)
2010-04-08 17:13:07 ----D---- C:\Windows\Tasks
2010-04-08 16:12:59 ----SHD---- C:\System Volume Information
2010-04-07 23:21:34 ----D---- C:\Windows\winsxs
2010-04-07 23:21:34 ----D---- C:\Windows\System32
2010-04-07 22:09:08 ----D---- C:\Windows\system32\drivers
2010-04-07 20:58:03 ----SHD---- C:\Windows\Installer
2010-04-07 16:50:29 ----D---- C:\Windows\SysWOW64
2010-04-07 16:49:42 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2010-04-07 16:49:27 ----D---- C:\Windows\Help
2010-04-07 16:48:13 ----RSD---- C:\Windows\assembly
2010-04-07 16:48:05 ----D---- C:\Program Files (x86)\Hewlett-Packard
2010-04-07 16:47:58 ----RD---- C:\Users
2010-04-07 16:46:48 ----D---- C:\SwSetup
2010-04-07 16:45:19 ----D---- C:\ProgramData\Hewlett-Packard
2010-04-06 22:51:43 ----D---- C:\Windows\inf
2010-04-05 13:59:16 ----SHD---- C:\$Recycle.Bin
2010-04-05 12:51:20 ----D---- C:\Windows\Prefetch
2010-04-05 00:02:59 ----D---- C:\Program Files (x86)\Common Files
2010-04-03 18:36:45 ----D---- C:\Windows\Logs
2010-04-02 19:04:27 ----D---- C:\Windows\rescache
2010-04-02 11:03:58 ----D---- C:\Program Files (x86)\Java
2010-04-02 01:43:16 ----D---- C:\ProgramData\Microsoft Help
2010-04-02 01:24:16 ----RD---- C:\Program Files
2010-04-01 22:21:13 ----SD---- C:\ProgramData\Microsoft
2010-04-01 18:04:00 ----D---- C:\Program Files (x86)\HP Games
2010-04-01 18:03:54 ----D---- C:\ProgramData\WildTangent
2010-03-31 22:22:38 ----D---- C:\Windows\Microsoft.NET
2010-03-31 22:05:42 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2010-03-31 22:05:01 ----D---- C:\Program Files (x86)\Internet Explorer
2010-03-31 22:05:00 ----D---- C:\Program Files (x86)\Windows Media Player
2010-03-31 22:04:59 ----D---- C:\Windows\AppPatch
2010-03-31 22:04:58 ----D---- C:\Windows\system32\de-DE
2010-03-31 22:04:58 ----D---- C:\Windows\ehome
2010-03-31 21:54:15 ----D---- C:\Program Files (x86)\Microsoft Works
2010-03-31 21:49:09 ----RSD---- C:\Windows\Fonts
2010-03-31 21:49:02 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2010-03-31 21:47:43 ----D---- C:\Windows\SoftwareDistribution
2010-03-31 17:34:59 ----D---- C:\Windows\Hewlett-Packard
2010-03-30 21:40:45 ----A---- C:\Windows\system32\ezsvc7x.dll
2010-03-30 21:38:58 ----D---- C:\ProgramData\Norton
2010-03-30 21:00:45 ----RD---- C:\Program Files (x86)\Online Services
2010-03-30 21:00:45 ----D---- C:\Program Files (x86)\Windows Sidebar
2010-03-30 21:00:22 ----HD---- C:\SYSTEM.SAV
2010-03-30 21:00:19 ----SHD---- C:\Recovery
2010-03-30 19:49:59 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys []
R1 blbdrive;blbdrive; C:\Windows\system32\DRIVERS\blbdrive.sys []
R1 DfsC;@%systemroot%\system32\drivers\dfsc.sys,-101; C:\Windows\System32\Drivers\dfsc.sys []
R1 discache;@%systemroot%\system32\drivers\discache.sys,-102; C:\Windows\System32\drivers\discache.sys []
R1 nsiproxy;@%SystemRoot%\system32\drivers\nsiproxy.sys,-2; C:\Windows\system32\drivers\nsiproxy.sys []
R1 RDPENCDD;@%systemroot%\system32\drivers\RDPENCDD.sys,-101; C:\Windows\system32\drivers\rdpencdd.sys []
R1 RDPREFMP;@%systemroot%\system32\drivers\RdpRefMp.sys,-101; C:\Windows\system32\drivers\rdprefmp.sys []
R1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004; C:\Windows\system32\DRIVERS\tdx.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R1 Wanarpv6;@%systemroot%\system32\rascfg.dll,-32012; C:\Windows\system32\DRIVERS\wanarp.sys []
R1 WfpLwf;WFP Lightweight Filter; C:\Windows\system32\DRIVERS\wfplwf.sys []
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys []
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver; C:\Windows\system32\DRIVERS\lltdio.sys []
R2 luafv;@%systemroot%\system32\drivers\luafv.sys,-100; C:\Windows\system32\drivers\luafv.sys []
R2 PEAUTH;PEAUTH; C:\Windows\system32\drivers\peauth.sys []
R2 rspndr;Link-Layer Topology Discovery Responder; C:\Windows\system32\DRIVERS\rspndr.sys []
R2 tcpipreg;TCP/IP Registry Compatibility; C:\Windows\System32\drivers\tcpipreg.sys []
R3 Accelerometer;HP Accelerometer; C:\Windows\system32\DRIVERS\Accelerometer.sys []
R3 BCM43XX;Treiber für Broadcom 802.11-Netzwerkadapter; C:\Windows\system32\DRIVERS\bcmwl664.sys []
R3 bowser;@%systemroot%\system32\browser.dll,-102; C:\Windows\system32\DRIVERS\bowser.sys []
R3 circlass;Anwenderinfrarotgeräte; C:\Windows\system32\DRIVERS\circlass.sys []
R3 CmBatt;Treiber für Microsoft-ACPI-Kontrollmethodenkompatiblen Akku; C:\Windows\system32\DRIVERS\CmBatt.sys []
R3 CompositeBus;Busenumeratortreiber für Verbundgeräte; C:\Windows\system32\DRIVERS\CompositeBus.sys []
R3 DXGKrnl;LDDM Graphics Subsystem; C:\Windows\System32\drivers\dxgkrnl.sys []
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys []
R3 HDAudBus;Microsoft-UAA-Bustreiber für High Definition Audio; C:\Windows\system32\DRIVERS\HDAudBus.sys []
R3 HidIr;Microsoft Infrarot-HID-Treiber; C:\Windows\system32\DRIVERS\hidir.sys []
R3 HidUsb;Microsoft HID Class-Treiber; C:\Windows\system32\DRIVERS\hidusb.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys []
R3 intelppm;Intel-Prozessortreiber; C:\Windows\system32\DRIVERS\intelppm.sys []
R3 kbdhid;Tastatur-HID-Treiber; C:\Windows\system32\DRIVERS\kbdhid.sys []
R3 ksthunk;Kernel Streaming Thunks; C:\Windows\system32\drivers\ksthunk.sys []
R3 monitor;Microsoft Monitor-Klassenfunktionstreiber-Dienst; C:\Windows\system32\DRIVERS\monitor.sys []
R3 mouhid;Maus-HID-Treiber; C:\Windows\system32\DRIVERS\mouhid.sys []
R3 mpsdrv;@%SystemRoot%\system32\FirewallAPI.dll,-23092; C:\Windows\System32\drivers\mpsdrv.sys []
R3 mrxsmb10;@%systemroot%\system32\wkssvc.dll,-1004; C:\Windows\system32\DRIVERS\mrxsmb10.sys []
R3 mrxsmb20;@%systemroot%\system32\wkssvc.dll,-1006; C:\Windows\system32\DRIVERS\mrxsmb20.sys []
R3 NativeWifiP;NativeWiFi Filter; C:\Windows\system32\DRIVERS\nwifi.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RasAgileVpn;WAN Miniport (IKEv2); C:\Windows\system32\DRIVERS\AgileVpn.sys []
R3 RasSstp;@%systemroot%\system32\sstpsvc.dll,-202; C:\Windows\system32\DRIVERS\rassstp.sys []
R3 Razerlow;Razer Pro|Solutions; C:\Windows\system32\drivers\DB3G.sys []
R3 srv2;@%systemroot%\system32\srvsvc.dll,-104; C:\Windows\System32\DRIVERS\srv2.sys []
R3 srvnet;srvnet; C:\Windows\System32\DRIVERS\srvnet.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 tunnel;Microsoft-Tunnelminiport-Adaptertreiber; C:\Windows\system32\DRIVERS\tunnel.sys []
R3 umbus;UMBusenumerator-Treiber; C:\Windows\system32\DRIVERS\umbus.sys []
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\Windows\system32\DRIVERS\usbccgp.sys []
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\Windows\system32\DRIVERS\usbehci.sys []
R3 usbhub;Microsoft USB-Standardhubtreiber; C:\Windows\system32\DRIVERS\usbhub.sys []
R3 usbvideo;USB-Videogerät (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 vwifibus;Virtueller WiFi-Bustreiber; C:\Windows\system32\DRIVERS\vwifibus.sys []
R3 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\DRIVERS\wmiacpi.sys []
R3 WudfPf;User Mode Driver Frameworks Platform Driver; C:\Windows\system32\drivers\WudfPf.sys []
S3 1394ohci;OHCI-konformer 1394-Hostcontroller; C:\Windows\system32\DRIVERS\1394ohci.sys []
S3 AcpiPmi;ACPI-Energieanzeigetreiber; C:\Windows\system32\DRIVERS\acpipmi.sys []
S3 agp440;Intel AGP-Bus-Filter; C:\Windows\system32\DRIVERS\agp440.sys []
S3 AmdK8;AMD K8-Prozessortreiber; C:\Windows\system32\DRIVERS\amdk8.sys []
S3 AmdPPM;AMD-Prozessortreiber; C:\Windows\system32\DRIVERS\amdppm.sys []
S3 AppID;@%systemroot%\system32\appidsvc.dll,-102; C:\Windows\system32\drivers\appid.sys []
S3 b06bdrv;Broadcom NetXtreme II VBD; C:\Windows\system32\DRIVERS\bxvbda.sys []
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60a.sys []
S3 BrFiltLo;Brother USB-Massenspeichertreiber für unteren Filter; C:\Windows\system32\DRIVERS\BrFiltLo.sys []
S3 BrFiltUp;Brother USB-Massenspeichertreiber für oberen Filter; C:\Windows\system32\DRIVERS\BrFiltUp.sys []
S3 Brserid;Brother MFC-Seriellschnittstellentreiber (WDM); C:\Windows\System32\Drivers\Brserid.sys []
S3 BrSerWdm;Brother WDM-Treiber (seriell); C:\Windows\System32\Drivers\BrSerWdm.sys []
S3 BrUsbMdm;Brother MFC-nur-Fax-Modem (USB); C:\Windows\System32\Drivers\BrUsbMdm.sys []
S3 BrUsbSer;Brother MFC-WDM-Treiber (USB,seriell); C:\Windows\System32\Drivers\BrUsbSer.sys []
S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\Windows\system32\DRIVERS\bthmodem.sys []
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD; C:\Windows\system32\DRIVERS\evbda.sys []
S3 ErrDev;Microsoft-Hardwarefehler-Gerätetreiber; C:\Windows\system32\DRIVERS\errdev.sys []
S3 exfat;exFAT File System Driver; C:\Windows\system32\drivers\exfat.sys []
S3 Filetrace;@%SystemRoot%\system32\drivers\filetrace.sys,-10001; C:\Windows\system32\drivers\filetrace.sys []
S3 FsDepends;@%SystemRoot%\system32\drivers\fsdepends.sys,-10001; C:\Windows\System32\drivers\FsDepends.sys []
S3 gagp30kx;Microsoft Allgemeiner AGPv3.0-Filter für K8-Prozessorplattformen; C:\Windows\system32\DRIVERS\gagp30kx.sys []
S3 hcw85cir;Hauppauge Consumer Infrared Receiver; C:\Windows\system32\drivers\hcw85cir.sys []
S3 HdAudAddService;Microsoft 1.1 UAA-Funktionstreiber für High Definition Audio-Dienst; C:\Windows\system32\drivers\HdAudio.sys []
S3 HidBatt;HID-USV-Akkutreiber; C:\Windows\system32\DRIVERS\HidBatt.sys []
S3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\Windows\system32\DRIVERS\hidbth.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
S3 IPMIDRV;IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys []
S3 iScsiPrt;iScsiPort-Treiber; C:\Windows\system32\DRIVERS\msiscsi.sys []
S3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []
S3 mshidkmdf;@%SystemRoot%\system32\drivers\mshidkmdf.sys,-100; C:\Windows\System32\drivers\mshidkmdf.sys []
S3 MsRPC;MsRPC; C:\Windows\system32\drivers\MsRPC.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink-Konvertierung; C:\Windows\system32\drivers\MSTEE.sys []
S3 MTConfig;Microsoft Input Configuration Driver; C:\Windows\system32\DRIVERS\MTConfig.sys []
S3 NdisCap;NDIS Capture LightWeight Filter; C:\Windows\system32\DRIVERS\ndiscap.sys []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
S3 nv_agp;NVIDIA nForce AGP-Busfilter; C:\Windows\system32\DRIVERS\nv_agp.sys []
S3 ohci1394;OHCI-konformer 1394-Hostcontroller (alt); C:\Windows\system32\DRIVERS\ohci1394.sys []
S3 QWAVEdrv;@%SystemRoot%\system32\drivers\qwavedrv.sys,-1; C:\Windows\system32\drivers\qwavedrv.sys []
S3 rdpbus;Remote Desktop Device Redirector Bus Driver; C:\Windows\system32\DRIVERS\rdpbus.sys []
S3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
S3 scfilter;@%SystemRoot%\System32\drivers\scfilter.sys,-11; C:\Windows\System32\DRIVERS\scfilter.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys []
S3 sermouse;Serieller Maustreiber; C:\Windows\system32\DRIVERS\sermouse.sys []
S3 sffdisk;SFF-Speicherklassentreiber; C:\Windows\system32\DRIVERS\sffdisk.sys []
S3 sffp_mmc;SFF-Speicherprotokolltreiber für MMC; C:\Windows\system32\DRIVERS\sffp_mmc.sys []
S3 sffp_sd;SFF-Speicherprotokolltreiber für SDBus; C:\Windows\system32\DRIVERS\sffp_sd.sys []
S3 Smb;@%SystemRoot%\system32\tcpipcfg.dll,-50005; C:\Windows\system32\DRIVERS\smb.sys []
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 TCPIP6;Microsoft IPv6 Protocol Driver; C:\Windows\system32\DRIVERS\tcpip.sys []
S3 tssecsrv;@%SystemRoot%\System32\DRIVERS\tssecsrv.sys,-101; C:\Windows\System32\DRIVERS\tssecsrv.sys []
S3 uagp35;Microsoft AGPv3.5-Filter; C:\Windows\system32\DRIVERS\uagp35.sys []
S3 uliagpkx;Uli AGP-Bus-Filter; C:\Windows\system32\DRIVERS\uliagpkx.sys []
S3 UmPass;Microsoft-UMPass-Treiber; C:\Windows\system32\DRIVERS\umpass.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 usbcir;eHome-Infrarotempfänger (USBCIR); C:\Windows\system32\DRIVERS\usbcir.sys []
S3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\Windows\system32\DRIVERS\usbohci.sys []
S3 usbprint;Microsoft USB-Druckerklasse; C:\Windows\system32\DRIVERS\usbprint.sys []
S3 USBSTOR;USB-Massenspeichertreiber; C:\Windows\system32\DRIVERS\USBSTOR.SYS []
S3 usbuhci;Miniporttreiber für universellen Microsoft USB-Hostcontroller; C:\Windows\system32\DRIVERS\usbuhci.sys []
S3 vga;vga; C:\Windows\system32\DRIVERS\vgapnp.sys []
S3 vhdmp;vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys []
S3 WacomPen;Wacom HID-Treiber für seriellen Stift; C:\Windows\system32\DRIVERS\wacompen.sys []
S3 WIMMount;WIMMount; C:\Windows\system32\drivers\wimmount.sys [2009-07-14 19008]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 xusb21;Xbox 360 Wireless Receiver Driver Service 21; C:\Windows\system32\DRIVERS\xusb21.sys []
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk62x64.sys []
S4 crcdisk;Crcdisk-Filtertreiber; C:\Windows\system32\DRIVERS\crcdisk.sys []
S4 ws2ifsl;@%systemroot%\System32\drivers\ws2ifsl.sys,-1000; C:\Windows\system32\drivers\ws2ifsl.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe [2009-03-03 89600]
R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-03-16 267432]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-03-19 144672]
R2 AudioEndpointBuilder;@%SystemRoot%\system32\audiosrv.dll,-204; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 BFE;@%SystemRoot%\system32\bfe.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2010-02-12 345376]
R2 DPS;@%systemroot%\system32\dps.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 FDResPub;@%systemroot%\system32\fdrespub.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 gpsvc;@gpapi.dll,-112; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-10-15 120832]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe []
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
R2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-04-07 1265264]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2009-08-20 73728]
R2 MMCSS;@%systemroot%\system32\mmcss.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MpsSvc;@%SystemRoot%\system32\FirewallAPI.dll,-23090; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 NlaSvc;@%SystemRoot%\System32\nlasvc.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nsi;@%SystemRoot%\system32\nsisvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PcaSvc;@%SystemRoot%\system32\pcasvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 Power;@%SystemRoot%\system32\umpo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 ProfSvc;@%systemroot%\system32\profsvc.dll,-300; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 PSI_SVC_2;Protexis Licensing V2; C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe [2007-07-24 185632]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-07-06 247152]
R2 RpcEptMapper;@%windir%\system32\RpcEpMap.dll,-1001; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe [2009-10-21 240640]
R2 SysMain;@%SystemRoot%\system32\sysmain.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 UxSms;@%SystemRoot%\system32\dwm.exe,-2000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 WinDefend;@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Wlansvc;@%SystemRoot%\System32\wlansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 WMPNetworkSvc;@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101; C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe []
R2 WSearch;@%systemroot%\system32\SearchIndexer.exe,-103; C:\Windows\system32\SearchIndexer.exe [2009-07-14 428032]
R2 wudfsvc;@%SystemRoot%\system32\wudfsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 AeLookupSvc;@%SystemRoot%\system32\aelupsvc.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Appinfo;@%systemroot%\system32\appinfo.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 fdPHost;@%systemroot%\system32\fdPHost.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 HomeGroupListener;@%SystemRoot%\System32\ListSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 HomeGroupProvider;@%SystemRoot%\System32\provsvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-03-26 660256]
R3 KeyIso;@keyiso.dll,-100; C:\Windows\system32\lsass.exe []
R3 netprofm;@%SystemRoot%\system32\netprofm.dll,-202; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2pimsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8004; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 p2psvc;@%SystemRoot%\system32\p2psvc.dll,-8006; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 PNRPsvc;@%SystemRoot%\system32\pnrpsvc.dll,-8000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 SDRSVC;@%SystemRoot%\system32\sdrsvc.dll,-107; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 TrustedInstaller;@%SystemRoot%\servicing\TrustedInstaller.exe,-100; C:\Windows\servicing\TrustedInstaller.exe [2009-07-14 194048]
R3 WdiServiceHost;@%systemroot%\system32\wdi.dll,-502; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WdiSystemHost;@%systemroot%\system32\wdi.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 WinHttpAutoProxySvc;@%SystemRoot%\system32\winhttp.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S2 sppsvc;@%SystemRoot%\system32\sppsvc.exe,-101; C:\Windows\system32\sppsvc.exe []
S3 AppIDSvc;@%systemroot%\system32\appidsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 AxInstSV;@%SystemRoot%\system32\AxInstSV.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 BDESVC;@%SystemRoot%\system32\bdesvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 bthserv;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 CertPropSvc;@%SystemRoot%\System32\certprop.dll,-11; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 clr_optimization_v2.0.50727_32;Microsoft .NET Framework NGEN v2.0.50727_X86; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2009-06-10 66384]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-06-10 89920]
S3 defragsvc;@%SystemRoot%\system32\defragsvc.dll,-101; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EFS;@%SystemRoot%\system32\efssvc.dll,-100; C:\Windows\System32\lsass.exe []
S3 ehRecvr;@%SystemRoot%\ehome\ehrecvr.exe,-101; C:\Windows\ehome\ehRecvr.exe [2009-07-14 696832]
S3 ehSched;@%SystemRoot%\ehome\ehsched.exe,-101; C:\Windows\ehome\ehsched.exe [2009-07-14 127488]
S3 Fax;@%systemroot%\system32\fxsresm.dll,-118; C:\Windows\system32\fxssvc.exe []
S3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2009-06-10 42840]
S3 idsvc;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8193; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [2009-06-10 856384]
S3 IKEEXT;@%SystemRoot%\system32\ikeext.dll,-501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IPBusEnum;@%systemroot%\system32\IPBusEnum.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 KtmRm;@comres.dll,-2946; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 lltdsvc;@%SystemRoot%\system32\lltdres.dll,-1; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 MSiSCSI;@%SystemRoot%\system32\iscsidsc.dll,-5000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2009-07-14 20992]
S3 pla;@%systemroot%\system32\pla.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 PNRPAutoReg;@%SystemRoot%\system32\pnrpauto.dll,-8002; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 QWAVE;@%SystemRoot%\system32\qwave.dll,-1; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SCPolicySvc;@%SystemRoot%\System32\certprop.dll,-13; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SensrSvc;@%SystemRoot%\System32\sensrsvc.dll,-1000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SessionEnv;@%SystemRoot%\System32\SessEnv.dll,-1026; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SNMPTRAP;@%SystemRoot%\system32\snmptrap.exe,-3; C:\Windows\System32\snmptrap.exe []
S3 sppuinotify;@%SystemRoot%\system32\sppuinotify.dll,-103; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 SstpSvc;@%SystemRoot%\system32\sstpsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-04-03 332720]
S3 TabletInputService;@%SystemRoot%\system32\TabSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TBS;@%SystemRoot%\system32\tbssvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 THREADORDER;@%systemroot%\system32\mmcss.dll,-102; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 UI0Detect;@%SystemRoot%\system32\ui0detect.exe,-101; C:\Windows\system32\UI0Detect.exe []
S3 VaultSvc;@%SystemRoot%\system32\vaultsvc.dll,-1003; C:\Windows\system32\lsass.exe []
S3 vds;@%SystemRoot%\system32\vds.exe,-100; C:\Windows\System32\vds.exe []
S3 wbengine;@%systemroot%\system32\wbengine.exe,-104; C:\Windows\system32\wbengine.exe []
S3 WbioSrvc;@%systemroot%\system32\wbiosrvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wcncsvc;@%SystemRoot%\system32\wcncsvc.dll,-3; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WcsPlugInService;@%SystemRoot%\system32\WcsPlugInService.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Wecsvc;@%SystemRoot%\system32\wecsvc.dll,-200; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 wercplsupport;@%SystemRoot%\System32\wercplsupport.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WerSvc;@%SystemRoot%\System32\wersvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WinRM;@%Systemroot%\system32\wsmsvc.dll,-101; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WPCSvc;@%SystemRoot%\system32\wpcsvc.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WPDBusEnum;@%SystemRoot%\system32\wpdbusenum.dll,-100; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 WwanSvc;@%SystemRoot%\System32\wwansvc.dll,-257; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 Mcx2Svc;@%SystemRoot%\ehome\ehres.dll,-15501; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 NetTcpPortSharing;@%systemroot%\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\ServiceModelInstallRC.dll,-8201; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe [2009-06-10 116560]

-----------------EOF-----------------
         
Gruß, Martinius
__________________

Alt 14.04.2010, 19:42   #4
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Wie ich sehe hat noch keiner Zeit gefunden mal drüber zu schauen

So wie es aussieht hat parallel zu mir einer das selbe Problem (...-board.de/84799-your-protection-entfernen-klappt-nicht-ganz.html)

Mein System läuft soweit ganz normal und der Scan mit Antivir läuft auch glatt durch falls das was aussagen sollte.

Aber ob jetzt alles was gelöscht sein sollte auch gelöscht ist kann ich leider nicht beurteilen. Da bin ich dann leider auf fremde Hilfe angewiesen.

Gruß, Martinius

Alt 14.04.2010, 19:53   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Sry, hab Deinen Strang übersehen, bin hier voll ausgelastet

Lass uns bitte tiefer graben, dann können wir uns sicher sein wenn da auch nichts ist; poste dazu bitte OSAM und OTL Logs:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2010, 19:31   #6
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Na wenn das so ist nicht überarbeiten will hier ja auch keinen hetzen

1. Log von OTL

Code:
ATTFilter
OTL logfile created on: 15.04.2010 18:15:22 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\***\Desktop\Neuer Ordner (3)
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,77 Gb Total Space | 367,22 Gb Free Space | 81,83% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 374,54 Gb Free Space | 80,41% Space Free | Partition Type: NTFS
Drive E: | 16,69 Gb Total Space | 2,72 Gb Free Space | 16,30% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 96,46 Mb Free Space | 97,41% Space Free | Partition Type: FAT32
Drive G: | 3,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\Neuer Ordner (3)\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razertra.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
PRC - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Razer\Diamondback 3G\razerofa.exe (Razer Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Desktop\Neuer Ordner (3)\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (ezSharedSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel(R) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (Razerlow) -- C:\Windows\SysNative\drivers\DB3G.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (BCM43XX) -- C:\Programme\Broadcom\Broadcom 802.11\Driver\BCM43XX.CAT ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.de/search?q="
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.03 13:26:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.03 13:26:52 | 000,000,000 | ---D | M]
 
[2010.04.01 19:10:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.04.14 23:28:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions
[2010.04.01 22:22:22 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2010.04.01 21:48:18 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.14 23:28:14 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.04.01 21:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\2wxcj5sp.default\extensions\moveplayer@movenetworks.com
[2010.04.01 20:18:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\6isj9okv.default\extensions
[2010.04.01 20:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\6isj9okv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.01 20:18:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\6isj9okv.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}-trash
[2010.04.01 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a840qdch.default\extensions
[2010.04.01 21:48:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\a840qdch.default\extensions\searchrecs@veoh.com
[2010.04.02 11:04:11 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.03.16 20:28:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.16 20:28:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.16 20:28:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.16 20:28:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.16 20:28:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.01 20:47:30 | 000,000,842 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe ()
O4 - HKLM..\Run: [Diamondback] C:\Program Files (x86)\Razer\Diamondback 3G\razerhid.exe ()
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.25 17:50:52 | 000,000,000 | R--D | M] - G:\autorun -- [ UDF ]
O32 - AutoRun File - [2006.09.25 18:01:39 | 004,386,816 | R--- | M] () - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2006.09.25 18:01:39 | 000,000,046 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{8a378636-3c24-11df-8b76-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8a378636-3c24-11df-8b76-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2006.09.25 18:01:39 | 004,386,816 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.04.15 18:12:15 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (3)
[2010.04.15 17:48:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner (2)
[2010.04.14 16:39:09 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.04.14 16:39:09 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.04.14 16:39:09 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.04.14 16:39:09 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.04.11 00:28:56 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\BFBC2Beta
[2010.04.08 19:49:21 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.04.08 19:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.04.08 19:47:52 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.08 19:38:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2010.04.07 23:21:29 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.04.07 22:09:17 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Malwarebytes
[2010.04.07 22:09:08 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.07 22:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.07 22:09:06 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.07 22:09:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.04.07 21:01:42 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.04.07 21:01:40 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.04.07 20:57:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.07 20:57:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.04.07 20:57:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.04.07 16:47:17 | 000,000,000 | ---D | C] -- C:\ProgramData\{657095DF-DBDB-4B17-8245-B38845C97069}
[2010.04.06 19:08:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PunkBuster
[2010.04.05 00:03:07 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\DVDVideoSoft
[2010.04.05 00:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.04.05 00:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.04.04 21:48:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\OneNote-Notizbücher
[2010.04.03 18:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.04.03 18:38:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010.04.03 18:38:15 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010.04.03 18:38:15 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.04.03 18:38:14 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010.04.03 18:38:14 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010.04.03 18:38:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010.04.03 18:38:14 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010.04.03 18:38:13 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010.04.03 18:38:13 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010.04.03 18:38:13 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010.04.03 18:38:13 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2010.04.03 18:38:13 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2010.04.03 18:38:13 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2010.04.03 18:38:13 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.04.03 18:38:13 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2010.04.03 18:38:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.04.03 18:38:13 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2010.04.03 18:38:13 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010.04.03 18:38:13 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010.04.03 18:38:12 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2010.04.03 18:38:12 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2010.04.03 18:38:12 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2010.04.03 18:38:12 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2010.04.03 18:38:12 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.04.03 18:38:12 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.04.03 18:38:11 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2010.04.03 18:38:11 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2010.04.03 18:38:11 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2010.04.03 18:38:11 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2010.04.03 18:38:11 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2010.04.03 18:38:11 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2010.04.03 18:38:11 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2010.04.03 18:38:11 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2010.04.03 18:38:10 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2010.04.03 18:38:10 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2010.04.03 18:38:10 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.04.03 18:38:10 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.04.03 18:38:10 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.04.03 18:38:10 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.04.03 18:38:10 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.04.03 18:38:10 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.04.03 18:38:10 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.04.03 18:38:10 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.04.03 18:38:10 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.04.03 18:38:10 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.04.03 18:38:10 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.04.03 18:38:10 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.04.03 18:38:09 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2010.04.03 18:38:09 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2010.04.03 18:38:09 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2010.04.03 18:38:09 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2010.04.03 18:38:09 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2010.04.03 18:38:09 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2010.04.03 18:38:09 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2010.04.03 18:38:09 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2010.04.03 18:38:09 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.04.03 18:38:09 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.04.03 18:38:09 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2010.04.03 18:38:09 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2010.04.03 18:38:08 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010.04.03 18:38:08 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010.04.03 18:38:08 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010.04.03 18:38:08 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010.04.03 18:38:08 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010.04.03 18:38:08 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2010.04.03 18:38:08 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2010.04.03 18:38:08 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010.04.03 18:38:08 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2010.04.03 18:38:08 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2010.04.03 18:38:08 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2010.04.03 18:38:08 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2010.04.03 18:38:07 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2010.04.03 18:38:07 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2010.04.03 18:38:07 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2010.04.03 18:38:07 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2010.04.03 18:38:07 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2010.04.03 18:38:07 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2010.04.03 18:38:07 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2010.04.03 18:38:07 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2010.04.03 18:38:07 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2010.04.03 18:38:07 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2010.04.02 21:40:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.04.02 17:54:14 | 000,085,504 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\diamondback.cpl
[2010.04.02 17:54:12 | 000,021,120 | ---- | C] (Razer (Asia-Pacific) Pte Ltd) -- C:\Windows\SysNative\drivers\DB3G.sys
[2010.04.02 17:54:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Razer
[2010.04.02 17:53:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2010.04.02 16:56:10 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Battlefield 2142
[2010.04.02 16:54:47 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop\Spiele
[2010.04.02 16:47:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.04.02 11:04:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.04.02 11:04:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.04.02 11:04:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.04.02 11:04:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.04.02 11:04:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.04.02 01:24:16 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2010.04.01 23:45:48 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Webcam
[2010.04.01 23:42:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010.04.01 23:41:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.04.01 23:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Tagesberichte
[2010.04.01 22:08:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Last.fm
[2010.04.01 22:07:29 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Last.fm
[2010.04.01 22:07:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Last.fm
[2010.04.01 20:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ-Banner-Remover
[2010.04.01 20:17:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.04.01 20:17:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.04.01 20:16:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\ICQ
[2010.04.01 20:16:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\AOL
[2010.04.01 20:16:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.1
[2010.04.01 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer
[2010.04.01 19:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer
[2010.04.01 19:34:29 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010.04.01 19:34:29 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.04.01 19:34:29 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.04.01 19:34:29 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.04.01 19:34:13 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.04.01 19:34:12 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.04.01 19:34:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.04.01 19:34:12 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.04.01 19:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.04.01 19:32:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.04.01 19:31:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2010.04.01 19:31:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.04.01 19:31:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.04.01 19:31:24 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.04.01 19:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.04.01 19:31:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.04.01 19:31:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.04.01 19:17:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games
[2010.04.01 19:10:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2010.04.01 19:10:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.04.01 17:31:50 | 001,397,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win_utilman.exe
[2010.04.01 17:31:47 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\_MDLogs
[2010.03.31 21:51:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.03.31 21:49:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2010.03.31 17:32:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP Support Assistant
[2010.03.31 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2010.03.31 17:25:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\CyberLink
[2010.03.31 17:25:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PowerCinema
[2010.03.31 17:08:09 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.03.31 17:08:08 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.03.31 17:08:08 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.03.31 17:08:08 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.03.31 17:08:07 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.03.31 17:08:07 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.03.31 17:07:59 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.03.31 17:07:59 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.03.31 17:07:59 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.03.31 17:07:59 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.03.31 17:07:59 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.03.31 17:07:59 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.03.31 17:07:59 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.03.31 17:07:59 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.03.31 17:07:58 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.03.31 17:07:58 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.03.31 17:07:58 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.03.31 17:07:58 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.03.31 17:07:58 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.03.31 17:07:58 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.03.31 17:07:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.03.31 17:07:58 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.03.31 17:07:57 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.03.31 17:07:57 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.03.31 17:07:57 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.03.31 17:07:57 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.03.31 17:07:57 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.03.31 17:07:57 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.03.31 17:07:57 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.03.31 17:07:57 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.03.31 17:07:57 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.03.31 17:07:56 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.03.31 17:07:56 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.03.31 17:07:56 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.03.31 17:07:56 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.03.31 17:07:56 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.03.31 17:07:56 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.03.31 17:07:53 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.03.31 17:07:52 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.03.31 17:07:52 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.03.31 17:07:52 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.03.31 17:07:52 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.03.31 17:07:52 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.03.31 17:07:52 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.03.31 17:07:52 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.03.31 17:07:40 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.03.31 17:07:40 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.03.31 17:07:39 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.03.31 17:07:39 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.03.31 17:07:39 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.03.31 17:07:39 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.03.31 17:07:39 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.03.31 17:07:39 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.03.31 17:07:39 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.03.31 17:07:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.03.31 17:07:39 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.03.31 17:07:38 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.03.31 17:07:38 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.03.31 17:07:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.03.31 17:07:37 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.03.31 17:07:37 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.03.31 17:07:37 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.03.31 17:07:37 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.03.31 17:07:35 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.03.30 21:53:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\IsolatedStorage
[2010.03.30 21:50:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2010.03.30 21:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2010.03.30 21:29:42 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.03.30 21:29:42 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.03.30 21:29:42 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.03.30 21:29:42 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.03.30 21:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.03.30 21:29:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.03.30 21:26:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HpUpdate
[2010.03.30 21:20:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\hpqLog
[2010.03.30 21:16:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2010.03.30 21:16:07 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2010.03.30 21:15:05 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2010.03.30 21:14:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2010.03.30 21:14:57 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2010.03.30 21:14:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2010.03.30 21:03:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Hewlett-Packard
[2010.03.30 21:00:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hewlett-Packard
[2010.03.30 20:59:21 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2010.03.30 20:59:21 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2010.03.30 20:59:21 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2010.03.30 20:59:21 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2010.03.30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2010.03.30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2010.03.30 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.03.30 20:59:12 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.04.15 18:16:37 | 001,310,720 | -HS- | M] () -- C:\Users\Martin\NTUSER.DAT
[2010.04.15 17:42:46 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.15 17:42:46 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.15 17:40:17 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.15 17:40:17 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.15 17:40:17 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.15 17:40:17 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.15 17:40:17 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.15 17:35:31 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.15 17:35:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.15 17:35:27 | 3163,709,440 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.14 23:32:10 | 004,286,782 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.04.09 16:33:00 | 000,096,000 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.09 16:31:17 | 000,370,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.04.08 21:34:49 | 000,006,302 | ---- | M] () -- C:\Users\***\Documents\cc_20100408_213446.reg
[2010.04.08 21:34:34 | 000,092,598 | ---- | M] () -- C:\Users\***\Documents\cc_20100408_213427.reg
[2010.04.08 20:54:38 | 000,001,217 | ---- | M] () -- C:\Users\***\Desktop\Downloads - Verknüpfung.lnk
[2010.04.08 19:47:06 | 000,781,909 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.08 18:50:46 | 000,034,457 | ---- | M] () -- C:\Users\***\Desktop\Dokument.rtf
[2010.04.07 22:09:11 | 000,000,971 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.07 21:01:39 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2010.04.07 21:01:31 | 000,015,880 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2010.04.07 20:57:59 | 000,001,112 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.04 21:48:39 | 000,001,314 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.04.04 19:31:18 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010.04.01 22:21:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.04.01 19:34:34 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.01 19:10:18 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.01 18:55:17 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2010.04.01 17:31:53 | 000,000,048 | -H-- | M] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.31 22:10:03 | 000,285,477 | ---- | M] () -- C:\Users\***\AppData\Local\tmpDATENTRÄGERVERWALTUNG.JPG
[2010.03.30 21:40:45 | 000,588,472 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWow64\ezsvc7x.dll
[2010.03.30 21:38:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.30 21:38:24 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.30 21:38:24 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.30 21:29:48 | 000,002,068 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.03.30 20:59:31 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF00929Y2_E587925-043_4A_I365C_SHP_V32.24_F.17_T100206_WU3-0_L407_M4023_J500_7Intel_8652_92.40_#100302_N14E44357_(WK588EA#ABD)_XMOBILE_CN10_Z.MRK
[2010.03.30 20:59:31 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF00929Y2_E587925-043_4A_I365C_SHP_V32.24_F.17_T100206_WU3-0_L407_M4023_J500_7Intel_8652_92.40_#100302_N14E44357_(WK588EA#ABD)_XMOBILE_CN10_Z.MRK
[2010.03.30 20:59:21 | 000,000,020 | -HS- | M] () -- C:\Users\Martin\ntuser.ini
[2010.03.30 19:54:58 | 000,052,870 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.03.30 19:54:58 | 000,052,870 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.30 00:45:56 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.04.08 21:34:48 | 000,006,302 | ---- | C] () -- C:\Users\***\Documents\cc_20100408_213446.reg
[2010.04.08 21:34:30 | 000,092,598 | ---- | C] () -- C:\Users\***\Documents\cc_20100408_213427.reg
[2010.04.08 19:47:04 | 000,781,909 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.04.07 22:09:11 | 000,000,971 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.07 21:41:00 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.04.07 20:57:59 | 000,001,112 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.04 21:48:39 | 000,001,314 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
[2010.04.04 19:31:18 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2010.04.03 18:45:35 | 000,034,457 | ---- | C] () -- C:\Users\***\Desktop\Dokument.rtf
[2010.04.01 22:21:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.04.01 19:34:34 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.04.01 19:14:38 | 000,001,217 | ---- | C] () -- C:\Users\***\Desktop\Downloads - Verknüpfung.lnk
[2010.04.01 19:10:18 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.01 18:55:17 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2010.04.01 17:31:53 | 000,000,048 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.03.31 22:07:34 | 000,285,477 | ---- | C] () -- C:\Users\***\AppData\Local\tmpDATENTRÄGERVERWALTUNG.JPG
[2010.03.30 21:29:48 | 000,002,068 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.03.30 21:15:27 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\QSwitch.txt
[2010.03.30 21:15:27 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\DSwitch.txt
[2010.03.30 21:15:27 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\AtStart.txt
[2010.03.30 21:15:25 | 000,000,188 | ---- | C] () -- C:\ProgramData\HPWALog.txt
[2010.03.30 20:59:31 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF00929Y2_E587925-043_4A_I365C_SHP_V32.24_F.17_T100206_WU3-0_L407_M4023_J500_7Intel_8652_92.40_#100302_N14E44357_(WK588EA#ABD)_XMOBILE_CN10_Z.MRK
[2010.03.30 20:59:31 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Pavilion dv7 Notebook PC_Y5335KV_0U_QCNF00929Y2_E587925-043_4A_I365C_SHP_V32.24_F.17_T100206_WU3-0_L407_M4023_J500_7Intel_8652_92.40_#100302_N14E44357_(WK588EA#ABD)_XMOBILE_CN10_Z.MRK
[2010.03.30 20:59:21 | 001,310,720 | -HS- | C] () -- C:\Users\***\NTUSER.DAT
[2010.03.30 20:59:21 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.30 20:59:21 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.30 20:59:21 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1
[2010.03.30 20:59:21 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.30 20:59:21 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini
[2010.03.30 20:59:21 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2
[2010.03.02 02:43:35 | 000,000,105 | ---- | C] () -- C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log
[2010.03.02 02:43:29 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
[2010.03.02 02:43:19 | 000,000,032 | ---- | C] () -- C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log
[2010.03.02 02:43:04 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
[2010.03.02 02:42:30 | 000,000,032 | ---- | C] () -- C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log
[2010.03.02 02:40:39 | 000,209,040 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeW7.dll
[2010.03.02 02:40:39 | 000,204,944 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeA6.dll
[2010.03.02 02:40:39 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeP6.dll
[2010.03.02 02:40:39 | 000,196,752 | ---- | C] () -- C:\Windows\SysWow64\IVIresizeM6.dll
[2010.03.02 02:40:39 | 000,192,656 | ---- | C] () -- C:\Windows\SysWow64\IVIresizePX.dll
[2010.03.02 02:40:39 | 000,024,720 | ---- | C] () -- C:\Windows\SysWow64\IVIresize.dll
[2010.03.02 02:16:11 | 000,000,283 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog2.ini
[2010.03.02 02:16:11 | 000,000,224 | ---- | C] () -- C:\Windows\SysWow64\RStoneLog.ini
[2010.01.09 00:23:16 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
[2010.01.09 00:20:47 | 000,000,110 | ---- | C] () -- C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log
[2010.01.09 00:19:57 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
[2010.01.09 00:19:31 | 000,000,107 | ---- | C] () -- C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
[2009.09.29 16:25:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >
         
2. kommt noch


Was mache ich wenn sich die Log-Datei von OSAM nicht speichern lässt?
Ich klicke auf den "Save Log" Button aber nichts passiert! Ziemlich komisch
Habs als Admin ausgeführt wenn ich es nicht als Admin ausführe kommt die meldung das es nicht funktioniert.

Gruß, Martinius

Alt 15.04.2010, 19:32   #7
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



2. OTL Log


Code:
ATTFilter
OTL Extras logfile created on: 15.04.2010 18:15:22 - Run 1
OTL by OldTimer - Version 3.2.1.1     Folder = C:\Users\***\Desktop\Neuer Ordner (3)
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 67,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,77 Gb Total Space | 367,22 Gb Free Space | 81,83% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 374,54 Gb Free Space | 80,41% Space Free | Partition Type: NTFS
Drive E: | 16,69 Gb Total Space | 2,72 Gb Free Space | 16,30% Space Free | Partition Type: NTFS
Drive F: | 99,02 Mb Total Space | 96,46 Mb Free Space | 97,41% Space Free | Partition Type: FAT32
Drive G: | 3,28 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with Corel Paint Shop Pro Photo X2] -- "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\Corel Paint Shop Pro Photo.exe" "%L" (Corel, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86416015FF}" = Java(TM) 6 Update 15 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
"{64A3A4F4-B792-11D6-A78A-00B0D0160150}" = Java(TM) SE Development Kit 6 Update 15 (64-bit)
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"FFE7D41DF3C645075BB149E21988B63996C34187" = ENE CIR Receiver Driver
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.1 Build #2096 Banner Remover 1.0
"{17B4760F-334B-475D-829F-1A3E94A6A4E6}" = HP Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 19
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2EBA8202-FBD5-4004-81EA-BDC38C054CE2}" = HP User Guides 0153
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Windows 7
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{495A8A3C-8FD0-4C46-9979-95C26181A1AB}" = HP Support Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54CC7901-804D-4155-B353-21F0CC9112AB}" = HP Wireless Assistant
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{64E72FB1-2343-4977-B4A8-262CD53D0BD3}" = Corel Paint Shop Pro Photo X2
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E659C5C-4DF1-499B-B802-77BAE9ABE4D4}" = Razer Diamondback 3G
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC8E94A2-55C7-4460-953C-2A790180578C}" = LightScribe System Software
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D53A3D44-C983-4D21-ABF6-2AA2AB88FB28}" = Battlefield Bad Company 2 - BETA
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{D8DFA46A-39F7-4368-810D-18AFCFDDAEAF}" = Adobe Shockwave Player
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{ED50ECE9-EC54-4C05-B5ED-EE4741A9F2EC}" = Battlefield 2142
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = VideoStudio
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{67626E09-5366-4480-8F1E-93FADF50CA15}" = HP MediaSmart Live TV
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"InstallShield_{F0FDF9C9-1DDC-401F-B638-36F1CAE8A875}" = Corel VideoStudio 12
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.0.5
"Windows Media Encoder 9" = Windows Media Encoder 9 Series
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2010 10:30:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2010 10:30:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4103
 
Error - 02.04.2010 10:30:41 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4103
 
Error - 02.04.2010 10:31:29 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2010 10:31:30 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 51652
 
Error - 02.04.2010 10:31:30 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 51652
 
Error - 02.04.2010 11:21:22 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 02.04.2010 11:21:22 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 02.04.2010 11:21:22 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 02.04.2010 11:21:22 | Computer Name = ***-PC | Source = Bonjour Service | ID = 100
Description = 508: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ Hewlett-Packard Events ]
Error - 15.04.2010 11:45:48 | Computer Name = ***-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support 
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)     bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath, 
Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

   bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)     bei System.IO.StreamReader..ctor(String path, Encoding encoding)

   bei System.IO.File.ReadAllText(String path, Encoding encoding)     bei n.a(Object
 A_0, EventArgs A_1) 
 
[ System Events ]
Error - 02.04.2010 10:31:28 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst Netman erreicht.
 
Error - 03.04.2010 10:30:49 | Computer Name = Martin-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 03.04.2010 12:40:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 03.04.2010 12:40:37 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 03.04.2010 21:27:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Zeitgeber" wurde mit folgendem Fehler beendet:
   %%1115
 
Error - 04.04.2010 08:00:12 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
 
Error - 04.04.2010 08:26:17 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
 
Error - 04.04.2010 12:19:59 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
 
Error - 06.04.2010 10:22:30 | Computer Name = ***-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "OS" den Befehl "chkdsk" aus.
 
Error - 07.04.2010 14:58:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst
 gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
 nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >
         

Alt 15.04.2010, 19:40   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Öffnet sich gar kein Log bei OSAM? Isses vllt im OSAM Ordner, den Du beim Entpacken angelegt hast?

Starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: []  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
:Commands
[emptytemp]
[resethosts]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2010, 20:37   #9
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Die Dateien wurden einfach nur auf den Desktop kopiert nicht in einem Ordner "OSAM". Hab sie in einen Ordner kopiert macht ja denk ich mal keinen Unterschied. Ich bekomme am Ende des Scans lediglich eine file list zu sehen aber keine Log-Datei es ist auch keine gespeichert worden. Was mir wohl auffällt ist das kurz nach dem klicken des letzten "Next-Button" öffnet sich ein kleines Fenster was sich direkt wieder schließt kann in der kurzen Zeit auch nicht sehen was es sein könnte.

Vllt. ne Idee oder evtl. ein anderes Programm das ich benutzen könnte?


OTL Log nach fix:


Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:autocheck autochk * deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session manager\\BootExecute:lsdelete deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: ***
->Temp folder emptied: 1538843718 bytes
->Temporary Internet Files folder emptied: 4794626 bytes
->Java cache emptied: 12145015 bytes
->FireFox cache emptied: 103221276 bytes
->Flash cache emptied: 4525 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 15922 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50300 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.582,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.1.1 log created on 04152010_201248

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
         

Gruß, Martinius

Geändert von Martinius (15.04.2010 um 20:46 Uhr)

Alt 15.04.2010, 20:45   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Zitat:
Die Dateien wurden einfach nur auf den Desktop kopiert nicht in einem Ordner "OSAM".
Du hast eine RAR-Datei heruntergeladen, die musst Du in einen eigenen Ordner entpacken und von da ausführen. Hast Du das gemacht? Beim Speichern des Logs kannst Du einen beliebigen Ort auswählen, geht der Desktop da nicht?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.04.2010, 21:09   #11
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Zitat:
Entpacke die osam_autorun_manager_version_portable.rar. Dabei entsteht der Ordner osam_autorun_manager_version_portable. Öffne ihn.
Ist aus der Beschreibung von OSAM. Deslhalb dacht ich es wird ein Odner erstellt aber is ja nicht schlimm.

Das Problem ist das sich kein Fenster öffnet indem ich dem Programm sagen kann mit welchem Namen, wo und als was ich es speichern möchte.

Alt 19.04.2010, 17:26   #12
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Kann das sein das OSAM ne Macke hat?

Ich habs mal im Kompatibiltäts-Modus gestartet allerdings blieb auch hier der Erfolg aus. Auch ein erneutes herunterladen der Datei brachte nichts.

Auf der seite von Online Solution gibt es noch eine andere Version "Installation Package" aber auch hier wieder nichts. Mhhh....


Gruß, Martinius

Alt 19.04.2010, 21:17   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



OSAM läuft eigentlich ganz gut. Aber mir fehlt ein wenig die Erfahrung mit den Eigenheiten von so manchem 64-Bit-Windows vieles von "unseren" Spezialtools läuft da nämlich einfach nicht

So kann Ich Dir nur noch Kontrollscans mit SUPERAntiSpyware und Malwarebytes vorschlagen. Beide Tools müssen wieder vorher aktualisiert werden. Und mit beiden einen Vollscan starten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.04.2010, 19:04   #14
Martinius
 
"YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Standard

"YOUR PROTECTION" und "TDSS" volkommen gelöscht?



Naja, muss ich dann wohl so hinnehmen.

SASW und Malwarebytes fanden keine Schädlinge mehr . Logfiles sind dann denk ich mal überflüssig.

Damit kann ich zufrieden sein!

Danke für deine Hilfe


Gruß, Martinius

Antwort

Themen zu "YOUR PROTECTION" und "TDSS" volkommen gelöscht?
ad-aware, adfarm, adobe, antivir, antivirus, avira, awareness, benachrichtigungsdienst, bonjour, c:\windows\system32\services.exe, conhost.exe, cpu, desktop, disabletaskmgr, dwm.exe, enfernen, entfernen, error, frage, gruppe, jusched.exe, kaspersky, launch, local\temp, logfile, malwarebytes' anti-malware, microsoft, neue version, nicht installiert, nvidia, programdata, required, rkill.com, scan, sched.exe, seaport.exe, services.exe, software, start menu, svchost.exe, syswow64, taskhost.exe, temp, updates, windows, winlogon.exe, wmp



Ähnliche Themen: "YOUR PROTECTION" und "TDSS" volkommen gelöscht?


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  4. "System Progressive Protection" / "BDS/ZeroAccess.Gen"
    Log-Analyse und Auswertung - 11.01.2013 (12)
  5. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  6. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  7. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  8. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  9. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  10. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  11. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  12. Problem mit "TR/TDss.AE.22" und "TR/Crypt.XPACK.Gen"
    Mülltonne - 16.12.2008 (0)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  15. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  16. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema "YOUR PROTECTION" und "TDSS" volkommen gelöscht? - Hallo zusammen Ich hab gestern bekanntschaft mit "YOUR PROTECTION" gemacht. Ich habe eine vermeintlich neue Version eines Flashplayers insatllieren wollen als plötzlich die Wahrnung von Avira Antivir kam. Eine installations - "YOUR PROTECTION" und "TDSS" volkommen gelöscht?...
Archiv
Du betrachtest: "YOUR PROTECTION" und "TDSS" volkommen gelöscht? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.