Antimalware Doc entfernen klappt nciht ganz

xxxlalala · 19.07.2010, 10:59

Hallo,

da dies mein erste post hier ist, hoffe ich dass ich mich den forenregeln entsprechend verhalte.

ich beziehe mich auf die anleitung zur entfernung des antimalware doc :
http://www.trojaner-board.de/83172-a...entfernen.html

in dem thread steht, dass ich sowieso nochmal hier posten soll.
bei mir geht er allerdings nicht weg.

der virus trat zum ersten mal gesten in erscheinung, nachdem mein rechner mehrere stunden unbenutzt und angeschaltet war, mein windows security essentials hat wohl was erkannt, es waren allerdings auch schon fenster von antimalware doc offen. hier das was security essentials gemacht hat (ich sah keine andere möglichkeit als einen sceenshot zu machen):

da ich gemerkt habe dass irgendwas sehr im argen ist habe ich den computer direkt im abgesicherten modus gestartet und meinen router ausgeschaltet.
dort habe ich mbam ccscanner und auch viren scanns gemacht:
mbam log:

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 3930

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

19.07.2010 00:10:37
mbam-log-2010-07-19 (00-10-37).txt

Scan type: Quick scan
Objects scanned: 118910
Time elapsed: 5 minute(s), 29 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\i\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

danach war der virus weg, konnte ihn weder irgendwo in den prozessen noch durch irgendwelche fenster ausfindig machen, allerdings findet mbam ihn nach dem neustart immernoch und löscht ihn dann auch wieder :

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4325

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.07.2010 09:14:57
mbam-log-2010-07-19 (09-14-57).txt

Scan type: Full scan (C:\|D:\|F:\|)
Objects scanned: 339881
Time elapsed: 1 hour(s), 34 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\W34BCG2GRJ (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\AVSolution (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

hier noch der RSIT log von jetzt gerade :

Code:

ATTFilter

Logfile of random's system information tool 1.08 (written by random/random)
Run by i at 2010-07-19 11:54:49
Microsoft Windows 7 Professional  
System drive C: has 18 GB (30%) free of 60 GB
Total RAM: 2047 MB (64% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28 160496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28 882416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSSE"=c:\Program Files\Microsoft Security Essentials\msseces.exe [2010-06-01 1093208]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}"=C:\Program Files\Google\Gmail Notifier\gnotify.exe [2005-07-15 479232]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"AdobeCS5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
" Malwarebytes Anti-Malware  (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-05-13 26192168]
"Google Update"=C:\Users\i\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-03 135664]
"AdobeBridge"= []
"EPSON Stylus Photo R2400"=C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATI9SE.EXE [2007-01-10 177664]

C:\Users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Mozilla Thunderbird.lnk - C:\Program Files\Mozilla Thunderbird\thunderbird.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 1 months======

2010-07-19 11:09:47 ----D---- C:\Users\i\AppData\Roaming\Yahoo!
2010-07-19 11:09:47 ----D---- C:\ProgramData\Yahoo! Companion
2010-07-19 11:09:45 ----D---- C:\Program Files\Yahoo!
2010-07-19 11:08:35 ----D---- C:\rsit
2010-07-19 11:08:35 ----D---- C:\Program Files\trend micro
2010-07-19 01:04:42 ----A---- C:\mbam-error.txt
2010-07-13 11:52:22 ----D---- C:\REFlex
2010-07-12 10:13:50 ----A---- C:\Windows\_MSRSTRT.EXE
2010-07-11 23:58:39 ----D---- C:\Program Files\Sigma_Team
2010-07-11 23:55:16 ----D---- C:\Program Files\Sigma Team
2010-07-09 10:07:57 ----D---- C:\Program Files\MSXML 4.0
2010-07-08 23:50:54 ----D---- C:\Users\i\AppData\Roaming\Nokia Ovi Suite
2010-07-08 23:02:16 ----D---- C:\Program Files\PC Connectivity Solution
2010-07-08 23:00:42 ----D---- C:\ProgramData\NokiaInstallerCache
2010-07-08 22:39:04 ----D---- C:\Users\i\AppData\Roaming\Nokia
2010-07-08 22:38:02 ----D---- C:\Program Files\Common Files\PCSuite
2010-07-08 22:36:53 ----A---- C:\Windows\system32\drivers\pccsmcfd.sys
2010-07-08 22:28:16 ----D---- C:\ProgramData\PC Suite
2010-07-08 22:28:07 ----D---- C:\Users\i\AppData\Roaming\PC Suite
2010-07-08 21:49:34 ----D---- C:\ProgramData\Nokia
2010-07-08 21:48:20 ----D---- C:\Program Files\DIFX
2010-07-08 21:47:47 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-08 21:45:22 ----A---- C:\Windows\system32\nmwcdcls.dll
2010-07-08 21:42:49 ----D---- C:\Program Files\Common Files\Nokia
2010-07-08 21:42:46 ----D---- C:\Program Files\Nokia
2010-07-08 21:40:50 ----D---- C:\ProgramData\Installations
2010-07-06 10:23:01 ----D---- C:\Program Files\Codemasters
2010-07-02 00:28:36 ----D---- C:\Users\i\AppData\Roaming\Turbine
2010-07-02 00:25:26 ----D---- C:\Windows\system32\URTTEMP
2010-07-02 00:14:45 ----D---- C:\Program Files\Turbine
2010-07-01 21:27:20 ----D---- C:\ProgramData\PMB Files
2010-07-01 21:27:07 ----D---- C:\Program Files\Pando Networks
2010-07-01 11:28:46 ----A---- C:\Windows\system32\drivers\PnkBstrK.sys
2010-07-01 11:28:46 ----A---- C:\Users\i\AppData\Roaming\PnkBstrK.sys
2010-07-01 11:28:17 ----A---- C:\Windows\system32\PnkBstrB.exe
2010-07-01 11:28:15 ----A---- C:\Windows\system32\PnkBstrA.exe
2010-07-01 11:28:12 ----A---- C:\Windows\system32\pbsvc_heroes.exe
2010-07-01 11:15:32 ----D---- C:\Program Files\EA Games
2010-06-26 12:00:27 ----D---- C:\Program Files\IronPython 2.6 for .NET 4.0
2010-06-24 03:00:42 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2010-06-24 03:00:42 ----A---- C:\Windows\system32\PresentationHost.exe
2010-06-24 03:00:42 ----A---- C:\Windows\system32\netfxperf.dll
2010-06-24 03:00:42 ----A---- C:\Windows\system32\mscoree.dll
2010-06-24 03:00:42 ----A---- C:\Windows\system32\dfshim.dll
2010-06-23 10:38:10 ----A---- C:\Windows\system32\ntdll.dll
2010-06-23 10:38:09 ----A---- C:\Windows\system32\CPFilters.dll
2010-06-23 10:38:07 ----A---- C:\Windows\system32\msdri.dll

======List of files/folders modified in the last 1 months======

2010-07-19 11:54:02 ----D---- C:\Windows\Temp
2010-07-19 11:53:53 ----D---- C:\Windows\Prefetch
2010-07-19 11:24:36 ----D---- C:\Users\i\AppData\Roaming\Media Player Classic
2010-07-19 11:24:36 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-19 11:24:35 ----D---- C:\Windows\system32\LogFiles
2010-07-19 11:24:35 ----D---- C:\Windows
2010-07-19 11:09:47 ----HD---- C:\ProgramData
2010-07-19 11:09:45 ----RD---- C:\Program Files
2010-07-19 11:09:37 ----D---- C:\Program Files\CCleaner
2010-07-19 11:03:18 ----D---- C:\Windows\System32
2010-07-19 11:03:18 ----D---- C:\Windows\inf
2010-07-19 11:03:18 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-19 04:05:17 ----D---- C:\Windows\system32\config
2010-07-19 01:29:22 ----SHD---- C:\System Volume Information
2010-07-19 01:14:29 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-19 01:14:25 ----D---- C:\Windows\system32\drivers
2010-07-19 00:53:09 ----D---- C:\Users\i\AppData\Roaming\Skype
2010-07-19 00:53:04 ----D---- C:\Users\i\AppData\Roaming\skypePM
2010-07-19 00:52:43 ----D---- C:\Windows\Tasks
2010-07-19 00:30:35 ----D---- C:\Users\i\AppData\Roaming\QuickScan
2010-07-19 00:17:27 ----D---- C:\Windows\Branding
2010-07-19 00:10:21 ----D---- C:\Users\i\AppData\Roaming\foobar2000
2010-07-18 23:57:20 ----D---- C:\Windows\system32\drivers\etc
2010-07-18 23:54:23 ----D---- C:\Windows\debug
2010-07-18 23:50:49 ----D---- C:\Windows\system32\Tasks
2010-07-17 20:44:09 ----D---- C:\Users\i\AppData\Roaming\vlc
2010-07-17 17:50:00 ----D---- C:\Program Files\JDownloader
2010-07-16 17:50:24 ----SHD---- C:\Windows\Installer
2010-07-14 19:19:06 ----D---- C:\ProgramData\Microsoft Help
2010-07-14 19:18:05 ----D---- C:\Windows\system32\catroot2
2010-07-09 10:08:15 ----D---- C:\Windows\winsxs
2010-07-08 23:06:32 ----D---- C:\Windows\system32\catroot
2010-07-08 23:02:20 ----D---- C:\Windows\system32\DriverStore
2010-07-08 22:38:02 ----D---- C:\Program Files\Common Files
2010-07-04 12:36:31 ----D---- C:\Program Files\Adobe
2010-07-04 12:36:29 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-07-02 21:39:05 ----A---- C:\Windows\system32\MRT.exe
2010-07-02 00:42:17 ----D---- C:\Users\i\AppData\Roaming\Mozilla
2010-07-02 00:27:59 ----RSD---- C:\Windows\assembly
2010-07-02 00:27:18 ----D---- C:\Windows\Registration
2010-07-02 00:26:53 ----D---- C:\Program Files\Internet Explorer
2010-07-01 10:32:25 ----D---- C:\AdobeTemp
2010-06-29 08:52:18 ----D---- C:\Program Files\Microsoft Security Essentials
2010-06-28 23:58:19 ----D---- C:\Program Files\Mozilla Firefox
2010-06-26 12:45:37 ----D---- C:\Windows\Microsoft.NET
2010-06-25 17:20:17 ----D---- C:\Users\i\AppData\Roaming\dvdcss
2010-06-25 14:46:33 ----D---- C:\Users\i\AppData\Roaming\.purple
2010-06-24 23:23:22 ----D---- C:\Windows\system32\en-US
2010-06-24 23:23:20 ----D---- C:\Program Files\Microsoft.NET
2010-06-24 03:00:36 ----D---- C:\Windows\ehome
2010-06-24 03:00:26 ----D---- C:\Windows\AppPatch
2010-06-22 16:32:29 ----D---- C:\Windows\system32\NDF
2010-06-21 23:19:51 ----D---- C:\Program Files\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2008-02-06 44608]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-01 691696]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-03-25 151216]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
R2 rismxdp;Ricoh xD-Picture Card Driver; C:\Windows\system32\DRIVERS\rixdptsk.sys [2006-11-14 37376]
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 MODEMCSA;Unimodem Streaming Filter Device; C:\Windows\system32\drivers\MODEMCSA.sys [2009-07-14 18432]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATKACPI.sys [2007-07-31 7680]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-14 4231168]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 rimmptsk;rimmptsk; C:\Windows\system32\DRIVERS\rimmptsk.sys [2005-11-16 28928]
R3 rimsptsk;rimsptsk; C:\Windows\system32\DRIVERS\rimsptsk.sys [2005-12-22 51840]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 SMSCIRDA;SMSC Infrared Device Driver; C:\Windows\system32\DRIVERS\SMSCirda.sys [2007-04-25 31232]
R3 smserial;smserial; C:\Windows\system32\DRIVERS\smserial.sys [2009-10-26 1095936]
R3 usbvm321;USB2.0 0.35M WebCam; C:\Windows\System32\Drivers\usbvm321.sys [2009-11-01 205568]
S2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys []
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 46976]
S3 a1dplurs;a1dplurs; C:\Windows\system32\drivers\a1dplurs.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 Avc;AVC Device; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 40320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 52608]
S3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
S3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 scsiscan;SCSI Scanner Driver; C:\Windows\system32\DRIVERS\scsiscan.sys [2009-07-14 14848]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
S3 USBPNPA;USB PnP Sound Device Interface; C:\Windows\system32\drivers\CM108.sys [2007-06-28 1310720]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 LPDSVC;@%systemroot%\system32\lpdsvc.dll,-500; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [2010-03-25 17904]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-01-30 203296]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-07-01 75064]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
S2 NIHardwareService;NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-06-10 31064]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-11-02 655624]
S3 MatSvc;@%ProgramFiles%\Microsoft Fix it Center\MatsRes.dll,-9000; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-30 1343400]
S4 AppMgmt;Application Management; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 CscService;Offline Files; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S4 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 PeerDistSvc;BranchCache; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

ich hoffe euch genug informationen geliefert zu haben um mir evtl zu helfen.
vielen dank im vorraus.
werde jetzt nochmla mbam laufen lassen mal sehen was passiert.

Larusso · 19.07.2010, 14:51

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.

Speichere die Datei am Desktop.
Doppelklick auf die load.exe
Belasse die Häckchen wie sie sind.
Schließe nun alle offenen Programme.
Klicke auf Download
Bitte während dem Download nicht in das Fenster klicken.
Folge den Anweisungen auf dem Bildschirm.
Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.

xxxlalala · 19.07.2010, 15:27

hallo,
danke für die schnelle antwort.
wenn ich load.exe ausführe, ist dort kein häkchen bei malwarebytes, darunter steht Malwarebytes bereits installiert(was auch der fall ist).
er fragt mich aber wärend des laufens ob ich Malwarebytes updarten will.
klicke ich auf ok soll kommt ein fenster namens "run" und ich soll einen ordner oder eine datei angeben. wenn ich dann z.b. mbam.exe angebe startet eben dieses. load.exe minimiert sich in die taskleiste und weiter passiert nichts.

klicke ich auf cancel, erscheint die frage ob ihc 7zip installieren will. klicke ich auf ok. minimiert loader.exe und es passiert nichts weiter
klicke ich auf cancel erscheint das fenster status mit dem button "ok".
wenn ich auf ok klicke schließt sich das programm nach einer weile.

auf dem desktop ist ein ordner namens MFTools mit folgendem inhalt :
anleitung.pdf
inet.bat
inet.reg
scan.txt

die datei die in der anleitung.pdf von mir verlangt wird zu öffnen ist dort leider nicht.

ich selber würde jetzt mbam und 7zip deinstallieren. aber ich mache hier am besten gar nichts ohne anweisung.

vor der antwort hier hatte ich im abgesichertgen modus noch einen mbam durchlauf(full scan) ohne fund und noch einen quick scan im normalen modus ebenfalls ohne fund. aber das nur zur info

Larusso · 19.07.2010, 15:33

MBAM startet garnicht?
Wenn das RUN Fenster aufgeht, schreibt es normal mbam rein und startet es, das kann ein paar Sekunden dauern bis es läuft.

Sorry, ist mein Tool und gab bis jetzt nie Probleme, darum frage ich nach

Aber mir scheint mehr als würde da was geblockt, da sich auch die Tools nicht im Ordner befinden.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

xxxlalala · 19.07.2010, 15:58

doch mbam startet. es startet wenn ich mbam eingebe in das run fenster oder wenn ich mbam.exe such (mit browse). aber egal ob ich dann in mbam nen update mache, es einfach offen lasse, es schließe, oder nen update mache und es dann schließe, passiert weiter nichts.
ich hoffe das ich nciht zu ungeduldig bin oder sowas oder dass ich dein programm falsch bediene.

ich dneke ich muss die logs teilen, weil sie sonst zu lang sind zumindest hat das forum eine art zeitüberschreitung gehabt wenn ich alle auf einmal poste

hier die logs
otl.txt
ich ersetze einfach mal meinen namen mit maxmuster

Code:

ATTFilter

OTL logfile created on: 19.07.2010 16:39:23 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\i\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 17,61 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
Drive D: | 239,50 Gb Total Space | 11,46 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,89 Gb Total Space | 1,53 Gb Free Space | 80,80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: I-PC
Current User Name: i
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
PRC - [2010.06.01 14:53:46 | 001,093,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Essentials\msseces.exe
PRC - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:30 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\reg.exe
PRC - [2009.07.14 03:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009.07.14 03:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010.06.14 15:07:14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.05.30 03:00:53 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.10 17:05:58 | 000,266,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe -- (MatSvc)
SRV - [2010.03.25 21:40:44 | 000,017,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.02 00:02:58 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:36 | 000,038,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\lpdsvc.dll -- (LPDSVC)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2007.01.11 04:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2010.03.25 21:30:22 | 000,151,216 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\System32\drivers\MpFilter.sys -- (MpFilter)
DRV - [2010.03.25 21:30:22 | 000,042,368 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010.03.04 13:42:58 | 000,277,536 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2010.02.26 14:32:58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.02.26 14:32:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.02.26 14:32:44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.02.26 14:32:44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.01 19:29:02 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.01 13:41:03 | 000,205,568 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\usbvm321.sys -- (usbvm321)
DRV - [2009.10.26 16:09:06 | 001,095,936 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2009.09.23 10:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:14:43 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\scsiscan.sys -- (scsiscan)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:25 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MODEMCSA.sys -- (MODEMCSA)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:27 | 000,046,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\61883.sys -- (61883)
DRV - [2009.07.14 01:51:27 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avc.sys -- (Avc)
DRV - [2009.07.14 01:51:25 | 000,052,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV - [2009.07.14 01:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.01.30 10:12:00 | 007,544,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.07.31 03:39:00 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2007.06.28 07:18:10 | 001,310,720 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM108.sys -- (USBPNPA)
DRV - [2007.04.25 14:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006.11.14 18:35:20 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005.12.22 18:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005.11.16 21:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.maxmuster.de/test/index.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 69 72 CA 26 B5 A2 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://igoogle.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.23
FF - prefs.js..extensions.enabledItems: copylinkurl@bluelightdev.com:1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: LDSI_plashcor@gmail.com:0.6.7
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.18.0
FF - prefs.js..extensions.enabledItems: bkmrksync@nokia.com:1.0.0.732
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.07.08 22:38:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.08 23:02:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.06.28 23:58:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.16 17:50:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.04.10 04:30:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.08 23:02:26 | 000,000,000 | ---D | M]
 
[2010.03.02 02:47:31 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Extensions
[2010.03.02 02:47:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.19 11:25:48 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions
[2010.07.04 12:40:31 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.07.10 11:42:10 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.19 10:52:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.06.04 12:18:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.07.01 11:15:08 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\battlefieldheroespatcher@ea.com
[2010.01.24 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\copylinkurl@bluelightdev.com
[2010.05.02 15:48:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\LDSI_plashcor@gmail.com
[2010.02.25 10:51:39 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\extensions\linky@gemal.dk
[2010.04.11 14:55:38 | 000,000,737 | ---- | M] () -- C:\Users\i\AppData\Roaming\Mozilla\Firefox\Profiles\ej9n5zjk.default\searchplugins\captaincrawl.xml
[2010.07.19 00:28:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.12 19:41:20 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.12 19:41:20 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.12 19:41:20 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.12 19:41:20 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.12 19:41:20 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

xxxlalala · 19.07.2010, 16:00

extras.txt

Code:

ATTFilter

OTL Extras logfile created on: 19.07.2010 16:39:23 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\i\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 58,50 Gb Total Space | 17,61 Gb Free Space | 30,11% Space Free | Partition Type: NTFS
Drive D: | 239,50 Gb Total Space | 11,46 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 1,89 Gb Total Space | 1,53 Gb Free Space | 80,80% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: I-PC
Current User Name: i
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.js [@ = jsfile] -- C:\Program Files\Adobe\Adobe Dreamweaver CS5\Dreamweaver.exe (Adobe Systems, Inc.)
.txt [@ = txtfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{09C468CA-2940-466A-AAE8-DCC0C6E9323C}" = Nokia Software Updater
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14DBB6F9-62DD-487C-91BB-17333552BF36}" = Adobe Setup
"{15206372-2480-4698-9879-9825F12A307B}" = Adobe Premiere Pro CS4 Third Party Content
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}" = Nokia PC Suite
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 17
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6829EF-0791-4FDD-9382-C690DD0821B9}" = Adobe Flash Player 10 ActiveX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E093855-359A-43EC-9D36-60B087C6215E}" = IronPython 2.6 for .NET 4.0
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A6ED905-D19D-4954-8499-0DAF386460F7}" = Media Manager for WALKMAN 1.2
"{5C963017-1A53-425B-8B2B-9495AF15382C}" = Adobe Media Encoder CS4 Importer
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{701E5B2B-09A3-4EF0-81D6-455C9B8ED073}" = Adobe Setup
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{81CB77FF-9789-4337-A46E-185F7876AC40}" = Adobe Photoshop Lightroom 2.6
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{84C7A433-CED3-4410-9D69-0BF5486B9631}" = Sony CD Architect 5.2
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8925AD1C-13DE-4709-9E88-6A0C320D0D43}" = ICC Profiles
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9B13886-4787-4BE5-B291-7A668CF30F1E}" = EPSON ColorBase
"{ABA38B85-6F0A-43F0-9DF6-73066B0E9054}" = Adobe Setup
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0321}" = USB2.0 0.35M WebCam
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6DDE2AE-8E63-48C4-89C5-EACD4AC6E665}" = UltraEdit 16.00
"{C71607E2-84EC-4C1F-A649-82E530920C23}" = Adobe Setup
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D0ACED35-5F54-4898-97AC-C1456323A8E3}" = Adobe Media Encoder CS4 Exporter
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F5371573-B045-4A4C-9171-6D99C8FAC876}" = Adobe After Effects CS4 Third Party Content
"{F600CCF3-9C88-4A22-B0B4-DDA82E997118}" = Adobe After Effects CS4 Template Projects & Footage
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBB02B04-C034-4382-A3F6-57416E2752C4}" = Adobe Creative Suite 5 Master Collection
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"34EA302E7F4CBD17A19E33BBCB72363234956D7E" = Windows Driver Package - Nokia Modem  (06/09/2010 4.5)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_126a6c50d960aa4e8761045cec9b633" = Adobe Media Encoder CS4 Exporter
"Adobe_15f4da9bfad48542a17f089e7c5e0ab" = Adobe After Effects CS4 Third Party Content
"Adobe_48bbd0b5673fdf22ea2ad2f6f129e8e" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_5445c5ddd9a5c69582d3c1e2bba18f7" = Adobe Creative Suite 4 Master Collection
"Adobe_5a8cdebdcb3cd1974a9407c51ce9b53" = Adobe Media Encoder CS4 Importer
"ASIO4ALL" = ASIO4ALL
"CCleaner" = CCleaner
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"EEEE705096F837B7907659F100C9FE6DA001970F" = Windows Driver Package - Nokia Modem  (06/09/2010 7.01.0.7)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"foobar2000" = foobar2000 v1.0.1
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (remove only)
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.24567
"Live 8.0.4" = Live 8.0.4
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Essentials" = Microsoft Security Essentials
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Pidgin" = Pidgin
"PunkBusterSvc" = PunkBuster Services
"SilverFast Epson" = SilverFast Epson 6.6.2r1
"SilverFast HDRStudio" = SilverFast HDRStudio 6.6.0r1
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"SystemRequirementsLab" = System Requirements Lab
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"ViceVersa Pro 2_is1" = ViceVersa Pro 2 (Build 2012)
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Zenses2" = Zenses2 Beta2
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.07.2010 23:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 00:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 01:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 02:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 03:54:08 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 04:54:07 | Computer Name = i-PC | Source = Google Update | ID = 20
Description = 
 
Error - 19.07.2010 07:50:28 | Computer Name = i-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 19.07.2010 07:50:49 | Computer Name = i-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 19.07.2010 07:50:49 | Computer Name = i-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  .
 
Error - 19.07.2010 10:08:07 | Computer Name = i-PC | Source = MBAMService | ID = 131073
Description = 
 
[ OSession Events ]
Error - 06.05.2010 17:29:22 | Computer Name = i-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5001, Microsoft Office Version: 12.0.6425.1000. This session lasted 21
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 17.05.2010 16:01:14 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 17.05.2010 16:57:34 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 17.05.2010 17:46:19 | Computer Name = i-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 18.05.2010 04:34:46 | Computer Name = i-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 18.05.2010 19:41:19 | Computer Name = i-PC | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error:   %%2
 
Error - 19.05.2010 02:40:09 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 19.05.2010 02:44:23 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 19.05.2010 02:46:16 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 19.05.2010 02:46:46 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
Error - 19.05.2010 02:47:27 | Computer Name = i-PC | Source = Schannel | ID = 36888
Description = The following fatal alert was generated: 10. The internal error state
 is 10.
 
 
< End of report >

xxxlalala · 19.07.2010, 15:59

otl.txt teil 2

Code:

ATTFilter

 
Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [EPSON Stylus Photo R2400] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATI9SE.EXE (SEIKO EPSON CORPORATION)
O4 - Startup: C:\Users\i\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk = C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: digitalriver.com ([windows7] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{398ed822-80fc-11df-ac4e-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{398ed822-80fc-11df-ac4e-0018f3af945a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4110cd2a-c70c-11de-97ba-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{4110cd2a-c70c-11de-97ba-0018f3af945a}\Shell\AutoRun\command - "" = G:\AS2conscription.exe -- File not found
O33 - MountPoints2\{462ff3aa-01bf-11df-a769-0018f3af945a}\Shell - "" = AutoRun
O33 - MountPoints2\{462ff3aa-01bf-11df-a769-0018f3af945a}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.19 16:37:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
[2010.07.19 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\MFTools
[2010.07.19 13:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.07.19 11:09:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2010.07.19 11:09:47 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Yahoo!
[2010.07.19 11:09:45 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010.07.19 11:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.19 11:08:35 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.17 21:59:38 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\panik_koljah_nmzs_-_spastik_desaster_2009
[2010.07.13 11:52:22 | 000,000,000 | ---D | C] -- C:\REFlex
[2010.07.12 00:00:34 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\AlienShooter2 Conscription Saves
[2010.07.11 23:58:39 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma_Team
[2010.07.11 23:55:16 | 000,000,000 | ---D | C] -- C:\Program Files\Sigma Team
[2010.07.11 23:38:49 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Ovi
[2010.07.09 10:07:57 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2010.07.08 23:50:54 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Nokia Ovi Suite
[2010.07.08 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\NokiaAccount
[2010.07.08 23:04:35 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Nokia
[2010.07.08 23:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.07.08 23:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.07.08 22:39:04 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Nokia
[2010.07.08 22:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2010.07.08 22:36:53 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.07.08 22:28:16 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2010.07.08 22:28:07 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\PC Suite
[2010.07.08 21:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010.07.08 21:48:20 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2010.07.08 21:47:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2010.07.08 21:45:22 | 000,092,672 | ---- | C] (Nokia) -- C:\Windows\System32\nmwcdcls.dll
[2010.07.08 21:42:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nokia
[2010.07.08 21:42:46 | 000,000,000 | ---D | C] -- C:\Program Files\Nokia
[2010.07.08 21:40:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations
[2010.07.07 12:19:11 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\nicolebilder
[2010.07.06 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\The Lord of the Rings Online
[2010.07.06 20:37:49 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\The Lord of the Rings Online
[2010.07.06 10:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2010.07.06 09:46:30 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\alesschau
[2010.07.04 13:50:04 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\bla
[2010.07.03 13:20:46 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Battlefield Heroes
[2010.07.03 00:15:32 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\My Downloads
[2010.07.02 00:32:10 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Dungeons and Dragons Online
[2010.07.02 00:28:36 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Turbine
[2010.07.02 00:28:15 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Turbine
[2010.07.02 00:27:18 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\ApplicationHistory
[2010.07.02 00:25:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2010.07.02 00:14:45 | 000,000,000 | ---D | C] -- C:\Program Files\Turbine
[2010.07.01 21:27:22 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\PMB Files
[2010.07.01 21:27:20 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2010.07.01 21:27:07 | 000,000,000 | ---D | C] -- C:\Program Files\Pando Networks
[2010.07.01 16:54:46 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\PunkBuster
[2010.07.01 11:15:32 | 000,000,000 | ---D | C] -- C:\Program Files\EA Games
[2010.06.30 09:22:26 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\seiteoffline
[2010.06.26 12:09:39 | 000,000,000 | ---D | C] -- C:\Users\i\workspace
[2010.06.26 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\IronPython 2.6 for .NET 4.0
[2010.06.21 14:21:03 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\herkansing marko
[2010.06.21 11:26:54 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\internetneu
[2010.06.20 00:33:48 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Sidhe
[2010.06.18 16:19:43 | 000,000,000 | ---D | C] -- C:\Users\i\Documents\Adobe Scripts
[2010.06.17 20:45:08 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON ColorBase
[2010.06.17 16:58:32 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010.06.17 16:58:02 | 000,000,000 | ---D | C] -- C:\Program Files\EPSON
[2010.06.17 14:17:31 | 000,000,000 | ---D | C] -- C:\Program Files\SilverFast Application
[2010.06.17 14:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\SilverFast
[2010.06.07 23:40:27 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\dlll
[2010.06.06 17:53:22 | 000,000,000 | ---D | C] -- C:\Program Files\CoreCodec
[2010.05.30 03:00:55 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.05.26 22:01:27 | 001,376,079 | ---- | C] (Copyright (C) 2007-2010    Ibadov Tariel   <tariel@code-industry.net>) -- C:\Windows\System32\imgport.dll
[2010.05.26 22:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\ImagePrinter
[2010.05.26 21:58:48 | 000,000,000 | ---D | C] -- C:\Program Files\office Convert Pdf to Jpg Jpeg Tiff Free
[2010.05.26 20:12:59 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010.05.21 11:09:14 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.05.21 11:09:14 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Adobe Mini Bridge CS5
[2010.05.19 10:12:35 | 000,000,000 | --SD | C] -- C:\Users\i\AppData\Roaming\Virtual CD v10
[2010.05.19 09:53:23 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\NCH Software
[2010.05.17 20:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\ALM
[2010.05.14 18:00:46 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\Publish Providers
[2010.05.07 00:44:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Office Genuine Advantage
[2010.05.06 23:43:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.05.06 23:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.05.06 23:12:05 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Microsoft Help
[2010.05.06 23:12:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.05.06 23:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.05.06 23:10:20 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.05.06 22:57:27 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010.05.04 19:21:57 | 000,000,000 | ---D | C] -- C:\Users\i\Desktop\Linotype.Frutiger.Next.WinALL.Commercial.FONT-TYPO
[2010.05.01 22:50:44 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Local\Mixxx
[2010.05.01 22:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mixxx
[2010.05.01 21:34:42 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2010.04.23 13:03:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.04.21 16:57:06 | 000,000,000 | ---D | C] -- C:\Users\i\AppData\Roaming\vlc
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.19 16:41:32 | 004,194,304 | -HS- | M] () -- C:\Users\i\NTUSER.DAT
[2010.07.19 16:37:45 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.19 16:37:45 | 000,013,472 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.19 16:37:20 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\i\Desktop\OTL.exe
[2010.07.19 16:35:07 | 000,739,790 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.19 16:35:07 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.19 16:35:07 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.19 16:30:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.19 16:30:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.19 16:30:26 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.19 16:29:12 | 001,540,559 | -H-- | M] () -- C:\Users\i\AppData\Local\IconCache.db
[2010.07.19 16:22:25 | 000,007,627 | ---- | M] () -- C:\Users\i\AppData\Local\Resmon.ResmonCfg
[2010.07.19 15:58:38 | 000,410,680 | ---- | M] () -- C:\Users\i\Desktop\Load.exe
[2010.07.19 15:52:28 | 000,002,943 | ---- | M] () -- C:\Users\i\Desktop\HiJackThis.lnk
[2010.07.19 11:46:52 | 000,150,136 | ---- | M] () -- C:\Users\i\Desktop\essentialslog.jpg
[2010.07.19 11:46:52 | 000,001,456 | ---- | M] () -- C:\Users\i\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.07.19 11:45:49 | 000,222,755 | ---- | M] () -- C:\Users\i\Desktop\essentialslog.psd
[2010.07.19 11:25:42 | 000,035,192 | ---- | M] () -- C:\Users\i\Documents\cc_20100719_112537.reg
[2010.07.19 11:09:41 | 000,000,969 | ---- | M] () -- C:\Users\i\Desktop\CCleaner.lnk
[2010.07.19 11:08:13 | 000,339,991 | ---- | M] () -- C:\Users\i\Desktop\RSIT.exe
[2010.07.19 11:02:59 | 000,001,438 | ---- | M] () -- C:\Users\i\Desktop\firefox.exe - Shortcut.lnk
[2010.07.19 01:14:29 | 000,001,007 | ---- | M] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:14:29 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:03:25 | 000,363,520 | ---- | M] () -- C:\Users\i\Desktop\rkill.com
[2010.07.16 15:53:36 | 027,810,221 | ---- | M] () -- C:\Users\i\Desktop\16072010005.mp4
[2010.07.12 10:13:52 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.12 00:02:24 | 108,827,564 | ---- | M] () -- C:\Users\i\Desktop\Schatten_seperat.tif
[2010.07.11 23:43:14 | 000,010,752 | ---- | M] () -- C:\Users\i\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.08 23:03:35 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.08 22:38:09 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.07.08 22:25:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.08 21:43:14 | 000,002,088 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.07.07 16:12:19 | 000,192,894 | ---- | M] () -- C:\Users\i\Desktop\sbb.pdf
[2010.07.06 12:27:07 | 000,015,364 | -H-- | M] () -- C:\Users\Public\Documents\.DS_Store
[2010.07.06 12:25:55 | 000,000,082 | -H-- | M] () -- C:\Users\Public\Documents\._sbb.pdf
[2010.07.05 23:42:40 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.05 23:42:19 | 000,215,016 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.05 15:02:46 | 001,897,016 | ---- | M] () -- C:\Users\Public\Documents\P7058246.JPG
[2010.07.05 15:02:42 | 002,035,287 | ---- | M] () -- C:\Users\Public\Documents\P7058244.JPG
[2010.07.04 17:50:40 | 000,192,894 | ---- | M] () -- C:\Users\Public\Documents\sbb.pdf
[2010.07.03 12:51:42 | 000,138,056 | ---- | M] () -- C:\Users\i\AppData\Roaming\PnkBstrK.sys
[2010.07.03 12:51:27 | 002,427,248 | ---- | M] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.07.02 00:28:17 | 000,000,089 | ---- | M] () -- C:\Users\i\AppData\Local\fusioncache.dat
[2010.06.30 10:02:47 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 08:51:48 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.27 11:13:42 | 000,010,235 | ---- | M] () -- C:\Users\i\Desktop\Doc5.docx
[2010.06.25 21:39:03 | 000,073,701 | -H-- | M] () -- C:\Users\Public\Documents\._hallo2.jpg
[2010.06.25 21:38:57 | 000,073,758 | -H-- | M] () -- C:\Users\Public\Documents\._hallo1.jpg
[2010.06.25 21:34:36 | 003,757,567 | ---- | M] () -- C:\Users\Public\Documents\hallo2.jpg
[2010.06.25 21:34:02 | 003,757,746 | ---- | M] () -- C:\Users\Public\Documents\hallo1.jpg
[2010.06.23 19:28:53 | 000,073,043 | -H-- | M] () -- C:\Users\Public\Documents\._gut7.jpg
[2010.06.23 19:28:43 | 000,074,385 | -H-- | M] () -- C:\Users\Public\Documents\._gut6.jpg
[2010.06.23 19:24:14 | 003,610,875 | ---- | M] () -- C:\Users\Public\Documents\gut7.jpg
[2010.06.23 19:23:30 | 003,702,399 | ---- | M] () -- C:\Users\Public\Documents\gut6.jpg
[2010.06.23 18:39:51 | 000,066,262 | -H-- | M] () -- C:\Users\Public\Documents\._na2444.jpg
[2010.06.23 18:37:28 | 000,072,788 | -H-- | M] () -- C:\Users\Public\Documents\._sofia3.jpg
[2010.06.23 18:36:52 | 000,074,451 | -H-- | M] () -- C:\Users\Public\Documents\._gut4.jpg
[2010.06.23 18:36:39 | 000,074,801 | -H-- | M] () -- C:\Users\Public\Documents\._gut3.jpg
[2010.06.23 18:36:02 | 001,908,885 | ---- | M] () -- C:\Users\Public\Documents\na2444.jpg
[2010.06.23 18:32:28 | 007,713,743 | ---- | M] () -- C:\Users\Public\Documents\gut4.jpg
[2010.06.23 18:30:48 | 007,025,611 | ---- | M] () -- C:\Users\Public\Documents\gut3.jpg
[2010.06.23 18:26:50 | 000,073,310 | -H-- | M] () -- C:\Users\Public\Documents\._12.jpg
[2010.06.23 18:26:13 | 000,072,714 | -H-- | M] () -- C:\Users\Public\Documents\._gut2.jpg
[2010.06.23 18:26:04 | 000,072,850 | -H-- | M] () -- C:\Users\Public\Documents\._gut1.jpg
[2010.06.23 18:17:50 | 004,725,714 | ---- | M] () -- C:\Users\Public\Documents\gut2.jpg
[2010.06.23 18:17:10 | 005,033,392 | ---- | M] () -- C:\Users\Public\Documents\gut1.jpg
[2010.06.21 23:22:08 | 000,049,664 | ---- | M] () -- C:\Users\i\Desktop\Sinn,Kunst,Reden.doc
[2010.06.21 11:05:45 | 001,285,120 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2-2.doc
[2010.06.20 19:51:47 | 000,401,989 | ---- | M] () -- C:\Users\i\Desktop\24-10--25-copy.jpg
[2010.06.20 19:33:12 | 000,432,716 | ---- | M] () -- C:\Users\i\Desktop\24-10--17-copy.jpg
[2010.06.20 00:42:12 | 004,303,294 | ---- | M] () -- C:\Users\Public\Documents\12.jpg
[2010.06.19 19:43:42 | 000,014,476 | ---- | M] () -- C:\Users\i\Desktop\AFSPRAKEN max muster.docx
[2010.06.19 19:43:20 | 000,010,488 | ---- | M] () -- C:\Users\i\Desktop\Doc3.docx
[2010.06.19 16:55:23 | 001,280,512 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2.doc
[2010.06.19 13:58:22 | 001,273,856 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2.doc
[2010.06.19 12:32:46 | 000,024,576 | ---- | M] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1.doc
[2010.06.17 22:42:12 | 000,090,328 | -H-- | M] () -- C:\Users\i\Desktop\SFthumbs(HDRstudio).thdb
[2010.06.17 16:42:45 | 003,155,647 | ---- | M] () -- C:\Users\i\Desktop\r2400_ug.pdf
[2010.06.17 14:20:36 | 000,001,036 | ---- | M] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\SF Launcher.lnk
[2010.06.17 14:20:36 | 000,001,012 | ---- | M] () -- C:\Users\i\Desktop\SF Launcher.lnk
[2010.06.15 15:36:57 | 000,020,000 | -H-- | M] () -- C:\ProgramData\V36QQ
[2010.06.14 12:17:37 | 000,020,531 | -H-- | M] () -- C:\ProgramData\T09F8
[2010.06.12 18:53:49 | 003,686,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.06.06 17:19:10 | 000,053,594 | ---- | M] () -- C:\Users\i\Documents\cc_20100606_171904.reg
[2010.06.05 04:20:10 | 000,289,664 | ---- | M] () -- C:\Users\Public\Documents\IMG.pdf
[2010.05.29 00:01:42 | 003,459,735 | ---- | M] () -- C:\Users\Public\Documents\sofia3.jpg
[2010.05.28 21:03:42 | 178,559,288 | ---- | M] () -- C:\Users\i\Desktop\2010_05_28_16_00_01_ch2.avf
[2010.05.25 19:20:55 | 000,067,718 | -H-- | M] () -- C:\Users\Public\Documents\._gutoriginal.jpg
[2010.05.14 18:00:33 | 000,002,524 | ---- | M] () -- C:\Users\i\Documents\Register CD Architect.htm
[2010.05.07 00:43:44 | 000,066,104 | ---- | M] () -- C:\Users\i\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.19 15:58:37 | 000,410,680 | ---- | C] () -- C:\Users\i\Desktop\Load.exe
[2010.07.19 15:52:28 | 000,002,943 | ---- | C] () -- C:\Users\i\Desktop\HiJackThis.lnk
[2010.07.19 11:46:51 | 000,150,136 | ---- | C] () -- C:\Users\i\Desktop\essentialslog.jpg
[2010.07.19 11:45:47 | 000,222,755 | ---- | C] () -- C:\Users\i\Desktop\essentialslog.psd
[2010.07.19 11:25:39 | 000,035,192 | ---- | C] () -- C:\Users\i\Documents\cc_20100719_112537.reg
[2010.07.19 11:08:11 | 000,339,991 | ---- | C] () -- C:\Users\i\Desktop\RSIT.exe
[2010.07.19 11:02:59 | 000,001,438 | ---- | C] () -- C:\Users\i\Desktop\firefox.exe - Shortcut.lnk
[2010.07.19 01:14:29 | 000,001,007 | ---- | C] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
[2010.07.19 01:03:20 | 000,363,520 | ---- | C] () -- C:\Users\i\Desktop\rkill.com
[2010.07.17 14:54:14 | 108,827,564 | ---- | C] () -- C:\Users\i\Desktop\Schatten_seperat.tif
[2010.07.16 17:59:37 | 027,810,221 | ---- | C] () -- C:\Users\i\Desktop\16072010005.mp4
[2010.07.12 10:13:50 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2010.07.08 23:53:55 | 000,010,752 | ---- | C] () -- C:\Users\i\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.08 23:03:35 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.08 22:38:09 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Nokia PC Suite.lnk
[2010.07.08 22:25:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.08 21:43:14 | 000,002,088 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Software Updater.lnk
[2010.07.07 16:12:17 | 000,192,894 | ---- | C] () -- C:\Users\i\Desktop\sbb.pdf
[2010.07.06 12:27:07 | 001,897,016 | ---- | C] () -- C:\Users\Public\Documents\P7058246.JPG
[2010.07.06 12:26:23 | 002,035,287 | ---- | C] () -- C:\Users\Public\Documents\P7058244.JPG
[2010.07.06 12:25:55 | 000,192,894 | ---- | C] () -- C:\Users\Public\Documents\sbb.pdf
[2010.07.06 12:25:55 | 000,000,082 | -H-- | C] () -- C:\Users\Public\Documents\._sbb.pdf
[2010.07.02 00:28:17 | 000,000,089 | ---- | C] () -- C:\Users\i\AppData\Local\fusioncache.dat
[2010.07.01 16:55:06 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.07.01 11:28:46 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.07.01 11:28:46 | 000,138,056 | ---- | C] () -- C:\Users\i\AppData\Roaming\PnkBstrK.sys
[2010.07.01 11:28:17 | 000,215,016 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.07.01 11:28:15 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.07.01 11:28:12 | 002,427,248 | ---- | C] () -- C:\Windows\System32\pbsvc_heroes.exe
[2010.06.30 10:02:47 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.06.29 08:51:48 | 000,001,029 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk
[2010.06.27 11:13:40 | 000,010,235 | ---- | C] () -- C:\Users\i\Desktop\Doc5.docx
[2010.06.25 21:38:50 | 003,757,746 | ---- | C] () -- C:\Users\Public\Documents\hallo1.jpg
[2010.06.25 21:38:50 | 003,757,567 | ---- | C] () -- C:\Users\Public\Documents\hallo2.jpg
[2010.06.25 21:38:50 | 000,073,758 | -H-- | C] () -- C:\Users\Public\Documents\._hallo1.jpg
[2010.06.25 21:38:50 | 000,073,701 | -H-- | C] () -- C:\Users\Public\Documents\._hallo2.jpg
[2010.06.23 19:28:46 | 003,610,875 | ---- | C] () -- C:\Users\Public\Documents\gut7.jpg
[2010.06.23 19:28:46 | 000,073,043 | -H-- | C] () -- C:\Users\Public\Documents\._gut7.jpg
[2010.06.23 19:28:37 | 003,702,399 | ---- | C] () -- C:\Users\Public\Documents\gut6.jpg
[2010.06.23 19:28:37 | 000,074,385 | -H-- | C] () -- C:\Users\Public\Documents\._gut6.jpg
[2010.06.23 18:39:48 | 001,908,885 | ---- | C] () -- C:\Users\Public\Documents\na2444.jpg
[2010.06.23 18:39:48 | 000,066,262 | -H-- | C] () -- C:\Users\Public\Documents\._na2444.jpg
[2010.06.23 18:37:21 | 003,459,735 | ---- | C] () -- C:\Users\Public\Documents\sofia3.jpg
[2010.06.23 18:37:21 | 000,072,788 | -H-- | C] () -- C:\Users\Public\Documents\._sofia3.jpg
[2010.06.23 18:36:27 | 007,713,743 | ---- | C] () -- C:\Users\Public\Documents\gut4.jpg
[2010.06.23 18:36:27 | 007,025,611 | ---- | C] () -- C:\Users\Public\Documents\gut3.jpg
[2010.06.23 18:36:27 | 000,074,801 | -H-- | C] () -- C:\Users\Public\Documents\._gut3.jpg
[2010.06.23 18:36:27 | 000,074,451 | -H-- | C] () -- C:\Users\Public\Documents\._gut4.jpg
[2010.06.23 18:26:43 | 004,303,294 | ---- | C] () -- C:\Users\Public\Documents\12.jpg
[2010.06.23 18:26:43 | 000,073,310 | -H-- | C] () -- C:\Users\Public\Documents\._12.jpg
[2010.06.23 18:25:55 | 005,033,392 | ---- | C] () -- C:\Users\Public\Documents\gut1.jpg
[2010.06.23 18:25:55 | 004,725,714 | ---- | C] () -- C:\Users\Public\Documents\gut2.jpg
[2010.06.23 18:25:55 | 000,072,850 | -H-- | C] () -- C:\Users\Public\Documents\._gut1.jpg
[2010.06.23 18:25:55 | 000,072,714 | -H-- | C] () -- C:\Users\Public\Documents\._gut2.jpg
[2010.06.21 23:22:08 | 000,049,664 | ---- | C] () -- C:\Users\i\Desktop\Sinn,Kunst,Reden.doc
[2010.06.20 19:51:47 | 000,401,989 | ---- | C] () -- C:\Users\i\Desktop\24-10--25-copy.jpg
[2010.06.20 19:33:11 | 000,432,716 | ---- | C] () -- C:\Users\i\Desktop\24-10--17-copy.jpg
[2010.06.19 19:43:42 | 000,014,476 | ---- | C] () -- C:\Users\i\Desktop\AFSPRAKEN max muster.docx
[2010.06.19 19:43:17 | 000,010,488 | ---- | C] () -- C:\Users\i\Desktop\Doc3.docx
[2010.06.19 17:06:38 | 001,285,120 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2-2.doc
[2010.06.19 16:55:08 | 001,280,512 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2-2.doc
[2010.06.19 13:58:21 | 001,273,856 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1-2.doc
[2010.06.19 12:32:45 | 000,024,576 | ---- | C] () -- C:\Users\i\Desktop\Können wir sinnvoll über Kunst sprechen1.doc
[2010.06.17 20:25:50 | 178,559,288 | ---- | C] () -- C:\Users\i\Desktop\2010_05_28_16_00_01_ch2.avf
[2010.06.17 16:42:35 | 003,155,647 | ---- | C] () -- C:\Users\i\Desktop\r2400_ug.pdf
[2010.06.17 14:17:37 | 000,001,036 | ---- | C] () -- C:\Users\i\Application Data\Microsoft\Internet Explorer\Quick Launch\SF Launcher.lnk
[2010.06.17 14:17:37 | 000,001,012 | ---- | C] () -- C:\Users\i\Desktop\SF Launcher.lnk
[2010.06.16 00:10:00 | 000,090,328 | -H-- | C] () -- C:\Users\i\Desktop\SFthumbs(HDRstudio).thdb
[2010.06.15 15:34:38 | 000,020,000 | -H-- | C] () -- C:\ProgramData\V36QQ
[2010.06.14 12:51:32 | 000,055,808 | -HS- | C] () -- C:\Users\i\Thumbs.db
[2010.06.06 17:19:05 | 000,053,594 | ---- | C] () -- C:\Users\i\Documents\cc_20100606_171904.reg
[2010.06.05 14:36:05 | 000,289,664 | ---- | C] () -- C:\Users\Public\Documents\IMG.pdf
[2010.05.25 19:20:23 | 000,067,718 | -H-- | C] () -- C:\Users\Public\Documents\._gutoriginal.jpg
[2010.05.17 23:00:18 | 000,001,456 | ---- | C] () -- C:\Users\i\AppData\Local\Adobe Save for Web 12.0 Prefs
[2010.05.14 18:00:33 | 000,002,524 | ---- | C] () -- C:\Users\i\Documents\Register CD Architect.htm
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.25 23:30:50 | 000,000,038 | ---- | C] () -- C:\Windows\BookPrintXP.ini
[2010.02.03 02:21:49 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.04 19:26:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2009.11.04 19:26:06 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2009.11.04 19:26:06 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2009.11.04 19:26:05 | 000,003,072 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2009.11.04 19:26:05 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2009.11.04 19:26:05 | 000,000,021 | ---- | C] () -- C:\Windows\SurCode.INI
[2009.11.01 19:22:23 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2005.11.11 12:43:28 | 000,172,032 | ---- | C] () -- C:\Windows\System32\libssl32.dll
[2005.11.11 12:43:24 | 000,887,296 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2005.08.31 10:20:00 | 000,233,557 | ---- | C] () -- C:\Windows\System32\esint54.dll
[2005.05.06 20:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
 
========== LOP Check ==========
 
[2010.06.25 14:46:33 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\.purple
[2010.02.27 19:18:33 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Ableton
[2010.02.19 02:59:29 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Acreon
[2009.11.01 20:02:05 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\DAEMON Tools Lite
[2009.11.01 19:22:03 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\DAEMON Tools Pro
[2010.02.24 21:18:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Extensis
[2010.02.17 02:23:11 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\FOG Downloader
[2010.07.19 00:10:21 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\foobar2000
[2010.03.25 01:00:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\gtk-2.0
[2010.03.25 23:31:26 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Keseling
[2010.06.19 17:37:02 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Lasersoft Imaging
[2010.07.11 23:52:11 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Nokia
[2010.07.08 23:50:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Nokia Ovi Suite
[2009.11.20 20:00:51 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\OpenOffice.org
[2010.07.08 22:40:58 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\PC Suite
[2010.05.14 18:00:46 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Publish Providers
[2010.07.19 00:30:35 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\QuickScan
[2010.02.16 19:53:52 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Router Manager
[2009.11.26 21:04:51 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\runic games
[2010.05.14 18:00:43 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Sony
[2010.05.21 11:09:14 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010.03.04 00:29:09 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\SteelBytes
[2009.11.02 01:20:52 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\SystemRequirementsLab
[2010.03.02 02:47:30 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Thunderbird
[2009.12.16 23:39:54 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Tropico 3
[2009.10.31 22:24:50 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\TrueCrypt
[2010.02.28 20:21:39 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\TuneUp Software
[2010.07.02 00:28:36 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\Turbine
[2010.04.16 00:44:55 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\uTorrent
[2010.05.19 11:32:15 | 000,000,000 | --SD | M] -- C:\Users\i\AppData\Roaming\Virtual CD v10
[2010.03.14 18:21:49 | 000,000,000 | ---D | M] -- C:\Users\i\AppData\Roaming\zenses
[2010.07.19 00:52:41 | 000,000,858 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.07.19 16:30:26 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.19 01:11:34 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2010.07.19 16:30:31 | 2146,754,560 | -HS- | M] () -- C:\pagefile.sys
[2010.07.19 14:06:40 | 000,000,344 | ---- | M] () -- C:\rkill.log
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\drivers\*.sys /90 >
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.05 23:42:40 | 000,138,184 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 17:25:42

< End of report >

Antimalware Doc entfernen klappt nciht ganz

Plagegeister aller Art und deren Bekämpfung: Antimalware Doc entfernen klappt nciht ganz