Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 28.07.2010, 21:26   #1
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Frage

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Hi,

ich hab mir irgendwie ein paar kleine Freunde eingefangen die sich auf meinem PC breit machen.
Da ich natürlich nur ungern formatieren möchte und dies erst als letzte Lösung in betracht ziehe hoffe ich das ihr mir helfen könnt.

Mein AVG meldete ca alle 2min das ein "Trojaner FakeAV.CMB! in C:\Windows\Nsyrea.exe und noch einige andere gefunden wurde. Mit dem FakeAV fings aber an

Ich hab nun einige Logfiles für euch:

HijackThis:

Zitat:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:57:17, on 28.07.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Dom\AppData\Local\Temp\Nb3.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Saitek\SD6\Software\ProfilerU.exe
C:\Saitek\SD6\Software\SaiMfd.exe
E:\Anwendungen\Mozilla Firefox\firefox.exe
E:\Anwendungen\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dom\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ProfilerU] C:\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Saitek\SD6\Software\SaiMfd.exe
O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Windows\system32\sshnas21.dll,GetMainWnd
O4 - HKCU\..\Run: [5DR8ZAD8GX] C:\Users\Dom\AppData\Local\Temp\Nb3.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\ANWEND~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ANWEND~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Anwendungen\Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 5016 bytes

CCleaner:

Beim scannen kam dann er hier hoch:



Malwarebytes-Anti-Malware:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28.07.2010 21:13:20
mbam-log-2010-07-28 (21-13-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132156
Laufzeit: 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\5DR8ZAD8GX (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\TG0PTF86JH (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5dr8zad8gx (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Dom\AppData\Local\Temp\Nb3.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\Dom\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
RSIT - Randoms System Information Tool :

RSIT Logfile:
Code:
ATTFilter
Logfile of random's system information tool 1.08 (written by random/random)
Run by Dom at 2010-07-28 21:16:53
Microsoft Windows 7 Professional  
System drive C: has 9 GB (17%) free of 51 GB
Total RAM: 2047 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:17:00, on 28.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Saitek\SD6\Software\ProfilerU.exe
C:\Saitek\SD6\Software\SaiMfd.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dom\Desktop\RSIT.exe
C:\trend micro\Dom.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ProfilerU] C:\Saitek\SD6\Software\ProfilerU.exe
O4 - HKLM\..\Run: [SaiMfd] C:\Saitek\SD6\Software\SaiMfd.exe
O4 - HKLM\..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://E:\ANWEND~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\ANWEND~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - E:\Anwendungen\Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: nHancer Support (nHancer) - KSE - Korndörfer Software Engineering - C:\Program Files\nHancer\nHancerService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\Windows\system32\oodag.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%SystemRoot%\System32\TUProgSt.exe,-1 (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe

--
End of file - 4894 bytes

======Scheduled tasks folder======

C:\Windows\tasks\1-Klick-Wartung.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-21 1619296]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-07-15 2065760]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-01-19 8452640]
"Start WingMan Profiler"=C:\Program Files\Logitech\Gaming Software\LWEMon.exe [2009-09-16 153608]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"ProfilerU"=C:\Saitek\SD6\Software\ProfilerU.exe [2009-06-03 237568]
"SaiMfd"=C:\Saitek\SD6\Software\SaiMfd.exe [2009-06-03 131072]
" Malwarebytes Anti-Malware  (reboot)"=C:\Malwarebytes' Anti-Malware\mbam.exe [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-28 21:16:54 ----D---- C:\trend micro
2010-07-28 21:16:54 ----D---- C:\\trend micro
2010-07-28 21:16:53 ----D---- C:\rsit
2010-07-28 21:16:53 ----D---- C:\\rsit
2010-07-28 21:06:58 ----D---- C:\Users\Dom\AppData\Roaming\Malwarebytes
2010-07-28 21:06:52 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-28 21:06:51 ----D---- C:\ProgramData\Malwarebytes
2010-07-28 21:06:51 ----D---- C:\Malwarebytes' Anti-Malware
2010-07-28 21:06:51 ----D---- C:\\Malwarebytes' Anti-Malware
2010-07-28 21:06:51 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-28 20:58:02 ----D---- C:\CCleaner
2010-07-28 20:58:02 ----D---- C:\\CCleaner
2010-07-26 19:33:20 ----D---- C:\Users\Dom\AppData\Roaming\InstallShield
2010-07-25 20:04:06 ----D---- C:\Users\Dom\AppData\Roaming\Notepad++
2010-07-15 18:15:04 ----A---- C:\ZipCodec.txt
2010-07-15 18:15:04 ----A---- C:\\ZipCodec.txt
2010-07-15 17:35:19 ----A---- C:\Windows\system32\avgrsstx.dll
2010-07-14 19:09:51 ----D---- C:\Users\Dom\AppData\Roaming\SpotterConfig
2010-07-11 19:35:00 ----D---- C:\Users\Dom\AppData\Roaming\FlyingWSimulation
2010-07-11 19:33:46 ----D---- C:\ProgramData\MyTraffic
2010-07-11 19:32:52 ----D---- C:\Users\Dom\AppData\Roaming\MyTraffic
2010-07-11 17:33:29 ----D---- C:\MSXML 4.0
2010-07-11 17:33:29 ----D---- C:\\MSXML 4.0
2010-07-03 10:06:51 ----D---- C:\ProgramData\Ubisoft
2010-07-02 19:25:31 ----D---- C:\Ubisoft
2010-07-02 19:25:31 ----D---- C:\\Ubisoft

======List of files/folders modified in the last 1 months======

2010-07-28 21:15:18 ----D---- C:\Windows\system32\catroot2
2010-07-28 21:15:15 ----D---- C:\Windows\Temp
2010-07-28 21:15:11 ----D---- C:\ProgramData\avg9
2010-07-28 21:14:58 ----D---- C:\Windows
2010-07-28 21:14:58 ----D---- C:\\Windows
2010-07-28 21:14:39 ----D---- C:\Windows\system32\drivers\Avg
2010-07-28 21:14:38 ----D---- C:\Windows\system32\drivers
2010-07-28 21:14:38 ----D---- C:\Windows\ServiceProfiles
2010-07-28 21:06:51 ----HD---- C:\ProgramData
2010-07-28 21:06:51 ----HD---- C:\\ProgramData
2010-07-28 21:02:54 ----D---- C:\Windows\Minidump
2010-07-28 21:02:54 ----D---- C:\Windows\debug
2010-07-28 20:19:49 ----D---- C:\Windows\system32\config
2010-07-28 20:13:48 ----D---- C:\Windows\System32
2010-07-28 20:10:53 ----D---- C:\Windows\inf
2010-07-28 20:10:53 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-28 20:10:04 ----D---- C:\Windows\system32\Tasks
2010-07-28 20:10:03 ----D---- C:\Windows\Tasks
2010-07-27 21:03:42 ----RSD---- C:\Windows\Fonts
2010-07-27 20:38:06 ----SHD---- C:\System Volume Information
2010-07-27 20:38:06 ----SHD---- C:\\System Volume Information
2010-07-27 19:02:09 ----D---- C:\Program Files\Common Files\Steam
2010-07-26 19:33:37 ----HD---- C:\InstallShield Installation Information
2010-07-26 19:33:37 ----HD---- C:\\InstallShield Installation Information
2010-07-25 17:31:39 ----SHD---- C:\Windows\Installer
2010-07-25 17:31:30 ----RSD---- C:\Windows\assembly
2010-07-25 17:31:28 ----D---- C:\Windows\winsxs
2010-07-25 16:44:11 ----SD---- C:\ProgramData\Microsoft
2010-07-25 16:29:59 ----SD---- C:\Users\Dom\AppData\Roaming\Microsoft
2010-07-25 15:47:25 ----D---- C:\Windows\Prefetch
2010-07-11 17:34:40 ----SD---- C:\Windows\system32\Microsoft
2010-07-11 17:06:58 ----D---- C:\Program Files\Common Files\InstallShield
2010-07-04 17:24:59 ----D---- C:\Windows\system32\wdi
2010-07-02 21:39:05 ----A---- C:\Windows\system32\MRT.exe
2010-07-02 20:00:40 ----HD---- C:\\$AVG
2010-07-02 20:00:40 ----HD---- C:\$AVG

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2009-08-04 213024]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2009-02-03 59000]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\Windows\System32\drivers\sfsync04.sys [2009-02-03 59520]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-02-05 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-15 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-06-03 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-15 243024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2009-11-16 50704]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-01-19 2991328]
R3 npusbio;npusbio; C:\Windows\System32\Drivers\npusbio.sys [2008-04-25 36384]
R3 NVENETFD;NVIDIA nForce-Netzwerkcontrollertreiber; C:\Windows\system32\DRIVERS\nvm60x32.sys [2009-07-14 429056]
R3 SaiMini;SaiMini; C:\Windows\system32\DRIVERS\SaiMini.sys [2009-06-10 14080]
R3 SaiNtBus;SaiNtBus; C:\Windows\system32\drivers\SaiBus.sys [2009-06-10 36992]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\Windows\system32\drivers\WmBEnum.sys [2009-09-11 22792]
R3 WmVirHid;Logitech Virtual Hid Device Driver; C:\Windows\system32\drivers\WmVirHid.sys [2009-09-11 14984]
R3 WmXlCore;Logitech Translation Layer Driver; C:\Windows\system32\drivers\WmXlCore.sys [2009-09-11 66056]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 af0xz7ut;af0xz7ut; C:\Windows\system32\drivers\af0xz7ut.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 NVNET;NVIDIA nForce 10/100/1000 Mbps Ethernet ; C:\Windows\system32\DRIVERS\nvmf6232.sys [2009-07-30 287392]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 SaiH075C;SaiH075C; C:\Windows\system32\DRIVERS\SaiH075C.sys [2007-05-01 132232]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\Windows\system32\drivers\WmFilter.sys [2009-09-11 35592]
S3 WmHidLo;Logitech Gaming USB Filter Driver; C:\Windows\system32\drivers\WmHidLo.sys [2009-09-11 31752]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avg9emc;AVG Free E-mail Scanner; C:\Program Files\AVG\AVG9\avgemc.exe [2010-07-21 921952]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-15 308136]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; E:\Anwendungen\Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 nHancer;nHancer Support; C:\Program Files\nHancer\nHancerService.exe [2009-10-04 39936]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 O&O Defrag;O&O Defrag; C:\Windows\system32\oodag.exe [2007-05-11 1050120]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2010-01-25 75064]
R2 TuneUp.ProgramStatisticsSvc;@%SystemRoot%\System32\TUProgSt.exe,-1; C:\Windows\System32\TUProgSt.exe [2010-03-21 603904]
S2 gupdate;Google Update Service (gupdate); C:\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
S2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-02-17 72704]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-07-27 407336]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TuneUp.Defrag;@%SystemRoot%\System32\TuneUpDefragService.exe,-1; C:\Windows\System32\TuneUpDefragService.exe [2010-03-21 362240]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------
         
--- --- ---


[QUOTE]info.txtRSIT Logfile:
Code:
ATTFilter
logfile of random's system information tool 1.08 2010-07-28 21:17:02

======Uninstall list======

-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
Adobe Bridge 1.0-->MsiExec.exe /I{B74D4E10-1033-0000-0000-000000000001}
Adobe Common File Installer-->MsiExec.exe /I{8EDBA74D-0686-4C99-BFDD-F894678E5B39}
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin
Adobe Help Center 1.0-->MsiExec.exe /I{E9787678-1033-0000-8E67-000000000001}
Adobe Photoshop CS2-->msiexec /I {236BB7C4-4419-42FD-0409-1E257A25E34D}
Adobe Stock Photos 1.0-->MsiExec.exe /I{786C5747-1033-0000-B58E-000000000001}
Aerosoft's - MyTraffic 2010-->"C:\InstallShield Installation Information\{37F50C53-EDED-4FFE-9877-532A335C5C18}\setup.exe" -runfromtemp -l0x0007 -removeonly
Aerosoft's - VFR Germany 1-->C:\InstallShield Installation Information\{7E34E4DF-26FA-46D0-BC0F-77CE6CF4CBC5}\setup.exe -runfromtemp -l0x0007 -uninst -removeonly
Alien Swarm-->"E:\Anwendungen\steam\steam.exe" steam://uninstall/630
ARCA Remax (remove only)-->"D:\Renn-Simulationen\ARCA Remax\Uninstall.exe"
aTube Catcher 1.0-->"C:\DsNET Corp\aTube Catcher 1.0\unins000.exe"
aTube Catcher-->C:\DsNET Corp\aTube Catcher 2.0\uninstall.exe
Audiosurf-->MsiExec.exe /I{6D316D67-DA52-4659-9C98-F479963534D6}
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Battlefield 2(TM)-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "F:\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe" -l0x7  -removeonly
Battlefield 2: Special Forces-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "F:\InstallShield Installation Information\{50D4CB89-AF34-4978-96DC-C3034062E901}\setup.exe" -l0x7  -removeonly
Black Shark Patch 1.0.2-->"F:\Games\DCS-Blackshark\unins000.exe"
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini"
Canon Internet Library for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini"
Canon MOV Decoder-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\Canon MOV Decoder\CanonMOVDecoderUnInstall.ini"
Canon MOV Encoder-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\Canon MOV Encoder\CanonMOVEncoderUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Utilities CameraWindow DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\CameraWindow\CameraWindowDC\Uninst.ini"
Canon Utilities CameraWindow-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\CameraWindow\CameraWindowLauncher\Uninst.ini"
Canon Utilities MyCamera DC-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\CameraWindow\MyCameraDC\Uninst.ini"
Canon Utilities MyCamera-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\CameraWindow\MyCamera\Uninst.ini"
Canon Utilities PhotoStitch-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\PhotoStitch\Uninst.ini"
Canon Utilities RemoteCapture Task for ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities ZoomBrowser EX-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\ZoomBrowser EX\Program\Uninst.ini"
Canon ZoomBrowser EX Memory Card Utility-->"C:\Program Files\Common Files\Canon\UIW\1.5.0.0\Uninst.exe" "E:\Anwendungen\Canon\ZoomBrowser EX MCU\Uninst.ini"
CCleaner-->"C:\CCleaner\uninst.exe"
dBpoweramp m4a Codec-->"C:\Windows\system32\SpoonUninstall.exe" <uninstall>C:\Windows\system32\SpoonUninstall-dBpoweramp m4a Codec.dat
Eve of Destruction 2.0 Levels-->"F:\Games\EA GAMES\Battlefield 2\unins001.exe"
Eve of Destruction v2.0-->"F:\Games\EA GAMES\Battlefield 2\unins000.exe"
FM Screen Capture Codec (Remove Only)-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\Windows\INF\fmcodec.inf
Fraps (remove only)-->"E:\Anwendungen\Fraps\uninstall.exe"
FS Global 2010-->F:\Games\FSX\pilots_software\fsg10\uninstal.exe F:\Games\FSX\pilots_software\fsg10
Geiss for Winamp 2x (remove only)-->"E:\Anwendungen\Winamp\uninst-vis_geis.dll.exe"
G-Force-->C:\SoundSpectrum\G-Force\Uninstall.exe
Google Earth-->MsiExec.exe /X{F7B0939E-58DF-11DF-B3A6-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Ground Environment X Europe-->F:\Games\FSX\UninstalEurope.exe
GT Legends 1.0.0.0-->"D:\Renn-Simulationen\GTL_BM\Support\unins000.exe"
GTS ModManager v1.0 Beta 2-->F:\Games\German Truck Simulator\ModManager\Uninstall-GTSModManager.exe F:\Games\German Truck Simulator\ModManager\SSEun.dat
Hyper Lobby Pro Client version 3.9.111-->"C:\Windows\lsb_un20.exe" /C=UC /N=Hyper Lobby Pro Client version 3.9.111
Java DB 10.5.3.0-->MsiExec.exe /X{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}
Java(TM) SE Development Kit 6 Update 18-->MsiExec.exe /I{32A3A4F4-B792-11D6-A78A-00B0D0160180}
Logitech Gaming Software 5.08-->MsiExec.exe /X{33BC9D7E-E790-495E-A4EA-CFB160C17A91}
LogMeIn Hamachi-->C:\Windows\system32\\msiexec.exe /i {8A74DEFD-A224-49CC-AB80-4E88BC730125} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{8A74DEFD-A224-49CC-AB80-4E88BC730125}
Malwarebytes' Anti-Malware-->"C:\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft Flight Simulator X - Fotoszenerie-Anzeigeupdate-->MsiExec.exe /I{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}
Microsoft Flight Simulator X: Acceleration-->C:\Windows\system32\msiexec.exe /qb /l*vx "%TEMP%\FlightSimUninstall.log" /uninstall {7D606567-5047-451A-B49E-29FCB6012B4E}
Microsoft Flight Simulator X: Acceleration-->MsiExec.exe /I{7D606567-5047-451A-B49E-29FCB6012B4E}
Microsoft Flight Simulator X-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\11\INTEL3~1\IDriver.exe /M{F535B2CF-C9BB-4162-B03A-02D6971F32CC} 
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Mount&Blade Warband-->F:\Games\Mount&Blade Warband\uninstall.exe
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP2 Parser und SDK-->MsiExec.exe /I{716E0306-8318-4364-8B8F-0CC4E9376BAC}
Need for Speed™ SHIFT-->MsiExec.exe /X{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}
nHancer-->MsiExec.exe /X{FDA43C6E-C72A-40F4-9923-1208F6FF5604}
Notepad++-->E:\Anwendungen\Notepad++\uninstall.exe
NVIDIA Display Control Panel-->C:\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA Photoshop Plug-ins-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\InstallShield Installation Information\{23F79416-CAD1-41BF-99A3-040F6C814AAA}\Setup.exe" -l0x9 
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
Photomatix Pro version 3.2.7-->"E:\Anwendungen\HDR\unins000.exe"
PoE:2 v2.5.0.0-->F:\Games\EA GAMES\Battlefield 2\mods\poe2\uninstall.exe
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
PVSonyDll-->MsiExec.exe /I{3D3E663D-4E7E-4577-A560-7ECDDD45548A}
R4-->"E:\Anwendungen\Winamp\uninstall.exe"
RACE 07-->"E:\Anwendungen\steam\steam.exe" steam://uninstall/8600
RACE On-->"E:\Anwendungen\steam\steam.exe" steam://uninstall/8640
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
Richard Burns Rally-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\InstallShield Installation Information\{92C7D009-A464-4948-A980-7A3E28CB2F49}\setup.exe" -l0x7 
RSRBR_Pack_ALL_Packs-->"D:\Renn-Simulationen\RSRBR10\unins001.exe"
RSRBR2010-->"D:\Renn-Simulationen\RSRBR10\unins000.exe"
Saitek SD6 Programming Software 6.6.6.9-->MsiExec.exe /X{CF48A02C-E0F0-4A8A-BAB3-EDB68DD0BD49}
SimAdapter-->MsiExec.exe /I{C4AF6D7A-6803-453B-8594-5D74D45AB8C2}
Simraceway 3.7-->D:\Renn-Simulationen\rFactor_BM\SimRaceWay\uninst.exe
STCC - The Game-->"E:\Anwendungen\steam\steam.exe" steam://uninstall/8690
SUPER © Version 2010.bld.38 (May 2, 2010)-->E:\ANWEND~1\SUPER\Setup.exe /remove /q0
Tacview 0.95-->F:\Games\DCS-Blackshark\Tacview\Tacview 0.95\Tacview.exe /Uninstall
TeamSpeak 3 Client-->"E:\Anwendungen\Teamspeak3\uninstall.exe"
TrackIR5-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "F:\InstallShield Installation Information\{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}\setup.exe" 
TuneUp Utilities 2009-->MsiExec.exe /I{55A29068-F2CE-456C-9148-C869879E2357}
Ubisoft Game Launcher-->"C:\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409  -removeonly
Virtual DJ - Atomix Productions-->E:\ANWEND~1\VIRTUA~1\UNWISE.EXE E:\ANWEND~1\VIRTUA~1\INSTALL.LOG
VLN 2005 for rFactor v1.0-->"D:\Renn-Simulationen\rFactor_HX\ModData\NLC\VLN 2005\VLN 2005 Uninstall Information\unins000.exe"
WinPcap 4.1.1-->"C:\WinPcap\uninstall.exe"

======System event log======

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Dienst "Distributed Link Tracking Client" befindet sich jetzt im Status "stopped".
Record Number: 5
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informationen
User: 

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Dienst "Security Center" befindet sich jetzt im Status "stopped".
Record Number: 4
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informationen
User: 

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Dienst "Desktop Window Manager Session Manager" befindet sich jetzt im Status "stopped".
Record Number: 3
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informationen
User: 

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Dienst "Diagnostic Policy Service" befindet sich jetzt im Status "stopped".
Record Number: 2
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informationen
User: 

Computer Name: 37L4247D28-05
Event Code: 7036
Message: Dienst "Microsoft Software Shadow Copy Provider" befindet sich jetzt im Status "stopped".
Record Number: 1
Source Name: Service Control Manager
Time Written: 20090714045645.074339-000
Event Type: Informationen
User: 

=====Application event log=====

Computer Name: 37L4247D28-05
Event Code: 1001
Message: Fehlerbucket , Typ 0
Ereignisname: PnPRequestAdditionalSoftware
Antwort: Nicht verfügbar
CAB-Datei-ID: 0

Problemsignatur:
P1: x86
P2: USB\VID_0925&PID_8888&REV_0300
P3: 6.1.0.0
P4: 0407
P5: input.inf
P6: *
P7: 
P8: 
P9: 
P10: 

Angefügte Dateien:

Diese Dateien befinden sich möglicherweise hier:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x86_2c202c2150e259fc16a673d337afa7267d211e_cab_038ed181

Analysesymbol: 
Es wird erneut nach einer Lösung gesucht: 0
Berichts-ID: b3db7180-083b-11df-ac1f-00044b027e2a
Berichtstatus: 4
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20100123162356.000000-000
Event Type: Informationen
User: 

Computer Name: 37L4247D28-05
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20100123162208.000000-000
Event Type: Informationen
User: 

Computer Name: 37L4247D28-05
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20100123162205.000000-000
Event Type: Informationen
User: 

Computer Name: 37L4247D28-05
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.  


Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20100123162201.126000-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: 37L4247D28-05
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20100123162201.000000-000
Event Type: Informationen
User: 

=====Security event log=====

Computer Name: 37L4247D28-05
Event Code: 4735
Message: Eine sicherheitsaktivierte lokale Gruppe wurde geändert.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		37L4247D28-05$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Gruppe:
	Sicherheits-ID:		S-1-5-32-551
	Gruppenname:		Sicherungs-Operatoren
	Gruppendomäne:		Builtin

Geänderte Attribute:
	SAM-Kontoname:	-
	SID-Verlauf:		-

Weitere Informationen:
	Berechtigungen:		-
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123162134.574800-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 37L4247D28-05
Event Code: 4731
Message: Eine sicherheitsaktivierte lokale Gruppe wurde erstellt.

Antragsteller:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		37L4247D28-05$
	Kontodomäne:		WORKGROUP
	Anmelde-ID:		0x3e7

Neue Gruppe:
	Sicherheits-ID:		S-1-5-32-551
	Gruppenname:		Sicherungs-Operatoren
	Gruppendomäne:		Builtin

Attribute:
	SAM-Kontoname:	Sicherungs-Operatoren
	SID-Verlauf:		-

Weitere Informationen:
	Berechtigungen:		-
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123162134.574800-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 37L4247D28-05
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

	Anzahl von Elementen:	0
	Richtlinienkennung:	0x2354d
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123162134.153600-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 37L4247D28-05
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
	Sicherheits-ID:		S-1-0-0
	Kontoname:		-
	Kontodomäne:		-
	Anmelde-ID:		0x0

Anmeldetyp:			0

Neue Anmeldung:
	Sicherheits-ID:		S-1-5-18
	Kontoname:		SYSTEM
	Kontodomäne:		NT-AUTORITÄT
	Anmelde-ID:		0x3e7
	Anmelde-GUID:		{00000000-0000-0000-0000-000000000000}

Prozessinformationen:
	Prozess-ID:		0x4
	Prozessname:		

Netzwerkinformationen:
	Arbeitsstationsname:	-
	Quellnetzwerkadresse:	-
	Quellport:		-

Detaillierte Authentifizierungsinformationen:
	Anmeldeprozess:		-
	Authentifizierungspaket:	-
	Übertragene Dienste:	-
	Paketname (nur NTLM):	-
	Schlüssellänge:		0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
	 - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
	- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
	- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
	- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123162131.813600-000
Event Type: Überwachung erfolgreich
User: 

Computer Name: 37L4247D28-05
Event Code: 4608
Message: Windows wird gestartet.

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100123162131.720000-000
Event Type: Überwachung erfolgreich
User: 

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\Common Files\Adobe\AGL
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 2, GenuineIntel
"PROCESSOR_REVISION"=0f02

-----------------EOF-----------------
         
--- --- ---

Alt 29.07.2010, 12:12   #2
Larusso
/// Selecta Jahrusso
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe





Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.
  • Speichere die Datei am Desktop.
  • Doppelklick auf die load.exe
  • Belasse die Häckchen wie sie sind.
  • Schließe nun alle offenen Programme.
  • Klicke auf Download
  • Bitte während dem Download nicht in das Fenster klicken.
  • Folge den Anweisungen auf dem Bildschirm.
  • Wenn das Fenster Status aufpoppt klicke Start.

Nach dem Neustart findest Du einen Ordner MFTools auf dem Desktop. Darin befindet sich eine Anleitung.pdf.
Diese bitte öffnen und die darin beschriebenen Schritte abarbeiten.
__________________

__________________

Alt 29.07.2010, 17:37   #3
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Hi,

erst einmal Danke für deine schnelle Antwort.
Leider habe ich ein Problem beim ausführen der gmer.exe wie beschrieben, via rechtsklick --> als Administrator ausführen, durchgeführt kommt diese Fehlermeldung:



?

Gruß
Dom
__________________

Alt 29.07.2010, 17:44   #4
Larusso
/// Selecta Jahrusso
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Steht alles in der PDF. Einfach fortfahren
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 29.07.2010, 22:16   #5
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Icon17

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



ups okay dann hast du schonmal die "Beschreibung" wieso das nicht geklappt hat und jetzt kommen die Logs:


OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.07.2010 18:24:45 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Dom\Desktop\MFTools
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\
Drive C: | 50,00 Gb Total Space | 8,21 Gb Free Space | 16,42% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 46,74 Gb Free Space | 46,74% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 13,02 Gb Free Space | 26,03% Space Free | Partition Type: NTFS
Drive F: | 98,08 Gb Total Space | 1,97 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3,73 Gb Total Space | 0,63 Gb Free Space | 16,96% Space Free | Partition Type: FAT32
 
Computer Name: ELENOR
Current User Name: Dom
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.07.29 16:54:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Desktop\MFTools\OTL.exe
PRC - [2010.07.21 15:42:02 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe
PRC - [2010.07.15 17:35:20 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe
PRC - [2010.07.15 17:35:19 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.07.15 17:35:19 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.07.15 17:35:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2010.07.15 17:34:54 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2010.07.15 17:34:53 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) -- E:\Anwendungen\Hamachi\hamachi-2.exe
PRC - [2010.03.21 19:34:45 | 000,603,904 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TUProgSt.exe
PRC - [2010.01.19 20:10:54 | 008,452,640 | ---- | M] (Realtek Semiconductor) -- C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.10.04 18:53:48 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) -- C:\Programme\nHancer\nHancerService.exe
PRC - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.06.03 10:49:18 | 000,131,072 | ---- | M] (Saitek) -- C:\Saitek\SD6\Software\SaiMfd.exe
PRC - [2009.06.03 10:49:00 | 000,237,568 | ---- | M] (Saitek) -- C:\Saitek\SD6\Software\ProfilerU.exe
PRC - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.07.29 16:54:27 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Desktop\MFTools\OTL.exe
MOD - [2010.07.15 17:35:19 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2009.12.19 11:02:38 | 000,163,328 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\ieproxy.dll
MOD - [2009.07.14 03:17:54 | 000,242,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.07.14 03:16:18 | 001,011,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.07.14 03:16:16 | 000,348,160 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll
MOD - [2009.07.14 03:16:16 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2009.07.14 03:16:15 | 000,363,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
MOD - [2009.07.14 03:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 03:16:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\srvcli.dll
MOD - [2009.07.14 03:16:15 | 000,027,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\slc.dll
MOD - [2009.07.14 03:16:13 | 000,643,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SearchFolder.dll
MOD - [2009.07.14 03:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 03:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 03:16:13 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RpcRtRemote.dll
MOD - [2009.07.14 03:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 03:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 03:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 03:15:21 | 000,093,696 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll
MOD - [2009.07.14 03:15:14 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.07.14 03:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 03:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 03:15:07 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptsp.dll
MOD - [2009.07.14 03:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 03:15:07 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.07.14 03:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll
MOD - [2009.07.14 03:14:52 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.07.14 03:03:50 | 001,624,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\GdiPlus.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2010.07.27 19:01:49 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.07.21 15:42:02 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.07.15 17:35:19 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010.03.30 11:16:12 | 001,107,336 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- E:\Anwendungen\Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010.03.21 19:34:45 | 000,603,904 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\System32\TUProgSt.exe -- (TuneUp.ProgramStatisticsSvc)
SRV - [2010.03.21 19:34:42 | 000,362,240 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.10.04 18:53:48 | 000,039,936 | ---- | M] (KSE - Korndörfer Software Engineering) [Auto | Running] -- C:\Program Files\nHancer\nHancerService.exe -- (nHancer)
SRV - [2009.07.14 03:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 03:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 03:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 03:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 03:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 03:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 03:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 03:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 03:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 03:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 03:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 03:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 03:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2009.07.14 03:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008.11.12 17:44:18 | 000,027,904 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007.05.11 02:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag)
SRV - [2006.10.26 20:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.07.15 17:35:20 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.15 17:34:54 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.06.03 13:09:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010.04.03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.02.05 20:02:55 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010.02.03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2010.01.19 19:37:54 | 002,991,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.12.11 09:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.11.16 18:33:38 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2009.09.11 13:48:04 | 000,066,056 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2009.09.11 13:47:54 | 000,014,984 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2009.09.11 13:47:42 | 000,031,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmHidLo.sys -- (WmHidLo)
DRV - [2009.09.11 13:47:32 | 000,035,592 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2009.09.11 13:47:22 | 000,022,792 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2009.08.04 18:43:40 | 000,213,024 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32)
DRV - [2009.07.30 18:12:54 | 000,287,392 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvmf6232.sys -- (NVNET)
DRV - [2009.07.14 03:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 03:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 03:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 03:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 03:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 03:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 03:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 03:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 03:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 03:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 03:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 03:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 03:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 03:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 03:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 03:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 03:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 03:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 03:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 03:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 03:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 03:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 03:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 03:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 03:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 03:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 03:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 03:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 03:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 03:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 03:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 03:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 03:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 02:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 02:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 02:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 01:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 01:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 01:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 01:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 01:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 01:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 01:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 01:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 01:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 01:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 01:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 01:19:21 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009.07.14 01:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 01:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.14 00:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 00:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.14 00:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.14 00:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.14 00:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.14 00:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.14 00:02:52 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2009.07.14 00:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.14 00:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.14 00:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.06.10 12:23:04 | 000,036,992 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2009.06.10 12:23:04 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2009.02.03 17:45:07 | 000,059,520 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfsync04.sys -- (sfsync04) StarForce Protection Synchronization Driver (version 4.x)
DRV - [2009.02.03 17:36:58 | 000,059,000 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2008.04.25 15:54:58 | 000,036,384 | ---- | M] (Thesycon GmbH, Germany) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\npusbio.sys -- (npusbio)
DRV - [2007.05.01 17:11:28 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SaiH075C.sys -- (SaiH075C)
DRV - [2006.06.14 16:56:56 | 000,013,680 | ---- | M] (Protection Technology (StarForce)) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.brakesman.eu"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
 
 
[2010.01.23 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Extensions
[2010.07.28 21:00:11 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions
[2010.02.13 18:34:23 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.07.28 21:00:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.07.14 19:04:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.02.13 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.01.25 19:17:41 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.06.12 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\smarterwiki@wikiatic.com
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiMfd] C:\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Anwendungen\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Anwendungen\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.07.29 16:57:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.29 16:57:16 | 000,000,000 | ---D | C] -- C:\ERUNT
[2010.07.29 16:51:58 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\MFTools
[2010.07.28 21:16:54 | 000,000,000 | ---D | C] -- C:\trend micro
[2010.07.28 21:16:53 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.28 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Malwarebytes
[2010.07.28 21:06:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.28 21:06:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.28 21:06:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010.07.28 21:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.28 20:58:02 | 000,000,000 | ---D | C] -- C:\CCleaner
[2010.07.26 19:33:20 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\InstallShield
[2010.07.25 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Notepad++
[2010.07.25 16:48:01 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Flight Simulator X-Dateien
[2010.07.15 17:35:19 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.07.14 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\SpotterConfig
[2010.07.14 19:09:51 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\SpotterConfig
[2010.07.12 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Real_Environment_Xtreme
[2010.07.11 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\FlyingWSimulation
[2010.07.11 19:35:00 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\FlyingWSimulation
[2010.07.11 19:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTraffic
[2010.07.11 19:32:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\MyTraffic
[2010.07.11 18:00:24 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Microsoft Game Studios
[2010.07.11 17:33:29 | 000,000,000 | ---D | C] -- C:\MSXML 4.0
[2010.07.04 18:48:28 | 000,000,000 | R--D | C] -- C:\Users\Dom\Desktop\Brakesman
[2010.07.03 10:08:41 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\storage
[2010.07.03 10:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.07.02 19:25:31 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2010.06.25 19:11:48 | 000,000,000 | ---D | C] -- C:\Reference Assemblies
[2010.06.25 17:06:41 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\FIFA 10
[2010.06.25 16:44:30 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Leadertech
[2010.06.18 17:30:51 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Simraceway
[2010.06.18 16:40:42 | 000,000,000 | ---D | C] -- C:\WinPcap
[2010.06.17 17:01:58 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ElevatedDiagnostics
[2010.06.10 17:59:51 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.06.10 17:59:51 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010.06.10 17:59:51 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010.06.10 17:59:50 | 000,000,000 | ---D | C] -- C:\AviSynth 2.5
[2010.06.10 17:59:25 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.06.10 17:59:25 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2010.06.10 17:59:25 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2010.06.10 17:59:25 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2010.06.10 17:59:25 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2010.06.10 17:59:25 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2010.06.10 17:59:25 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2010.06.10 17:59:25 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2010.06.10 17:59:25 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2010.06.10 17:59:25 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2010.06.10 17:59:25 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2010.06.10 17:59:25 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2010.06.10 17:59:24 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2010.06.10 17:41:56 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\AccurateRip
[2010.06.10 17:41:51 | 000,000,000 | ---D | C] -- C:\Users\Dom\dBpoweramp
[2010.06.08 22:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010.06.03 19:07:20 | 000,000,000 | ---D | C] -- C:\SoundSpectrum
[2010.06.02 11:51:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag
[2010.06.02 11:14:57 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\O&O
[2010.06.01 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\LogMeIn Hamachi
[2010.05.31 10:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010.05.31 10:27:26 | 000,000,000 | ---D | C] -- C:\Adobe
[2010.05.30 02:23:25 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\BlackBean
[2010.05.26 19:53:10 | 000,000,000 | ---D | C] -- C:\NVIDIA Corporation
[2010.05.25 21:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010.05.21 23:03:11 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Test Drive Unlimited
[2010.05.21 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Test Drive Unlimited
[2010.05.16 16:07:45 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\HDRsoft
[2010.05.15 18:01:51 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Logitech
[2010.05.14 13:26:30 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\NLC Modding Group
[2010.05.13 14:16:11 | 000,000,000 | ---D | C] -- C:\Windows Mail
[2010.05.09 22:28:42 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Ashampoo
[2010.05.09 21:20:03 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Mount&Blade Warband
[2010.05.08 21:28:47 | 000,000,000 | ---D | C] -- C:\Windows Media Player
[2010.05.02 18:24:10 | 000,000,000 | ---D | C] -- C:\Users\Dom\Desktop\Games
[2010.05.02 13:37:22 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Google
[2010.05.02 13:37:22 | 000,000,000 | ---D | C] -- C:\Google
[2010.05.01 16:29:45 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\ZoomBrowser EX
[2010.05.01 16:22:05 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\CameraWindowDC
[2010.05.01 16:22:04 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\CANON INC
[2010.05.01 15:53:37 | 000,000,000 | ---D | C] -- C:\Canon
[2010.05.01 15:53:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ZoomBrowser
[2010.05.01 15:51:01 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Canon
[2010.05.01 12:38:17 | 000,000,000 | ---D | C] -- C:\Saitek
[2010.05.01 12:31:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Saitek
[2010.05.01 12:21:46 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
 
========== Files - Modified Within 90 Days ==========
 
[2010.07.29 18:24:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.29 18:14:55 | 002,359,296 | ---- | M] () -- C:\Users\Dom\NTUSER.DAT
[2010.07.29 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.07.29 17:47:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.29 17:33:38 | 000,042,819 | ---- | M] () -- C:\Users\Dom\Desktop\Untitled-1.png
[2010.07.29 17:31:59 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.29 17:31:59 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.29 17:28:58 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.29 17:28:58 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.29 17:28:58 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.29 17:28:58 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.29 17:28:58 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.29 17:24:47 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.29 17:24:44 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.29 17:24:37 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.29 17:24:37 | 000,121,315 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.07.29 17:23:33 | 001,391,768 | -H-- | M] () -- C:\Users\Dom\AppData\Local\IconCache.db
[2010.07.29 16:54:24 | 000,284,915 | ---- | M] () -- C:\Users\Dom\Desktop\Gmer.zip
[2010.07.29 16:51:17 | 000,410,626 | ---- | M] () -- C:\Users\Dom\Desktop\Load.exe
[2010.07.29 16:47:21 | 062,714,598 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.07.28 20:47:35 | 000,091,416 | ---- | M] () -- C:\Users\Dom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.28 20:06:26 | 000,353,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.27 20:03:41 | 000,000,409 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2010.07.27 19:38:56 | 000,000,261 | ---- | M] () -- C:\VirtualDJ Local Database v5.xml
[2010.07.15 17:35:20 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.07.15 17:35:19 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.07.15 17:34:54 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.06.22 20:07:49 | 000,001,164 | ---- | M] () -- C:\Users\Dom\Desktop\rF_VLM.lnk
[2010.06.21 17:44:20 | 000,018,165 | ---- | M] () -- C:\Users\Dom\Documents\Ausgaben 325.xlsx
[2010.06.18 16:14:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.18 16:14:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.06.10 17:50:45 | 000,003,651 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010.06.10 17:50:12 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010.06.10 17:49:53 | 001,085,616 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.06.03 13:09:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.06.02 23:05:26 | 000,001,102 | ---- | M] () -- C:\Users\Dom\Desktop\rF_BM.lnk
[2010.06.02 11:10:34 | 000,000,000 | ---- | M] () -- C:\Windows\oodcnt.INI
[2010.05.15 17:52:17 | 000,000,114 | ---- | M] () -- C:\Users\Dom\SciTE.session
[2010.05.01 16:54:47 | 000,004,608 | ---- | M] () -- C:\Users\Dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== Files Created - No Company Name ==========
 
[2010.07.29 17:33:37 | 000,042,819 | ---- | C] () -- C:\Users\Dom\Desktop\Untitled-1.png
[2010.07.29 16:52:02 | 000,284,915 | ---- | C] () -- C:\Users\Dom\Desktop\Gmer.zip
[2010.07.29 16:51:12 | 000,410,626 | ---- | C] () -- C:\Users\Dom\Desktop\Load.exe
[2010.07.27 20:01:28 | 000,000,409 | ---- | C] () -- C:\VirtualDJ Local Database v6.xml
[2010.07.27 19:38:56 | 000,000,261 | ---- | C] () -- C:\VirtualDJ Local Database v5.xml
[2010.07.15 18:15:04 | 000,000,000 | ---- | C] () -- C:\ZipCodec.txt
[2010.06.18 16:14:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.06.18 16:14:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.06.12 08:28:44 | 000,001,164 | ---- | C] () -- C:\Users\Dom\Desktop\rF_VLM.lnk
[2010.06.10 17:59:51 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.06.10 17:59:25 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2010.06.10 17:59:25 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2010.06.10 17:59:25 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2010.06.10 17:59:25 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2010.06.10 17:59:25 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2010.06.10 17:59:24 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2010.06.10 17:59:24 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2010.06.10 17:59:24 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2010.06.10 17:42:39 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010.06.10 17:42:39 | 000,003,651 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010.06.10 17:41:55 | 001,085,616 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.06.02 23:05:26 | 000,001,102 | ---- | C] () -- C:\Users\Dom\Desktop\rF_BM.lnk
[2010.06.02 17:24:48 | 000,121,315 | ---- | C] () -- C:\Windows\System32\oodbs.lor
[2010.06.02 11:10:34 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2010.05.15 17:52:17 | 000,000,114 | ---- | C] () -- C:\Users\Dom\SciTE.session
[2010.05.02 13:37:32 | 000,001,062 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.02 13:37:31 | 000,001,058 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.01 16:54:45 | 000,004,608 | ---- | C] () -- C:\Users\Dom\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.05 20:02:55 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.25 19:34:17 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2007.05.01 17:11:28 | 000,847,872 | ---- | C] () -- C:\Windows\System32\SaiC075C.Dll
[2007.05.01 17:11:28 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC075C_0C.dll
[2007.05.01 17:11:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC075C_10.dll
[2007.05.01 17:11:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC075C_0A.dll
[2007.05.01 17:11:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC075C_07.dll
[2007.05.01 17:11:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC075C_09.dll
[2007.05.01 17:11:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC075C_0402.dll
[2007.05.01 17:11:28 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC075C_11.dll
 
========== LOP Check ==========
 
[2010.05.09 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Ashampoo
[2010.05.30 02:23:25 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\BlackBean
[2010.03.01 21:59:42 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Cuttermaran
[2010.02.05 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DAEMON Tools
[2010.02.05 20:32:04 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DAEMON Tools Lite
[2010.07.11 19:35:00 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlyingWSimulation
[2010.05.16 16:07:45 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\HDRsoft
[2010.01.23 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ICQ
[2010.06.25 16:44:30 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Leadertech
[2010.05.13 19:18:43 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Mount&Blade Warband
[2010.07.11 19:32:52 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\MyTraffic
[2010.01.24 15:23:51 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\nHancer
[2010.05.14 13:26:30 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\NLC Modding Group
[2010.07.25 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Notepad++
[2010.06.18 17:41:40 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Simraceway
[2010.07.14 19:09:51 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SpotterConfig
[2010.03.13 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\streamripper
[2010.04.13 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TS3Client
[2010.01.25 19:40:44 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TuneUp Software
[2010.07.29 18:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.07.18 20:03:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
[2010.01.23 18:19:59 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.07.29 17:24:37 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.18 16:14:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.06.18 16:14:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.07.29 17:24:38 | 2145,968,128 | -HS- | M] () -- C:\pagefile.sys
[2010.07.27 19:38:56 | 000,000,261 | ---- | M] () -- C:\VirtualDJ Local Database v5.xml
[2010.07.27 20:03:41 | 000,000,409 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2010.07.15 18:15:38 | 000,000,000 | ---- | M] () -- C:\ZipCodec.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2009.07.14 06:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009.07.14 06:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009.07.14 06:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.07.14 06:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2009.06.10 23:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009.07.14 03:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2009.06.10 23:42:20 | 000,000,024 | ---- | M] () -- C:\\autoexec.bat
[2009.07.14 03:38:58 | 000,383,562 | RHS- | M] () -- C:\\bootmgr
[2010.01.23 18:19:59 | 000,008,192 | RHS- | M] () -- C:\\BOOTSECT.BAK
[2009.06.10 23:42:20 | 000,000,010 | ---- | M] () -- C:\\config.sys
[2010.07.29 17:24:37 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.18 16:14:05 | 000,000,000 | RHS- | M] () -- C:\\IO.SYS
[2010.06.18 16:14:05 | 000,000,000 | RHS- | M] () -- C:\\MSDOS.SYS
[2010.07.29 17:24:38 | 2145,968,128 | -HS- | M] () -- C:\pagefile.sys
[2010.07.27 19:38:56 | 000,000,261 | ---- | M] () -- C:\\VirtualDJ Local Database v5.xml
[2010.07.27 20:03:41 | 000,000,409 | ---- | M] () -- C:\\VirtualDJ Local Database v6.xml
[2010.07.15 18:15:38 | 000,000,000 | ---- | M] () -- C:\\ZipCodec.txt
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\user32.dll /md5 >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2009.07.14 03:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2009.07.14 03:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\System32\ws2help.dll
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-14 17:05:30
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
         
--- --- ---


Alt 29.07.2010, 22:17   #6
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Icon17

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.07.2010 18:24:45 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Dom\Desktop\MFTools
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 80,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 78,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\
Drive C: | 50,00 Gb Total Space | 8,21 Gb Free Space | 16,42% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 46,74 Gb Free Space | 46,74% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 13,02 Gb Free Space | 26,03% Space Free | Partition Type: NTFS
Drive F: | 98,08 Gb Total Space | 1,97 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3,73 Gb Total Space | 0,63 Gb Free Space | 16,96% Space Free | Partition Type: FAT32
 
Computer Name: ELENOR
Current User Name: Dom
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\Anwendungen\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "E:\Anwendungen\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "E:\Anwendungen\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00BA866C-F2A2-4BB9-A308-3DFA695B6F7C}" = Java DB 10.5.3.0
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{1064CABD-7390-4336-94E4-8A53DFBCB636}_is1" = GT Legends 1.0.0.0
"{1AC91509-E17B-46F7-A032-B54DCCA6E8BB}" = Microsoft Flight Simulator X - Fotoszenerie-Anzeigeupdate
"{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"{23F79416-CAD1-41BF-99A3-040F6C814AAA}" = NVIDIA Photoshop Plug-ins
"{32A3A4F4-B792-11D6-A78A-00B0D0160180}" = Java(TM) SE Development Kit 6 Update 18
"{33BC9D7E-E790-495E-A4EA-CFB160C17A91}" = Logitech Gaming Software 5.08
"{37F50C53-EDED-4FFE-9877-532A335C5C18}" = Aerosoft's - MyTraffic 2010
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{53480330-E1D1-41CA-B8F8-7F78644F7F50}" = O&O Defrag Professional Edition
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74880E96-FC4D-22A2-AD7D-RRR01E7ED3GA}_is1" = VLN 2005 for rFactor v1.0
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"{7E34E4DF-26FA-46D0-BC0F-77CE6CF4CBC5}" = Aerosoft's - VFR Germany 1
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A74DEFD-A224-49CC-AB80-4E88BC730125}" = LogMeIn Hamachi
"{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{92C7D009-A464-4948-A980-7A3E28CB2F49}" = Richard Burns Rally
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B6B89607-9127-439A-AD8F-DFF4EFBEA8F1}" = Tacview 0.95
"{B74D4E10-1033-0000-0000-000000000001}" = Adobe Bridge 1.0
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C4AF6D7A-6803-453B-8594-5D74D45AB8C2}" = SimAdapter
"{C69405BB-27AF-4940-B3DA-04910B4DFD23}_is1" = aTube Catcher 1.0
"{CF48A02C-E0F0-4A8A-BAB3-EDB68DD0BD49}" = Saitek SD6 Programming Software 6.6.6.9
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3CA05B7-B4C0-4C9B-AAA6-16B868B35DF2}" = TrackIR5
"{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FDA43C6E-C72A-40F4-9923-1208F6FF5604}" = nHancer
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
"ARCA Remax" = ARCA Remax (remove only)
"aTube Catcher" = aTube Catcher
"AVG9Uninstall" = AVG Free 9.0
"Black Shark Patch 1.0.2_is1" = Black Shark Patch 1.0.2
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"CCleaner" = CCleaner
"dBpoweramp m4a Codec" = dBpoweramp m4a Codec
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Eve of Destruction Levels_is1" = Eve of Destruction 2.0 Levels
"Eve of Destruction_is1" = Eve of Destruction v2.0
"FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Microsoft Flight Simulator X: Acceleration
"FMCODEC" = FM Screen Capture Codec (Remove Only)
"Fraps" = Fraps (remove only)
"FS Global 2010" = FS Global 2010
"G-Force" = G-Force
"Ground Environment X Europe" = Ground Environment X Europe
"GTS ModManager v1.0 Beta 2" = GTS ModManager v1.0 Beta 2
"Hyper Lobby Pro Client version 3.9.111" = Hyper Lobby Pro Client version 3.9.111
"InstallShield_{F535B2CF-C9BB-4162-B03A-02D6971F32CC}" = Microsoft Flight Simulator X
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mount&Blade Warband" = Mount&Blade Warband
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"Notepad++" = Notepad++
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Pack_ALL_Packs_is1" = RSRBR_Pack_ALL_Packs
"PhotomatixPro3x32_is1" = Photomatix Pro version 3.2.7
"PhotoStitch" = Canon Utilities PhotoStitch
"PoE:2" = PoE:2 v2.5.0.0
"PunkBusterSvc" = PunkBuster Services
"R4" = R4
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RSRBR_v2010_is1" = RSRBR2010
"RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X
"Simraceway" = Simraceway 3.7
"SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}" = Flight Simulator X Service Pack 1
"Steam App 630" = Alien Swarm
"Steam App 8600" = RACE 07
"Steam App 8640" = RACE On
"Steam App 8690" = STCC - The Game
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"vis_geis.dllWinamp" = Geiss for Winamp 2x (remove only)
"WinPcapInst" = WinPcap 4.1.1
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2010 IZOD IndyCar Series 1.0" = 2010 IZOD IndyCar Series 1.0
"Endurance Series by EnduRacers v1.0" = Endurance Series by EnduRacers v1.0
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2010 10:51:57 | Computer Name = Elenor | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 25.07.2010 10:54:30 | Computer Name = Elenor | Source = VSS | ID = 8194
Description = 
 
Error - 25.07.2010 11:12:28 | Computer Name = Elenor | Source = MsiInstaller | ID = 11311
Description = 
 
Error - 25.07.2010 11:31:01 | Computer Name = Elenor | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.07.2010 12:47:26 | Computer Name = Elenor | Source = Google Update | ID = 20
Description = 
 
Error - 28.07.2010 14:13:51 | Computer Name = Elenor | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: rundll32.exe_sshnas21.dll, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc637  Name des fehlerhaften Moduls: sshnas21.dll,
 Version: 0.0.0.0, Zeitstempel: 0x4c0e783f  Ausnahmecode: 0xc0000005  Fehleroffset: 
0x0003ca70  ID des fehlerhaften Prozesses: 0x8e8  Startzeit der fehlerhaften Anwendung:
 0x01cb2e7f8e912400  Pfad der fehlerhaften Anwendung: C:\Windows\System32\rundll32.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\sshnas21.dll  Berichtskennung: df685730-9a73-11df-8d03-00044b027e2b
 
Error - 29.07.2010 11:30:01 | Computer Name = Elenor | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 1.0.15.15281, 
Zeitstempel: 0x4b2763f0  Name des fehlerhaften Moduls: gmer.exe, Version: 1.0.15.15281,
 Zeitstempel: 0x4b2763f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005c887  ID des fehlerhaften
 Prozesses: 0x1798  Startzeit der fehlerhaften Anwendung: 0x01cb2f32e38f2ac0  Pfad der
 fehlerhaften Anwendung: C:\Users\Dom\Desktop\gmer.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Dom\Desktop\gmer.exe  Berichtskennung: 26c1a660-9b26-11df-b214-00044b027e2b
 
Error - 29.07.2010 11:30:17 | Computer Name = Elenor | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 1.0.15.15281, 
Zeitstempel: 0x4b2763f0  Name des fehlerhaften Moduls: gmer.exe, Version: 1.0.15.15281,
 Zeitstempel: 0x4b2763f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005c887  ID des fehlerhaften
 Prozesses: 0x10c4  Startzeit der fehlerhaften Anwendung: 0x01cb2f32f182b340  Pfad der
 fehlerhaften Anwendung: C:\Users\Dom\Desktop\gmer.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Dom\Desktop\gmer.exe  Berichtskennung: 30351560-9b26-11df-b214-00044b027e2b
 
Error - 29.07.2010 11:30:34 | Computer Name = Elenor | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 1.0.15.15281, 
Zeitstempel: 0x4b2763f0  Name des fehlerhaften Moduls: gmer.exe, Version: 1.0.15.15281,
 Zeitstempel: 0x4b2763f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0005c887  ID des fehlerhaften
 Prozesses: 0x12a8  Startzeit der fehlerhaften Anwendung: 0x01cb2f32fba45400  Pfad der
 fehlerhaften Anwendung: C:\Users\Dom\Desktop\gmer.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Dom\Desktop\gmer.exe  Berichtskennung: 3a3ee860-9b26-11df-b214-00044b027e2b
 
Error - 29.07.2010 11:30:48 | Computer Name = Elenor | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: gmer.exe, Version: 1.0.15.15281, 
Zeitstempel: 0x4b2763f0  Name des fehlerhaften Moduls: gmer.exe, Version: 1.0.15.15281,
 Zeitstempel: 0x4b2763f0  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00073c48  ID des fehlerhaften
 Prozesses: 0xf78  Startzeit der fehlerhaften Anwendung: 0x01cb2f3304bd4ec0  Pfad der
 fehlerhaften Anwendung: C:\Users\Dom\Desktop\gmer.exe  Pfad des fehlerhaften Moduls:
 C:\Users\Dom\Desktop\gmer.exe  Berichtskennung: 4294b260-9b26-11df-b214-00044b027e2b
 
[ System Events ]
Error - 27.07.2010 14:38:06 | Computer Name = Elenor | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 28.07.2010 14:06:05 | Computer Name = Elenor | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%31
 
Error - 28.07.2010 14:06:05 | Computer Name = Elenor | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 28.07.2010 15:14:56 | Computer Name = Elenor | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%31
 
Error - 28.07.2010 15:14:59 | Computer Name = Elenor | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 29.07.2010 10:41:05 | Computer Name = Elenor | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%31
 
Error - 29.07.2010 10:41:08 | Computer Name = Elenor | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 29.07.2010 11:24:40 | Computer Name = Elenor | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UAC-Dateivirtualisierung" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%31
 
Error - 29.07.2010 11:24:42 | Computer Name = Elenor | Source = Service Control Manager | ID = 7023
Description = Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet:
   %%127
 
Error - 29.07.2010 12:20:25 | Computer Name = Elenor | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
[ TuneUp Events ]
Error - 07.07.2010 11:40:05 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-07 
17:40:05', '\device\harddiskvolume3\anwendungen\mozilla firefox\firefox.exe','2728',0)
 
Error - 07.07.2010 11:40:05 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-07 
17:40:05', '\device\harddiskvolume3\anwendungen\mozilla firefox\plugin-container.exe','2980',0)
 
Error - 07.07.2010 11:43:45 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
 Started, '2010-07-07 17:43:45', 0, Resumed FROM ActiveApps WHERE ProcID=='2728';DELETE
 FROM ActiveApps WHERE ProcID=='2728';
 
Error - 07.07.2010 11:43:45 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO MemApplications (Exe, Started, Ended, State, Resumed) SELECT Exe,
 Started, '2010-07-07 17:43:45', 0, Resumed FROM ActiveApps WHERE ProcID=='2980';DELETE
 FROM ActiveApps WHERE ProcID=='2980';
 
Error - 07.07.2010 11:55:11 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-07 
17:55:11', '\device\harddiskvolume1\windows\system32\wbem\wmiprvse.exe','2132',0)
 
Error - 07.07.2010 11:57:02 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: file is encrypted or is not a database; when executing 
SQL: INSERT INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, 
Started, Ended, State, Resumed FROM MemApplications;DELETE FROM MemApplications;INSERT
 INTO Applications (Exe, Started, Ended, State, Resumed) SELECT Exe, Started, '2010-07-07
 17:57:02', 1, Resumed FROM ActiveApps;DELETE FROM ActiveApps
 
Error - 28.07.2010 15:06:59 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-28 21:06:59', '\device\harddiskvolume1\malwarebytes'
 anti-malware\mbam.exe','740',0)
 
Error - 28.07.2010 15:07:09 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-28 21:07:09', '\device\harddiskvolume1\malwarebytes'
 anti-malware\mbam.exe','4900',0)
 
Error - 29.07.2010 10:52:33 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-29 16:52:33', '\device\harddiskvolume1\malwarebytes'
 anti-malware\mbam.exe','2884',0)
 
Error - 29.07.2010 10:54:34 | Computer Name = Elenor | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2010-07-29 16:54:34', '\device\harddiskvolume1\malwarebytes'
 anti-malware\mbam.exe','3772',0)
 
 
< End of report >
         
--- --- ---

Geändert von Dom[Ger] (29.07.2010 um 22:23 Uhr)

Alt 29.07.2010, 22:19   #7
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Malwarebytes' Anti-Malware

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4366

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.07.2010 17:23:20
mbam-log-2010-07-29 (17-23-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 131439
Laufzeit: 4 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Alt 29.07.2010, 22:46   #8
Larusso
/// Selecta Jahrusso
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**



  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
    • Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
    • Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 30.07.2010, 20:19   #9
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Hi,

hab nun den ComboFix wie beschrieben ausgeführt.
Nun hängt er aber seit 5h im "AutoScan" bei Stufe_8 fest.
Ist das normal oder muss ich den Rechner einfach die nächsten 24h durch laufen lassen.
Man sieht leider überhaupt nicht ob sich noch was tut

Gruß
Dom

Alt 31.07.2010, 15:42   #10
Larusso
/// Selecta Jahrusso
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Ne eigentlich nicht.

Sophos Antirootkit Scanner
  • Gehe zu Sophos und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe.
  • Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:\SOPHTEMP nicht.
  • Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme.
  • Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse.
  • Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 01.08.2010, 14:29   #11
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Bitteschön -->

Sophos Log

Zitat:
Sophos Anti-Rootkit Version 1.5.0 (c) 2009 Sophos Plc
Started logging on 01.08.2010 at 13:11:38
User "Dom" on computer "ELENOR"
Windows version 6.1 SP 0.0 build 7600 SM=0x100 PT=0x1 Win32
Info: Starting registry scan.
Info: Starting disk scan of C: (NTFS).
Hidden: file C:\trend micro\Dom.exe
Hidden: file C:\trend micro\hijackthis.exe
Hidden: file C:\Users\Dom\Downloads\Battelfield 2\POE2\PoE2-v2.5_fullclient_pt1of2.exe
Hidden: file C:\Users\Dom\Downloads\Battelfield 2\POE2\PoE2-v2.5_fullclient_pt2of2.exe
Hidden: file C:\Users\Dom\AppData\Local\Mozilla\Firefox\Profiles\hr3r5t2s.default\Cache\388FE8E3d01
Hidden: file C:\Users\Dom\AppData\Local\Mozilla\Firefox\Profiles\hr3r5t2s.default\Cache\8FF2C9C8d01
Hidden: file C:\Users\Dom\AppData\Local\Mozilla\Firefox\Profiles\hr3r5t2s.default\Cache\46C0746Ad01
Hidden: file C:\Windows\System32\drivers\sptd.sys
Hidden: file C:\Windows\PEV.exe
Hidden: file C:\Windows\System32\nbDX.dll
Hidden: file C:\NVIDIA\nForceWinVista\15.51\English\ISSetup.dll
Hidden: file C:\NVIDIA\DisplayDriver\196.21\WinVista_Win7\International\ISSetup.dll
Hidden: file C:\Users\Dom\Downloads\Battelfield 2\FH2\Forgotten_Hope_2_2.2(1of2)pass.exe
Hidden: file C:\Combo-Fix\pev.exe
Hidden: file C:\Users\Dom\Downloads\Battelfield 2\EoD2\eod_v2.0_levels.exe
Hidden: file C:\Users\Dom\Downloads\Battelfield 2\FH2\Forgotten_Hope_2_2.2(2of2)pass.exe
Hidden: file C:\Users\Dom\Downloads\Battelfield 2\FH2\fh2patch2_25.exe
Hidden: file C:\Adobe\Adobe Bridge\AdobeLM.dll
Hidden: file C:\Adobe\Adobe Bridge\browser\opera.dll
Hidden: file C:\Adobe\Adobe Bridge\browser\es262-32.dll
Hidden: file C:\Users\Dom\Downloads\Battelfield 2\EoD2\eod_v2.0.exe
Hidden: file C:\Users\Dom\Downloads\DCS_BS_Patch_1.0.2QF_GE.exe
Hidden: file C:\Users\Dom\Downloads\VirtualDJ_Portable_6.0.4_Multilingual.paf.exe
Hidden: file C:\InstallShield Installation Information\{7E34E4DF-26FA-46D0-BC0F-77CE6CF4CBC5}\ISSetup.dll
Hidden: file C:\Users\Dom\Downloads\npp.5.7.Installer.exe
Hidden: file C:\Users\Dom\Documents\VirtualDJ\Plugins\SoundEffect\Flanger_Lite.dll
Hidden: file C:\Users\Dom\Documents\VirtualDJ\Plugins\SoundEffect\flanger_lite_8x.dll
Hidden: file C:\Users\Dom\Documents\VirtualDJ\Plugins\SoundEffect\id3-tag for VirtualDJ v2.01 - Setup.exe
Hidden: file C:\SoundSpectrum\G-Force\Uninstall.exe
Hidden: file C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.102.Crwl
Hidden: file C:\Windows\System32\avisynth.dll
Hidden: file C:\DsNET Corp\aTube Catcher 2.0\uninstall.exe
Hidden: file C:\Program Files\Common Files\Adobe\Updater\AdobeUpdaterApp.dll
Hidden: file C:\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\ISSetup.dll
Hidden: file C:\Users\Dom\Downloads\HiJackThis204.exe
Info: Starting disk scan of D: (NTFS).
Hidden: file D:\System Volume Information\_restore{6669BA30-AFD0-456E-9632-803EA386A01B}\RP10\A0000371.exe
Hidden: file D:\Renn-Simulationen\GTR2_BM\GTR2.exe
Hidden: file D:\System Volume Information\_restore{6669BA30-AFD0-456E-9632-803EA386A01B}\RP17\A0002832.exe
Hidden: file D:\System Volume Information\_restore{6669BA30-AFD0-456E-9632-803EA386A01B}\RP21\A0002980.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\SkinsWizard.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\SKINS_MANAGER2.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\BackupRSRBR.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\LanceurAddOns.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\SETUP_MANAGER2.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\C4_08\Program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\CITROEN_C2_s1600\Program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\Corsa_S1600\program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\ESCORT_COSWORTH_GRN\program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\ESCORT_WRC\Program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\IGNIS\Program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\impreza95\program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\PEUGEOT_206_grA\Program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\PEUGEOT_206_grN\Program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\PEUGEOT_306_grA\program\My3DManager.exe
Hidden: file D:\Motec\i2pro\1.0\Demos\i2 Demo.exe
Hidden: file D:\Renn-Simulationen\iRacing\iRacingRun.exe
Hidden: file D:\Renn-Simulationen\rFactor_BM\Plugins\fmodex.dll
Hidden: file D:\Motec\GEditor\GEditor.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\PEUGEOT_306_grN\program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\RSRBR10\Cars\Volvo242LE\program\My3DManager.exe
Hidden: file D:\Renn-Simulationen\rFactor_HX\HGTTCuninst.exe
Info: Starting disk scan of E: (NTFS).
Hidden: file E:\Anwendungen\Winamp\UninstWA.exe
Hidden: file E:\Anwendungen\VLC\uninstall.exe
Hidden: file E:\Anwendungen\Teamspeak3\fmodex.dll
Hidden: file E:\Anwendungen\Office2007\Office12\CRYPTOPP.DLL
Hidden: file E:\Anwendungen\No23\No23Recorder.exe
Hidden: file E:\Anwendungen\Teamspeak3\Uninstall.exe
Hidden: file E:\Anwendungen\Microsoft Office\Office12\CRYPTOPP.DLL
Hidden: file E:\Anwendungen\Adobe\PhotoshopCS2\AdobeLM.dll
Hidden: file E:\Anwendungen\SUPER\ffmpeg.exe
Hidden: file E:\Anwendungen\SUPER\x264.exe
Hidden: file E:\Anwendungen\SUPER\mencoder\mencoder.exe
Hidden: file E:\Anwendungen\SUPER\mencoder\mplayer.exe
Hidden: file E:\Anwendungen\Adobe\Adobe Bridge\AdobeLM.dll
Hidden: file E:\Anwendungen\Adobe\Adobe Bridge\browser\es262-32.dll
Hidden: file E:\Anwendungen\Adobe\Adobe Bridge\browser\opera.dll
Hidden: file E:\Anwendungen\VirtualDJ\virtualdj.exe
Hidden: file E:\Anwendungen\FileZilla\dbghelp.dll
Hidden: file E:\Anwendungen\FileZilla\uninstall.exe
Hidden: file E:\Anwendungen\EVEREST Ultimate Edition\everest_cpuid.dll
Hidden: file E:\Anwendungen\EVEREST Ultimate Edition\everest_mondiag.dll
Hidden: file E:\Anwendungen\Adobe\Adobe Help Center\Browser\es262-32.dll
Hidden: file E:\Anwendungen\Adobe\Adobe Help Center\Browser\opera.dll
Hidden: file E:\Anwendungen\Alcohol\Alcohol 120\Alcohol.exe
Hidden: file E:\Anwendungen\Alcohol\Alcohol 120\AXShlEx.dll
Hidden: file E:\Anwendungen\RivaTuner\Uninstall.exe
Info: Starting disk scan of F: (NTFS).
Hidden: file F:\Games\EA GAMES\Battlefield 2\Redist\ArcadeInstallBATTLEFIELD2_20.EXE
Hidden: file F:\Games\EA GAMES\Battlefield 2\Redist\ArcadeInstallBFIELD2XP1_202.exe
Hidden: file F:\Games\EA GAMES\Battlefield 2\mods\fh2\binaries\fh2_toolbox\fh2_toolbox.exe
Hidden: file F:\Games\EA GAMES\Battlefield 2\mods\poe2\uninstall.exe
Hidden: file F:\Games\Truck Simulator\ETS_1.3_patch_de_de(2).exe
Hidden: file F:\Games\IL2\il2fb.exe
Hidden: file F:\System Volume Information\_restore{9DC3F383-3DFD-411E-9D83-D036155B9E6B}\RP420\A0175408.exe
Hidden: file F:\System Volume Information\_restore{9DC3F383-3DFD-411E-9D83-D036155B9E6B}\RP420\A0175406.dll
Hidden: file F:\System Volume Information\_restore{9DC3F383-3DFD-411E-9D83-D036155B9E6B}\RP421\A0177386.exe
Hidden: file F:\System Volume Information\_restore{9DC3F383-3DFD-411E-9D83-D036155B9E6B}\RP421\A0177379.exe
Hidden: file F:\Games\DCS-Blackshark\Tacview\Tacview 0.95\Tacview.exe
Hidden: file F:\Games\Mount&Blade Warband\fmodex.dll
Stopped logging on 01.08.2010 at 14:24:56

Alt 01.08.2010, 15:07   #12
Larusso
/// Selecta Jahrusso
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Sieht auch gut aus. Wie läuft der Rechner ?

Starte bitte OTL.exe und klicke auf den Quick Scan Button.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 01.08.2010, 16:16   #13
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



Hi,

läuft super ich hab auch seit dem Maleware Scan keine Warnungen mehr von AVG erhalten.

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 01.08.2010 16:04:52 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Dom\Desktop
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 55,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\
Drive C: | 50,00 Gb Total Space | 7,78 Gb Free Space | 15,56% Space Free | Partition Type: NTFS
Drive D: | 100,00 Gb Total Space | 46,71 Gb Free Space | 46,71% Space Free | Partition Type: NTFS
Drive E: | 50,00 Gb Total Space | 13,02 Gb Free Space | 26,04% Space Free | Partition Type: NTFS
Drive F: | 98,08 Gb Total Space | 1,96 Gb Free Space | 2,00% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ELENOR
Current User Name: Dom
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Dom\Desktop\OTL.exe (OldTimer Tools)
PRC - E:\Anwendungen\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - E:\Anwendungen\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - E:\Anwendungen\Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
PRC - C:\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Saitek\SD6\Software\SaiMfd.exe (Saitek)
PRC - C:\Saitek\SD6\Software\ProfilerU.exe (Saitek)
PRC - C:\Windows\System32\oodag.exe (O&O Software GmbH)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Dom\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (WinDefend) -- C:\Windows Defender\mpsvc.dll File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avg9emc) -- C:\Program Files\AVG\AVG9\avgemc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Hamachi2Svc) -- E:\Anwendungen\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (nHancer) -- C:\Program Files\nHancer\nHancerService.exe (KSE - Korndörfer Software Engineering)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (O&O Defrag) -- C:\Windows\System32\oodag.exe (O&O Software GmbH)
SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MEMSWEEP2) -- C:\Windows\System32\F7A6.tmp File not found
DRV - (catchme) -- C:\Users\Dom\AppData\Local\Temp\catchme.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (AvgTdiX) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmHidLo) -- C:\Windows\System32\drivers\WmHidLo.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (npusbio) -- C:\Windows\System32\drivers\npusbio.sys (Thesycon GmbH, Germany)
DRV - (SaiH075C) -- C:\Windows\System32\drivers\SaiH075C.sys (Saitek)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.brakesman.eu"
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:4.1.5
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
 
 
[2010.01.23 19:16:57 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Extensions
[2010.08.01 14:36:45 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions
[2010.02.13 18:34:23 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.07.28 21:00:07 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.07.14 19:04:55 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.02.13 18:34:21 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.01.25 19:17:41 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.06.12 19:01:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\mozilla\Firefox\Profiles\hr3r5t2s.default\extensions\smarterwiki@wikiatic.com
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [ProfilerU] C:\Saitek\SD6\Software\ProfilerU.exe (Saitek)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SaiMfd] C:\Saitek\SD6\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - E:\Anwendungen\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\Anwendungen\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.01 16:03:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Dom\Desktop\OTL.exe
[2010.08.01 13:07:46 | 000,000,000 | ---D | C] -- C:\Sophos
[2010.07.30 16:25:07 | 000,000,000 | --SD | C] -- C:\Combo-Fix
[2010.07.30 16:24:49 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.07.29 22:58:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.07.29 22:58:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.07.29 22:58:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.07.29 22:56:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.07.29 16:57:47 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.07.29 16:57:16 | 000,000,000 | ---D | C] -- C:\ERUNT
[2010.07.28 21:16:54 | 000,000,000 | ---D | C] -- C:\trend micro
[2010.07.28 21:16:53 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.28 21:06:58 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Malwarebytes
[2010.07.28 21:06:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.28 21:06:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.28 21:06:51 | 000,000,000 | ---D | C] -- C:\Malwarebytes' Anti-Malware
[2010.07.28 21:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.28 20:58:02 | 000,000,000 | ---D | C] -- C:\CCleaner
[2010.07.26 19:33:20 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\InstallShield
[2010.07.25 20:04:06 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Notepad++
[2010.07.25 16:48:01 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Flight Simulator X-Dateien
[2010.07.15 17:35:19 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.07.14 19:09:54 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\SpotterConfig
[2010.07.14 19:09:51 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\SpotterConfig
[2010.07.12 15:47:54 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Real_Environment_Xtreme
[2010.07.11 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\FlyingWSimulation
[2010.07.11 19:35:00 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\FlyingWSimulation
[2010.07.11 19:33:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MyTraffic
[2010.07.11 19:32:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\MyTraffic
[2010.07.11 18:00:24 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Microsoft Game Studios
[2010.07.11 17:33:29 | 000,000,000 | ---D | C] -- C:\MSXML 4.0
[2010.07.04 18:48:28 | 000,000,000 | R--D | C] -- C:\Users\Dom\Desktop\Brakesman
[2010.07.03 10:08:41 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\storage
[2010.07.03 10:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Ubisoft
[2010.07.02 19:25:31 | 000,000,000 | ---D | C] -- C:\Ubisoft
[2010.06.25 19:11:48 | 000,000,000 | ---D | C] -- C:\Reference Assemblies
[2010.06.25 17:06:41 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\FIFA 10
[2010.06.25 16:44:30 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Leadertech
[2010.06.18 17:30:51 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Simraceway
[2010.06.18 16:40:42 | 000,000,000 | ---D | C] -- C:\WinPcap
[2010.06.17 17:01:58 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\ElevatedDiagnostics
[2010.06.10 17:59:51 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.06.10 17:59:51 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2010.06.10 17:59:51 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010.06.10 17:59:50 | 000,000,000 | ---D | C] -- C:\AviSynth 2.5
[2010.06.10 17:59:25 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2010.06.10 17:59:25 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2010.06.10 17:59:25 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2010.06.10 17:59:25 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2010.06.10 17:59:25 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2010.06.10 17:59:25 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2010.06.10 17:59:25 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2010.06.10 17:59:25 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2010.06.10 17:59:25 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2010.06.10 17:59:25 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2010.06.10 17:59:25 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2010.06.10 17:59:25 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2010.06.10 17:59:24 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2010.06.10 17:41:56 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\AccurateRip
[2010.06.10 17:41:51 | 000,000,000 | ---D | C] -- C:\Users\Dom\dBpoweramp
[2010.06.08 22:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2010.06.03 19:07:20 | 000,000,000 | ---D | C] -- C:\SoundSpectrum
[2010.06.02 11:51:34 | 000,000,000 | ---D | C] -- C:\Windows\System32\oodag
[2010.06.02 11:14:57 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\O&O
[2010.06.01 15:45:52 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\LogMeIn Hamachi
[2010.05.31 10:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010.05.31 10:27:26 | 000,000,000 | ---D | C] -- C:\Adobe
[2010.05.30 02:23:25 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\BlackBean
[2010.05.26 19:53:10 | 000,000,000 | ---D | C] -- C:\NVIDIA Corporation
[2010.05.25 21:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2010.05.21 23:03:11 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Test Drive Unlimited
[2010.05.21 22:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Test Drive Unlimited
[2010.05.16 16:07:45 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\HDRsoft
[2010.05.15 18:01:51 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Local\Logitech
[2010.05.14 13:26:30 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\NLC Modding Group
[2010.05.13 14:16:11 | 000,000,000 | ---D | C] -- C:\Windows Mail
[2010.05.09 22:28:42 | 000,000,000 | ---D | C] -- C:\Users\Dom\AppData\Roaming\Ashampoo
[2010.05.09 21:20:03 | 000,000,000 | ---D | C] -- C:\Users\Dom\Documents\Mount&Blade Warband
[2010.05.08 21:28:47 | 000,000,000 | ---D | C] -- C:\Windows Media Player
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.01 16:05:06 | 002,359,296 | ---- | M] () -- C:\Users\Dom\NTUSER.DAT
[2010.08.01 16:03:48 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Dom\Desktop\OTL.exe
[2010.08.01 16:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.08.01 15:47:00 | 000,001,062 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.01 13:13:08 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 13:13:08 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.01 13:08:52 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.01 13:08:52 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.01 13:08:52 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.01 13:08:52 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.01 13:08:52 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.01 13:08:17 | 062,834,491 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.08.01 13:04:51 | 000,001,058 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.01 13:04:50 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.01 13:04:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.01 13:04:38 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.01 13:04:38 | 000,131,531 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.07.31 15:34:35 | 002,343,481 | -H-- | M] () -- C:\Users\Dom\AppData\Local\IconCache.db
[2010.07.31 14:09:36 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.07.28 20:47:35 | 000,091,416 | ---- | M] () -- C:\Users\Dom\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.28 20:06:26 | 000,353,440 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.27 20:03:41 | 000,000,409 | ---- | M] () -- C:\VirtualDJ Local Database v6.xml
[2010.07.27 19:38:56 | 000,000,261 | ---- | M] () -- C:\VirtualDJ Local Database v5.xml
[2010.07.15 17:35:20 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.07.15 17:35:19 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.07.15 17:34:54 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.06.22 20:07:49 | 000,001,164 | ---- | M] () -- C:\Users\Dom\Desktop\rF_VLM.lnk
[2010.06.21 17:44:20 | 000,018,165 | ---- | M] () -- C:\Users\Dom\Documents\Ausgaben 325.xlsx
[2010.06.18 16:14:05 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.06.18 16:14:05 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.06.10 17:50:45 | 000,003,651 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010.06.10 17:50:12 | 000,033,846 | ---- | M] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010.06.10 17:49:53 | 001,085,616 | ---- | M] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.06.03 13:09:18 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.06.02 23:05:26 | 000,001,102 | ---- | M] () -- C:\Users\Dom\Desktop\rF_BM.lnk
[2010.06.02 11:10:34 | 000,000,000 | ---- | M] () -- C:\Windows\oodcnt.INI
[2010.05.15 17:52:17 | 000,000,114 | ---- | M] () -- C:\Users\Dom\SciTE.session
 
========== Files Created - No Company Name ==========
 
[2010.07.29 22:58:51 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.07.29 22:58:51 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.07.29 22:58:51 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.07.29 22:58:51 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.07.29 22:58:51 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.07.27 20:01:28 | 000,000,409 | ---- | C] () -- C:\VirtualDJ Local Database v6.xml
[2010.07.27 19:38:56 | 000,000,261 | ---- | C] () -- C:\VirtualDJ Local Database v5.xml
[2010.07.15 18:15:04 | 000,000,000 | ---- | C] () -- C:\ZipCodec.txt
[2010.06.18 16:14:05 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.06.18 16:14:05 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.06.12 08:28:44 | 000,001,164 | ---- | C] () -- C:\Users\Dom\Desktop\rF_VLM.lnk
[2010.06.10 17:59:51 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.06.10 17:59:25 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2010.06.10 17:59:25 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2010.06.10 17:59:25 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2010.06.10 17:59:25 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2010.06.10 17:59:25 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2010.06.10 17:59:24 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2010.06.10 17:59:24 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2010.06.10 17:59:24 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2010.06.10 17:42:39 | 000,033,846 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.bmp
[2010.06.10 17:42:39 | 000,003,651 | ---- | C] () -- C:\Windows\System32\SpoonUninstall-dBpoweramp m4a Codec.dat
[2010.06.10 17:41:55 | 001,085,616 | ---- | C] () -- C:\Windows\System32\SpoonUninstall.exe
[2010.06.02 23:05:26 | 000,001,102 | ---- | C] () -- C:\Users\Dom\Desktop\rF_BM.lnk
[2010.06.02 17:24:48 | 000,131,531 | ---- | C] () -- C:\Windows\System32\oodbs.lor
[2010.06.02 11:10:34 | 000,000,000 | ---- | C] () -- C:\Windows\oodcnt.INI
[2010.05.15 17:52:17 | 000,000,114 | ---- | C] () -- C:\Users\Dom\SciTE.session
[2010.02.05 20:02:55 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.25 19:34:17 | 000,139,152 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.11.16 18:33:38 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2007.05.01 17:11:28 | 000,847,872 | ---- | C] () -- C:\Windows\System32\SaiC075C.Dll
[2007.05.01 17:11:28 | 000,008,704 | ---- | C] () -- C:\Windows\System32\SaiC075C_0C.dll
[2007.05.01 17:11:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC075C_10.dll
[2007.05.01 17:11:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC075C_0A.dll
[2007.05.01 17:11:28 | 000,008,192 | ---- | C] () -- C:\Windows\System32\SaiC075C_07.dll
[2007.05.01 17:11:28 | 000,007,680 | ---- | C] () -- C:\Windows\System32\SaiC075C_09.dll
[2007.05.01 17:11:28 | 000,007,168 | ---- | C] () -- C:\Windows\System32\SaiC075C_0402.dll
[2007.05.01 17:11:28 | 000,005,632 | ---- | C] () -- C:\Windows\System32\SaiC075C_11.dll
 
========== LOP Check ==========
 
[2010.05.09 22:28:42 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Ashampoo
[2010.05.30 02:23:25 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\BlackBean
[2010.03.01 21:59:42 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Cuttermaran
[2010.02.05 20:30:24 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DAEMON Tools
[2010.02.05 20:32:04 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\DAEMON Tools Lite
[2010.07.11 19:35:00 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\FlyingWSimulation
[2010.05.16 16:07:45 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\HDRsoft
[2010.01.23 19:51:57 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\ICQ
[2010.06.25 16:44:30 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Leadertech
[2010.05.13 19:18:43 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Mount&Blade Warband
[2010.07.11 19:32:52 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\MyTraffic
[2010.01.24 15:23:51 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\nHancer
[2010.05.14 13:26:30 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\NLC Modding Group
[2010.07.25 20:04:13 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Notepad++
[2010.06.18 17:41:40 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\Simraceway
[2010.07.14 19:09:51 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\SpotterConfig
[2010.03.13 18:08:04 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\streamripper
[2010.04.13 19:24:30 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TS3Client
[2010.01.25 19:40:44 | 000,000,000 | ---D | M] -- C:\Users\Dom\AppData\Roaming\TuneUp Software
[2010.08.01 16:00:00 | 000,000,468 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.07.18 20:03:12 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:05EE1EEF
< End of report >
         
--- --- ---

Alt 01.08.2010, 16:22   #14
Larusso
/// Selecta Jahrusso
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.
  • Button drücken.
    • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User: müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 01.08.2010, 23:54   #15
Dom[Ger]
 
Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Standard

Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe



ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=04ccad517ef1f14c80eac13ff77e3f96
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-01 07:51:18
# local_time=2010-08-01 09:51:18 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 339487 339487 0 0
# compatibility_mode=1024 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 80 15813357 23320273 0 0
# compatibility_mode=8192 67108863 100 0 344 344 0 0
# scanned=528419
# found=2
# cleaned=2
# scan_time=8171
C:\Users\Dom\AppData\Local\Temp\Av-test.txt Eicar test file (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Dom\Documents\VirtualDJ\Skins\Sonique-Visual-Effects.exe probably a variant of Win32/Agent trojan (deleted - quarantined) 00000000000000000000000000000000 C

Antwort

Themen zu Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe
avg free, benutzerprofildienst, bho, browser, desktop, device driver, diagnostics, e-mail, error, firefox, flash player, google, gruppe, helper, hijack, hijackthis, install.exe, installation, internet, internet explorer, local\temp, mozilla, msiexec, msiexec.exe, notepad.exe, nvmf6232.sys, object, programdata, realtek, registry, server, shark, software, sptd.sys, svchost.exe, system, trojaner, windows, wscript.exe



Ähnliche Themen: Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe


  1. fakeav.ai trojaner?
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (11)
  2. Win32:FakeAV MacBookPro Windows 7
    Log-Analyse und Auswertung - 15.04.2014 (12)
  3. Trojaner FAKEAV-EKA in vsmon.exe im Arbeitsspeicher
    Plagegeister aller Art und deren Bekämpfung - 25.02.2013 (7)
  4. Trojaner TR/FakeAV.Aus.2 (=cmhptmyxb.exe) wie bekämpfen?
    Log-Analyse und Auswertung - 27.11.2012 (1)
  5. Trojan.FakeAV.LVT
    Plagegeister aller Art und deren Bekämpfung - 14.10.2012 (11)
  6. mehrere Trojaner (rojan.Win32.Pakes.tqy - Jorik.SystemCheck.hz - FakeAV.llzt)
    Plagegeister aller Art und deren Bekämpfung - 22.03.2012 (2)
  7. Avira findet Trojaner TR/FakeAV.vxj
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (25)
  8. TR/FakeAV Trojaner
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (1)
  9. Trojaner TR/FakeAV.CX.175616 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 09.05.2010 (1)
  10. Trojaner TR/FakeAV.CX.175616 lässt sich einfach nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 06.05.2010 (1)
  11. TR/fakeAV.AM
    Plagegeister aller Art und deren Bekämpfung - 17.03.2010 (4)
  12. FakeAV.AM FakeAV.AY
    Log-Analyse und Auswertung - 19.11.2009 (5)
  13. Google leitet immmer auf windowsclick.com / Trojaner TR/FakeAV.IA
    Plagegeister aller Art und deren Bekämpfung - 28.03.2009 (1)
  14. TR/Fakealert.QF, TR/FakeAV.bak.2
    Log-Analyse und Auswertung - 28.10.2008 (5)
  15. trojaner "TR/FakeAV.bak.2"
    Plagegeister aller Art und deren Bekämpfung - 12.10.2008 (1)
  16. Spyware- trojaner "TR/FakeAV.bak.2"
    Plagegeister aller Art und deren Bekämpfung - 12.10.2008 (0)
  17. TR/FakeAV.AM
    Plagegeister aller Art und deren Bekämpfung - 07.09.2008 (20)

Zum Thema Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe - Hi, ich hab mir irgendwie ein paar kleine Freunde eingefangen die sich auf meinem PC breit machen. Da ich natürlich nur ungern formatieren möchte und dies erst als letzte Lösung - Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe...
Archiv
Du betrachtest: Trojaner FakeAV.CMB in C:\Windows\Nsyrea.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.