Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-(

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 12.10.2010, 10:09   #1
Gh0std0g
 
Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-( - Standard

Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-(



Hallo, ich brauche dringend eure Hilfe. Mein Virenscanner Antivir zeigt mir immer wieder die oben genannten Trojaner an, kann sie aber wohl nicht löschen. Auch diverse andere Programme brachten keine hilfe, erkannten sie teilweise auch nicht.

Ich kenne mich zwar grundsätzlich ein wenig mit Computern aus, aber nicht mit Viren und Trojanern, da ich noch nie wirklich ein Problem damit hatte.

Ich hoffe ihr könnt mir helfen, sonst muss ich wohl Windoof neu draufmachen

Gruß

Hier mal das Log von Malwareytes:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4799

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

12.10.2010 11:58:50
mbam-log-2010-10-12 (11-58-50).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132184
Laufzeit: 3 Minute(n), 25 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\mqysda.sys (Rootkit.Bubnix) -> Quarantined and deleted successfully.
C:\Windows\system32\Drivers\ptqdjtpa.sys (Rootkit.Agent) -> Quarantined and deleted successfully.
C:\Users\Sascha\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.






Das defogger_disabke.log

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:02 on 12/10/2010 (Sascha)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCUAEMON Tools Lite -> Removed

Checking for services/drivers...
Unable to read mqysda.sys
Unable to read ptqdjtpa.sys
Unable to read sptd.sys
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-





Gmer.txt

GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-10-12 12:51:13
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\Sascha\AppData\Local\Temp\fwryqpog.sys
 
 
---- System - GMER 1.0.15 ----
 
SSDT     97709D1C                                                                                                            ZwCreateThread
SSDT     97709D08                                                                                                            ZwOpenProcess
SSDT     97709D0D                                                                                                            ZwOpenThread
SSDT     97709D17                                                                                                            ZwTerminateProcess
 
---- Kernel code sections - GMER 1.0.15 ----
 
.text    ntkrnlpa.exe!KeSetEvent + 221                                                                                       81EC9984 4 Bytes  [1C, 9D, 70, 97] {SBB AL, 0x9d; JO 0xffffffffffffff9b}
.text    ntkrnlpa.exe!KeSetEvent + 3F2                                                                                       81EC9B55 3 Bytes  [9D, 70, 97] {POPF ; JO 0xffffffffffffff9a}
.text    ntkrnlpa.exe!KeSetEvent + 40D                                                                                       81EC9B70 4 Bytes  [0D, 9D, 70, 97]
.text    ntkrnlpa.exe!KeSetEvent + 621                                                                                       81EC9D84 4 Bytes  [17, 9D, 70, 97] {POP SS; POPF ; JO 0xffffffffffffff9b}
?        System32\Drivers\mqysda.sys                                                                                         Ein an das System angeschlossenes Gerät funktioniert nicht. !
?        System32\Drivers\ptqdjtpa.sys                                                                                       Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text    C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x8E009000, 0x31BA76, 0xE8000020]
.vmp2    C:\Windows\system32\drivers\acedrv11.sys                                                                            entry point in ".vmp2" section [0x9B14569D]
.text    C:\Windows\system32\DRIVERS\atksgt.sys                                                                              section is writeable [0x9B14A300, 0x3B6D8, 0xE8000020]
.text    C:\Windows\system32\DRIVERS\lirsgt.sys                                                                              section is writeable [0x9B18D300, 0x1BEE, 0xE8000020]
 
---- User code sections - GMER 1.0.15 ----
 
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxParamW                                    767210B0 5 Bytes  JMP 7039BF9F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxIndirectParamW                            76722EF5 5 Bytes  JMP 704DB4AA C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxParamA                                    76738152 5 Bytes  JMP 704DB46F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!DialogBoxIndirectParamA                            7673847D 5 Bytes  JMP 704DB4E5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxIndirectA                                7674D4D9 5 Bytes  JMP 704DB42B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxIndirectW                                7674D5D3 5 Bytes  JMP 704DB3E7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxExA                                      7674D639 5 Bytes  JMP 704DB3AD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] USER32.dll!MessageBoxExW                                      7674D65D 5 Bytes  JMP 704DB373 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text    C:\Program Files\Internet Explorer\iexplore.exe[5472] ole32.dll!OleLoadFromStream                                   77B11E12 5 Bytes  JMP 704DB6A7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
 
---- Devices - GMER 1.0.15 ----
 
Device   \FileSystem\Ntfs \Ntfs                                                                                              8626D3B8
 
---- Services - GMER 1.0.15 ----
 
Service   (*** hidden *** )                                                                                                  [BOOT] mqysda                                                                                              <-- ROOTKIT !!!
Service   (*** hidden *** )                                                                                                  [BOOT] ptqdjtpa                                                                                            <-- ROOTKIT !!!
 
---- Registry - GMER 1.0.15 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Services\mqysda@Type                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\mqysda@Start                                                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\mqysda@ErrorControl                                                          0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\mqysda@Group                                                                 Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@Type                                                                1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@Start                                                               0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@ErrorControl                                                        0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@Group                                                               Boot Bus Extender
Reg      HKLM\SYSTEM\CurrentControlSet\Services\ptqdjtpa@{29f203b9-63e0-631b-40af-f935e85f67c0}                              1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0xD4 0xC3 0x97 0x02 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xA1 0xD9 0xD2 0x93 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x6E 0x3D 0xB2 0xE5 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg      HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xBF 0x7E 0xF7 0xA5 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\mqysda@Type                                                                      1
Reg      HKLM\SYSTEM\ControlSet003\Services\mqysda@Start                                                                     0
Reg      HKLM\SYSTEM\ControlSet003\Services\mqysda@ErrorControl                                                              0
Reg      HKLM\SYSTEM\ControlSet003\Services\mqysda@Group                                                                     Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@Type                                                                    1
Reg      HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@Start                                                                   0
Reg      HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@ErrorControl                                                            0
Reg      HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@Group                                                                   Boot Bus Extender
Reg      HKLM\SYSTEM\ControlSet003\Services\ptqdjtpa@{29f203b9-63e0-631b-40af-f935e85f67c0}                                  1
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Lite\
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0xD4 0xC3 0x97 0x02 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xA1 0xD9 0xD2 0x93 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x6E 0x3D 0xB2 0xE5 ...
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg      HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xBF 0x7E 0xF7 0xA5 ...
 
---- EOF - GMER 1.0.15 ----
         
--- --- ---



OLT.TXTOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12.10.2010 12:54:39 - Run 1
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\Sascha\Desktop\MFTools
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,69 Gb Total Space | 56,42 Gb Free Space | 57,75% Space Free | Partition Type: NTFS
Drive D: | 189,92 Gb Total Space | 87,32 Gb Free Space | 45,98% Space Free | Partition Type: NTFS
Drive E: | 92,23 Gb Total Space | 42,42 Gb Free Space | 45,99% Space Free | Partition Type: NTFS
 
Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.10.12 11:44:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\MFTools\OTL.exe
PRC - [2010.07.07 03:51:10 | 000,380,928 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2010.07.07 03:50:42 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2010.02.03 13:57:56 | 000,389,120 | R--- | M] (Teleca) -- C:\Programme\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
PRC - [2009.12.11 14:50:34 | 000,557,056 | R--- | M] (Teleca AB) -- C:\Programme\Common Files\Teleca Shared\Generic.exe
PRC - [2009.11.19 16:19:48 | 000,598,016 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Application Launcher\Application Launcher.exe
PRC - [2009.09.29 12:29:00 | 000,356,352 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\dbgout.exe
PRC - [2009.09.29 12:28:26 | 001,011,712 | R--- | M] (Teleca Sweden AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
PRC - [2009.09.29 12:03:26 | 000,253,952 | R--- | M] (TODO: <Company name>) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
PRC - [2009.09.29 12:03:02 | 000,462,848 | R--- | M] (Teleca AB) -- C:\Programme\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
PRC - [2009.09.15 18:02:48 | 000,180,224 | ---- | M] (ROCCAT) -- C:\Programme\ROCCAT\Kone Mouse\KoneHID.EXE
PRC - [2009.08.04 18:31:56 | 000,219,360 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.08.04 18:31:54 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.06.03 09:25:16 | 000,106,496 | R--- | M] (Popwire AB) -- C:\Programme\Common Files\Teleca Shared\logger.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.14 12:14:26 | 000,139,264 | ---- | M] (Teleca Sweden AB) -- C:\Programme\Common Files\Teleca Shared\CapabilityManager.exe
PRC - [2009.04.11 00:28:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 00:27:22 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.10.06 12:40:32 | 000,458,752 | ---- | M] (ROCCAT) -- C:\Programme\ROCCAT\Kone Mouse\OSD.exe
PRC - [2008.01.19 00:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2007.11.21 13:17:02 | 000,017,408 | ---- | M] () -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE
PRC - [2007.03.12 14:49:46 | 001,209,904 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2007.03.12 14:49:26 | 000,153,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.10.12 11:44:44 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\Sascha\Desktop\MFTools\OTL.exe
MOD - [2010.10.08 12:06:07 | 000,050,688 | -H-- | M] () -- C:\Windows\System32\autoacls.dll
MOD - [2009.09.25 04:10:10 | 000,974,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecs.dll
MOD - [2009.04.11 00:28:24 | 000,231,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
MOD - [2009.04.11 00:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SLC.dll
MOD - [2009.04.11 00:28:20 | 000,114,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\EhStorShell.dll
MOD - [2009.04.11 00:28:20 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cscapi.dll
MOD - [2009.04.11 00:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\rsaenh.dll
MOD - [2009.04.11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.19 00:36:42 | 000,080,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\thumbcache.dll
MOD - [2008.01.19 00:34:08 | 000,183,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\duser.dll
MOD - [2008.01.19 00:33:44 | 000,326,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\actxprxy.dll
MOD - [2008.01.19 00:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.09.08 20:34:38 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.07.07 03:50:42 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.26 13:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.24 21:16:36 | 000,406,016 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe -- (DfSdkS)
SRV - [2009.08.04 18:31:56 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.01.19 00:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.21 13:17:02 | 000,017,408 | ---- | M] () [Auto | Running] -- C:\Programme\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE -- (HerculesDJControlMP3)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agp440.sys -- (agp440)
DRV - [2010.07.07 04:29:16 | 005,882,368 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010.07.07 03:15:24 | 000,210,944 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010.05.06 13:58:06 | 000,141,312 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJMidi.sys -- (HDJMidi)
DRV - [2010.05.06 13:58:02 | 000,135,168 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJBulk.sys -- (Bulk)
DRV - [2010.05.06 13:57:58 | 000,185,344 | ---- | M] (© Guillemot R&D, 2010. All rights reserved.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HDJAsioK.sys -- (HDJAsioK)
DRV - [2010.05.06 11:21:36 | 000,105,488 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.03.29 11:58:05 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.03.29 11:58:05 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.03.04 13:50:14 | 000,261,152 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.02.24 12:22:10 | 000,185,472 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2010.02.16 15:03:33 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.25 12:19:02 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.08.17 13:17:44 | 001,077,760 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.10 22:42:56 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.12.11 15:56:14 | 000,013,056 | ---- | M] (ROCCAT Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Kone.sys -- (KoneFltr)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007.12.17 11:14:06 | 000,012,400 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2006.11.02 16:51:58 | 000,013,560 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD\000.fcl -- ({95808DC4-FA4A-4c74-92FE-5B863F82066B})
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 11:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006.11.02 11:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006.11.02 11:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006.10.18 07:44:48 | 000,007,680 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.startup.homepage: "hxxp://google.de"
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {5EB31FDD-1B05-4265-8276-1388F980ED55}:1.2.1
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {92878641-6D32-4FBE-AEC2-330ED6142AF7}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{92878641-6D32-4FBE-AEC2-330ED6142AF7}: C:\Users\Sascha\AppData\Local\{92878641-6D32-4FBE-AEC2-330ED6142AF7} [2010.10.08 12:07:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.09.16 15:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.16 15:37:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.09.30 13:07:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.09.01 01:52:28 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions
[2010.09.01 01:52:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.12 10:08:11 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions
[2010.06.25 14:50:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.13 14:50:19 | 000,000,000 | ---D | M] (GutscheinFinder) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{5EB31FDD-1B05-4265-8276-1388F980ED55}
[2010.09.30 15:26:41 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.05.19 17:56:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.04.09 11:01:00 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sascha\AppData\Roaming\mozilla\Firefox\Profiles\7gfi2xrg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.09.30 15:36:32 | 000,000,873 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\7gfi2xrg.default\searchplugins\conduit.xml
[2010.10.05 17:31:33 | 000,000,950 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\7gfi2xrg.default\searchplugins\icqplugin-1.xml
[2010.03.27 21:59:00 | 000,000,944 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\Mozilla\FireFox\Profiles\7gfi2xrg.default\searchplugins\icqplugin.xml
[2010.10.12 10:08:11 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.14 00:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.09.10 10:21:35 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.10 10:21:35 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.10 10:21:35 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.10 10:21:35 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.10 10:21:35 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.11 23:22:53 | 000,421,636 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 14541 more lines...
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Kone] C:\Program Files\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support.microsoft.com/ActiveX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: icarougc - (C:\Windows\system32\autoacls.dll) - C:\Windows\System32\autoacls.dll ()
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^Users^Sascha^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^ERUNT AutoBackup.lnk - C:\Programme\ERUNT\AUTOBACK.EXE - ()
MsConfig - State: "bootini" - 2
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi6 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.12 11:52:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.12 11:51:35 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2010.10.12 11:45:43 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Malwarebytes
[2010.10.12 11:45:23 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.12 11:45:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.12 11:45:20 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.12 11:45:20 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.12 11:43:42 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Desktop\MFTools
[2010.10.12 09:56:10 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.10.11 22:47:35 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.10.11 22:47:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.10.08 12:07:53 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\{92878641-6D32-4FBE-AEC2-330ED6142AF7}
[2010.09.30 15:26:43 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.09.30 15:26:42 | 000,000,000 | ---D | C] -- C:\Programme\DVDVideoSoftTB
[2010.09.29 19:03:00 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\MoveFab
[2010.09.23 21:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Codemasters
[2010.09.23 21:08:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.09.23 21:06:13 | 001,380,352 | ---- | C] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
[2010.09.23 21:06:12 | 000,445,016 | ---- | C] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.09.23 21:06:12 | 000,109,144 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.09.23 21:06:12 | 000,000,000 | ---D | C] -- C:\Programme\OpenAL
[2010.09.23 21:06:12 | 000,000,000 | ---D | C] -- C:\Programme\BRS
[2010.09.23 21:04:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\xlive
[2010.09.23 21:03:59 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Games for Windows - LIVE
[2010.09.15 21:01:08 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.09.14 10:41:18 | 000,000,000 | ---D | C] -- C:\Programme\DVDFab 8
[2010.09.01 20:45:37 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Kalypso Media
[2010.09.01 20:43:10 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010.09.01 20:43:06 | 000,000,000 | ---D | C] -- C:\Programme\ProtectDisc Driver Installer
[2010.08.30 12:49:49 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\2K Games
[2010.08.30 11:46:51 | 000,000,000 | ---D | C] -- C:\Programme\NVIDIA Corporation
[2010.08.21 13:11:20 | 000,185,344 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\System32\drivers\HDJAsioK.sys
[2010.08.21 13:11:20 | 000,141,312 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\System32\drivers\HDJMidi.sys
[2010.08.21 13:11:20 | 000,135,168 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\System32\drivers\HDJBulk.sys
[2010.08.21 13:11:20 | 000,077,312 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\HerculesDJDevices.dll
[2010.08.21 13:11:20 | 000,073,728 | ---- | C] (Hercules®) -- C:\Windows\System32\HDJAsioCpl.dll
[2010.08.21 13:11:20 | 000,066,048 | ---- | C] (Hercules®) -- C:\Windows\System32\HDJAsiou.dll
[2010.08.21 13:11:20 | 000,025,088 | ---- | C] (© Guillemot R&D, 2010. All rights reserved.) -- C:\Windows\System32\drivers\HDJCtrl.sys
[2010.08.21 13:11:20 | 000,000,000 | ---D | C] -- C:\Programme\Guillemot
[2010.08.21 13:11:19 | 000,380,928 | ---- | C] (Hercules(R)) -- C:\Windows\System32\HDJAPI.dll
[2010.08.21 13:11:19 | 000,282,624 | ---- | C] (Hercules®) -- C:\Windows\System32\HDJSeries.cpl
[2010.08.21 13:11:19 | 000,110,592 | ---- | C] (Hercules(R)) -- C:\Windows\System32\HRFDongle.dll
[2010.08.21 13:11:19 | 000,073,728 | ---- | C] (Hercules(R)) -- C:\Windows\System32\HDJSAPI.dll
[2010.08.21 13:07:23 | 000,000,000 | ---D | C] -- C:\Programme\Hercules
[2010.08.19 12:18:20 | 000,000,000 | ---D | C] -- C:\Programme\MagicISO
[2010.08.19 12:08:59 | 000,000,000 | ---D | C] -- C:\Programme\AnyToISO
[2010.08.17 16:48:21 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\Leadertech
[2010.08.16 17:28:18 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Roaming\InstallShield
[2010.08.16 17:24:03 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010.07.31 12:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.07.31 11:38:42 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\StarCraft II
[2010.07.31 11:38:42 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Blizzard Entertainment
[2010.07.31 11:38:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.07.21 10:49:25 | 000,000,000 | ---D | C] -- C:\Users\Sascha\Documents\My Games
[2010.07.21 10:49:25 | 000,000,000 | ---D | C] -- C:\Users\Sascha\AppData\Local\My Games
[2010.04.21 16:30:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Sascha\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010.10.12 12:56:33 | 000,840,192 | ---- | M] () -- C:\Windows\System32\drivers\ptqdjtpa.sys
[2010.10.12 12:56:32 | 000,565,248 | ---- | M] () -- C:\Windows\System32\drivers\mqysda.sys
[2010.10.12 12:52:30 | 000,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.12 12:52:30 | 000,005,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.12 12:52:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.12 12:52:19 | 3211,845,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.12 12:03:05 | 000,000,176 | ---- | M] () -- C:\Users\Sascha\defogger_reenable
[2010.10.12 11:51:35 | 000,000,733 | ---- | M] () -- C:\Users\Sascha\Desktop\NTREGOPT.lnk
[2010.10.12 11:51:35 | 000,000,714 | ---- | M] () -- C:\Users\Sascha\Desktop\ERUNT.lnk
[2010.10.12 11:45:25 | 000,000,836 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.12 11:44:44 | 000,284,915 | ---- | M] () -- C:\Users\Sascha\Desktop\Gmer.zip
[2010.10.12 11:44:44 | 000,050,477 | ---- | M] () -- C:\Users\Sascha\Desktop\defogger.exe
[2010.10.12 09:56:02 | 134,722,543 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.10.11 23:22:53 | 000,421,636 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.10.09 10:19:54 | 000,000,120 | ---- | M] () -- C:\Users\Sascha\AppData\Local\Nzarilekihibazu.dat
[2010.10.09 10:19:54 | 000,000,000 | ---- | M] () -- C:\Users\Sascha\AppData\Local\Dbagaxuve.bin
[2010.10.08 12:06:07 | 000,050,688 | -H-- | M] () -- C:\Windows\System32\autoacls.dll
[2010.10.08 12:06:05 | 000,000,020 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\ldcpfk.dat
[2010.10.07 11:02:18 | 000,012,115 | ---- | M] () -- C:\Users\Sascha\Documents\premiere widerruf.odt
[2010.10.04 21:38:33 | 000,623,042 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.04 21:38:33 | 000,591,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.04 21:38:33 | 000,124,978 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.04 21:38:33 | 000,102,996 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.04 14:44:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.10.04 13:10:38 | 000,026,624 | ---- | M] () -- C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.09.23 21:06:12 | 000,445,016 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.09.23 21:06:12 | 000,109,144 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.09.14 09:17:20 | 000,087,608 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\inst.exe
[2010.09.14 09:17:20 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Sascha\AppData\Roaming\pcouffin.sys
[2010.09.14 09:17:20 | 000,007,887 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.cat
[2010.09.14 09:17:20 | 000,001,144 | ---- | M] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.inf
[2010.09.11 08:29:48 | 000,000,000 | ---- | M] () -- C:\Windows\DbgOut.INI
[2010.08.31 16:42:41 | 000,037,498 | ---- | M] () -- C:\Users\Sascha\Documents\cc_20100831_164235.reg
[2010.08.21 13:14:56 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HDJAsioK_01009.Wdf
[2010.08.21 13:13:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_HDJBulk_01009.Wdf
[2010.08.21 13:13:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.08.20 09:27:37 | 000,001,040 | ---- | M] () -- C:\Users\Sascha\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.19 12:18:21 | 000,001,608 | ---- | M] () -- C:\Users\Sascha\Desktop\MagicISO.lnk
[2010.08.11 20:15:03 | 000,248,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.31 11:45:53 | 000,000,676 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.07.28 19:10:48 | 001,380,352 | ---- | M] (Blue Ripple Sound Limited) -- C:\Windows\System32\rapture3d_oal.dll
 
========== Files Created - No Company Name ==========
 
[2010.10.12 12:10:05 | 000,293,376 | ---- | C] () -- C:\Users\Sascha\Desktop\gmer.exe
[2010.10.12 12:02:55 | 000,000,176 | ---- | C] () -- C:\Users\Sascha\defogger_reenable
[2010.10.12 11:51:35 | 000,000,733 | ---- | C] () -- C:\Users\Sascha\Desktop\NTREGOPT.lnk
[2010.10.12 11:51:35 | 000,000,714 | ---- | C] () -- C:\Users\Sascha\Desktop\ERUNT.lnk
[2010.10.12 11:45:25 | 000,000,836 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.12 11:44:07 | 000,050,477 | ---- | C] () -- C:\Users\Sascha\Desktop\defogger.exe
[2010.10.12 11:43:47 | 000,284,915 | ---- | C] () -- C:\Users\Sascha\Desktop\Gmer.zip
[2010.10.12 09:56:02 | 134,722,543 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.10.09 12:22:43 | 000,840,192 | ---- | C] () -- C:\Windows\System32\drivers\ptqdjtpa.sys
[2010.10.08 12:07:55 | 000,000,120 | ---- | C] () -- C:\Users\Sascha\AppData\Local\Nzarilekihibazu.dat
[2010.10.08 12:07:55 | 000,000,000 | ---- | C] () -- C:\Users\Sascha\AppData\Local\Dbagaxuve.bin
[2010.10.08 12:06:40 | 000,565,248 | ---- | C] () -- C:\Windows\System32\drivers\mqysda.sys
[2010.10.08 12:06:07 | 000,050,688 | -H-- | C] () -- C:\Windows\System32\autoacls.dll
[2010.10.08 12:06:04 | 000,000,020 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\ldcpfk.dat
[2010.10.07 11:02:15 | 000,012,115 | ---- | C] () -- C:\Users\Sascha\Documents\premiere widerruf.odt
[2010.09.21 11:52:18 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.09.11 08:29:48 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2010.08.31 16:42:37 | 000,037,498 | ---- | C] () -- C:\Users\Sascha\Documents\cc_20100831_164235.reg
[2010.08.21 13:14:56 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HDJAsioK_01009.Wdf
[2010.08.21 13:13:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_HDJBulk_01009.Wdf
[2010.08.21 13:13:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2010.08.21 13:12:51 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.08.19 12:18:21 | 000,001,608 | ---- | C] () -- C:\Users\Sascha\Desktop\MagicISO.lnk
[2010.08.16 17:28:25 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2010.08.16 17:28:25 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2010.08.16 17:28:25 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2010.08.16 17:28:25 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2010.08.16 17:28:25 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2010.08.16 17:28:25 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2010.08.16 17:28:25 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2010.08.16 17:28:25 | 000,013,732 | ---- | C] () -- C:\Windows\System32\EPPICLocal_EN.cfg
[2010.08.16 17:28:25 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2010.08.16 17:28:25 | 000,006,442 | ---- | C] () -- C:\Windows\System32\EPPICLocal_IT.cfg
[2010.08.16 17:28:25 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_PT.cfg
[2010.08.16 17:28:25 | 000,006,347 | ---- | C] () -- C:\Windows\System32\EPPICLocal_BP.cfg
[2010.08.16 17:28:25 | 000,006,335 | ---- | C] () -- C:\Windows\System32\EPPICLocal_GE.cfg
[2010.08.16 17:28:25 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_FR.cfg
[2010.08.16 17:28:25 | 000,006,195 | ---- | C] () -- C:\Windows\System32\EPPICLocal_CF.cfg
[2010.08.16 17:28:25 | 000,006,122 | ---- | C] () -- C:\Windows\System32\EPPICLocal_DU.cfg
[2010.08.16 17:28:25 | 000,006,103 | ---- | C] () -- C:\Windows\System32\EPPICLocal_ES.cfg
[2010.08.16 17:28:25 | 000,005,817 | ---- | C] () -- C:\Windows\System32\EPPICLocal_KO.cfg
[2010.08.16 17:28:25 | 000,005,436 | ---- | C] () -- C:\Windows\System32\EPPICLocal_SC.cfg
[2010.08.16 17:28:25 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2010.08.16 17:28:25 | 000,002,889 | ---- | C] () -- C:\Windows\System32\EPPICLocal_RU.cfg
[2010.08.16 17:28:25 | 000,002,426 | ---- | C] () -- C:\Windows\System32\EPPICLocal_TC.cfg
[2010.08.16 17:28:25 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2010.08.16 17:28:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2010.08.16 17:28:25 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2010.08.16 17:28:25 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2010.08.16 17:28:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2010.08.16 17:28:25 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2010.08.16 17:28:25 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2010.08.16 17:28:25 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2010.08.16 17:28:25 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2010.08.16 17:28:25 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2010.07.31 11:38:42 | 000,000,676 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2010.04.21 16:31:26 | 000,000,033 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.log
[2010.04.21 16:30:33 | 000,087,608 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\inst.exe
[2010.04.21 16:30:33 | 000,007,887 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.cat
[2010.04.21 16:30:33 | 000,001,144 | ---- | C] () -- C:\Users\Sascha\AppData\Roaming\pcouffin.inf
[2010.04.13 20:59:17 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.03.29 11:58:05 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.03.29 11:58:05 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.02.25 15:55:54 | 000,026,624 | ---- | C] () -- C:\Users\Sascha\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.18 14:47:35 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.16 14:57:33 | 000,001,065 | ---- | C] () -- C:\Windows\winamp.ini
[2010.02.16 11:04:02 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2010.02.16 11:04:02 | 000,012,400 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2010.02.16 11:04:01 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2010.02.16 11:04:01 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2010.02.16 10:59:26 | 000,034,961 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.02.16 10:59:06 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2010.02.16 10:59:02 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.02.16 10:58:56 | 000,027,078 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.02.16 10:58:56 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2010.02.16 10:52:06 | 000,000,680 | ---- | C] () -- C:\Users\Sascha\AppData\Local\d3d9caps.dat
[2009.12.11 21:49:46 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2009.12.03 09:27:28 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2010.03.07 20:12:13 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\CD-LabelPrint
[2010.02.16 15:55:19 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\DAEMON Tools Lite
[2010.08.20 09:27:38 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.06 18:48:37 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\GrabIt
[2010.08.09 21:55:05 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\ICQ
[2010.09.01 20:45:37 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Kalypso Media
[2010.08.17 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Leadertech
[2010.09.29 19:03:00 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\MoveFab
[2010.03.29 09:39:01 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Nokia
[2010.02.16 16:08:40 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\OpenOffice.org
[2010.03.03 11:48:41 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\PC Suite
[2010.02.16 15:58:47 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\phonostar GmbH
[2010.04.07 16:41:11 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Publish Providers
[2010.02.16 15:28:07 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\ROCCAT
[2010.04.07 16:41:12 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Sony
[2010.06.29 13:57:18 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Teleca
[2010.09.01 01:52:28 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Thunderbird
[2010.03.29 11:30:49 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Ubisoft
[2010.09.14 09:17:20 | 000,000,000 | ---D | M] -- C:\Users\Sascha\AppData\Roaming\Vso
[2010.08.31 17:40:52 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 00:36:38 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010.02.16 10:42:37 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.10.12 12:52:19 | 3211,845,632 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.12 12:52:18 | 3525,439,488 | -HS- | M] () -- C:\pagefile.sys
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:35:34 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:35:34 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:35:34 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010.02.18 14:58:57 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.09.12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD86.DLL
[2006.09.12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP86.DLL
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2010.02.18 14:39:57 | 000,000,174 | -HS- | M] () -- C:\Programme\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 00:27:48 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 00:28:24 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 00:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.19 00:37:10 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2010.02.16 14:20:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.02.16 14:20:47 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2010.02.16 14:20:46 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2010.02.16 14:45:35 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2010.02.16 14:45:34 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2010.02.16 14:20:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 11:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 00:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 00:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 00:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 00:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-10-12 08:02:39
 
< End of report >
         
--- --- ---




Und der Extra.txtOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12.10.2010 12:54:39 - Run 1
OTL by OldTimer - Version 3.2.15.1     Folder = C:\Users\Sascha\Desktop\MFTools
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 97,69 Gb Total Space | 56,42 Gb Free Space | 57,75% Space Free | Partition Type: NTFS
Drive D: | 189,92 Gb Total Space | 87,32 Gb Free Space | 45,98% Space Free | Partition Type: NTFS
Drive E: | 92,23 Gb Total Space | 42,42 Gb Free Space | 45,99% Space Free | Partition Type: NTFS
 
Computer Name: SASCHA-PC | User Name: Sascha | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1035840019-467652792-3280127130-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B5BF35B-E4C2-4959-8AEE-BF7150DE17C8}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{0EAEA6D1-D923-4B18-8AA9-AB04AA008BC0}" = protocol=6 | dir=in | app=d:\games\f1 2010\f1_2010_game.exe | 
"{170C3E5A-1DAD-452A-BAAE-9E55EA1C67D1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{22F80E7B-AFC2-4825-AB70-B183C6F918B0}" = protocol=17 | dir=in | app=d:\games\css\steam.exe | 
"{26C1F2B4-DFE3-4638-87D9-C75ABCFD49A1}" = protocol=17 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe | 
"{29313932-185F-4E00-92C9-A2E7835ADA3A}" = protocol=6 | dir=in | app=d:\games\css\steam.exe | 
"{30BB3EE1-02C4-4023-8D9D-7E84C27A8D29}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{36751F8F-7F49-41F4-818C-9AE7C347872D}" = protocol=17 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe | 
"{53B8D56D-BCBD-426D-99F5-0D5BCE69CB54}" = protocol=17 | dir=in | app=d:\games\f1 2010\f1_2010_game.exe | 
"{562D4020-3BC2-410D-A33B-49581095282E}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 
"{57435269-DCF8-4C68-B29A-25FEF0D7491F}" = protocol=17 | dir=in | app=d:\games\css\steamapps\pillepalle24\counter-strike source\hl2.exe | 
"{5F4ED45F-A4FD-481D-A1E5-6B058AB58B54}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{6A52B2AE-11F5-4B47-A4AE-8A46822EF617}" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe | 
"{6CA3D546-C1C6-43F4-BA26-A247C5DDE2CB}" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{774DA7BB-E387-4C08-B6B4-ADDD19D5E88D}" = protocol=6 | dir=in | app=d:\games\mass effect 2\masseffect2launcher.exe | 
"{823DBF3F-B227-4A9F-972A-09F886E4EF03}" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe | 
"{84F0C3E5-98BC-446E-A903-3E0A77040CE1}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{980224B6-3C4D-4EB0-860D-4B030F0A5E91}" = protocol=6 | dir=in | app=d:\games\battlefield bad company 2\bfbc2updater.exe | 
"{A16283B5-3BF5-4AD1-8D52-6BD8889EAE78}" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe | 
"{A448F484-C375-4B04-807A-0F2BF9C88680}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{C29AD39D-4FEC-4518-98FF-6CD4767BA4DD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{CD03A6B3-2F24-415E-A3F2-41E1293081A9}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{E229B609-42DF-4C18-A5F9-4B023B01CE3F}" = protocol=6 | dir=in | app=d:\games\css\steamapps\pillepalle24\counter-strike source\hl2.exe | 
"{E246D735-8936-4BEC-9AB8-FF0DE36BB02F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{E7E59E97-EEFA-4B2B-95B5-2C6CCD160A02}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"TCP Query User{0D95DF71-3754-4E45-824D-0968D24DC369}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=6 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe | 
"TCP Query User{0E63EDD2-C529-47E9-9A81-0D40ED0F5B89}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{1757AD76-941D-4B73-9827-279B021BA994}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"TCP Query User{27EE65DA-DCF5-46D9-B659-F24CA9C15B2D}C:\program files\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files\trillian\trillian.exe | 
"TCP Query User{28F1FFB2-6FBD-4AE4-B32E-138A66155572}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{4FF728D9-7E85-418C-ACBD-99BC6CAABCFC}D:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=6 | dir=in | app=d:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"TCP Query User{6B10DA63-2C5F-489F-B116-E349D3F21908}D:\games\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe | 
"TCP Query User{89AD0920-1011-4759-8FAB-98D3F601DC71}D:\games\mass effect 2\binaries\masseffect2.exe" = protocol=6 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe | 
"TCP Query User{AB895804-226F-4DDF-BBEA-513F379A3E79}C:\program files\virtualdj\virtualdj_trial.exe" = protocol=6 | dir=in | app=c:\program files\virtualdj\virtualdj_trial.exe | 
"TCP Query User{C5FD5A28-113E-4F87-B0F8-1CA45E6D6408}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{3901569E-7B1F-44DA-A9FE-AF1C2386C816}D:\games\mass effect 2\binaries\masseffect2.exe" = protocol=17 | dir=in | app=d:\games\mass effect 2\binaries\masseffect2.exe | 
"UDP Query User{44E56894-8CB7-4FB0-85BC-E2F3CFDD1DA6}C:\program files\guillemot\tools\giwebupdater.exe" = protocol=17 | dir=in | app=c:\program files\guillemot\tools\giwebupdater.exe | 
"UDP Query User{56893B09-F268-434F-81B3-53810CEEA7B5}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 
"UDP Query User{5B8481B8-75F9-4ACE-850C-785F7314CA04}D:\games\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=d:\games\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{7FF6C266-27E1-4A99-AB4E-D4E42A3AC6F7}D:\games\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=d:\games\anno 1404\tools\anno4web.exe | 
"UDP Query User{8252016F-F821-4BE9-B8DE-4765A32844E5}C:\program files\virtualdj\virtualdj_trial.exe" = protocol=17 | dir=in | app=c:\program files\virtualdj\virtualdj_trial.exe | 
"UDP Query User{86242732-D050-486B-8370-475BE9899AEA}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{9FB220B9-CFC5-4B3C-B006-2BAFA00D2138}D:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe" = protocol=17 | dir=in | app=d:\games\siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"UDP Query User{CA4ADF9E-E279-4C90-926B-0AFB9F9C8B87}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{FFBD28D8-5670-48F8-BE53-ECF6D26E2D75}C:\program files\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files\trillian\trillian.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0FEA9A38-B993-0969-3A78-4D5CDDACEFEE}" = ATI Catalyst Install Manager
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{125BA25B-8D21-4029-AA06-47C3AA327AA7}" = Browser Configuration Utility
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{25B473C3-2C62-482B-858F-94ED76880F79}" = Patrizier 4
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{31ECA0DA-4EE0-8C1E-484A-C304BAA9179A}" = Catalyst Control Center Graphics Previews Common
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{3878A9A3-2448-7607-01EA-0DB9E31B7242}" = Catalyst Control Center Graphics Previews Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"{43FFE159-3199-4188-A1CD-629166AD1031}" = Nero 7 Ultra Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5ABEEB79-8088-45AD-9CF1-DE72C059AD04}" = DJ Console MK2 Manuals
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7397EDED-F38A-4654-B669-BF61065803D0}" = PC Connectivity Solution
"{75670A63-A18E-5066-0A78-93F6865BA3AA}" = ccc-core-static
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845FDC75-F31E-A75A-4300-593CAB195847}" = ccc-utility
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{94FB5B63-A65F-7E5D-560D-A79FB29EA52F}" = Catalyst Control Center InstallProxy
"{9699C9AA-8990-904D-FD1B-D931E437434D}" = CCC Help English
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{98B8052E-1E55-41D4-9A03-E2F718825D38}" = HTC Sync
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9ECE13D2-C028-44CB-8A96-A65196E7BBE7}_is1" = Convert AVI to MP4 1.3
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyToISO_is1" = AnyToISO
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"DivX Codec" = DivX Codec
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab 8_is1" = DVDFab 8.0.0.2 (23/08/2010)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"EA Download Manager" = EA Download Manager
"EPSON S21 Series" = Druckerdeinstallation für EPSON S21 Series
"ERUNT_is1" = ERUNT 1.1j
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube Download_is1" = Free YouTube Download 2.6
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GFWL_{434D0831-3E0C-4D03-A5D4-5E1000008400}" = F1 2010
"GrabIt_is1" = GrabIt 1.7.2 Beta 4 (build 997)
"GutscheinFinder" = GutscheinFinder
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"Mafia II DLC Jimmy's Vendetta_is1" = Mafia II DLC Jimmy's Vendetta
"Mafia II_is1" = Mafia II
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"OpenAL" = OpenAL
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.3
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickPar" = QuickPar 0.9
"StarCraft II" = StarCraft II
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.10.2010 04:57:20 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 05:48:29 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 05:48:29 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 06:01:18 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 06:01:18 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 06:05:22 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 06:05:22 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 06:13:54 | Computer Name = Sascha-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 12.10.2010 06:52:45 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 12.10.2010 06:52:45 | Computer Name = Sascha-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ System Events ]
Error - 12.08.2010 11:07:54 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 22.08.2010 10:33:43 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 22.08.2010 10:33:43 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 08.09.2010 15:51:52 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 08.09.2010 15:51:52 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 24.09.2010 05:25:27 | Computer Name = Sascha-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 02.10.2010 11:17:35 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 08.10.2010 06:07:11 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 09.10.2010 04:22:07 | Computer Name = Sascha-PC | Source = WinDefend | ID = 3006
Description = Bei den Maßnahmen gegen Spyware und möglicherweise unerwünschte Software
 wurde vom %%827-Echtzeitschutz-Agent ein Fehler festgestellt.    Weitere Informationen
 finden Sie hier:  hxxp://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Hiloti.gen!D&threatid=147238
 
    Scan-ID:
 {B177CAB3-B2CC-4F76-BF3F-E2DE64EBDD84}      Benutzer: Sascha-PC\Sascha     Name: Trojan:Win32/Hiloti.gen!D
 
    ID:
 147238     Schweregrad-ID: 5     Kategorie-ID: 8     Pfad:      Warnungsart: %%805     Aktion: %%811     Fehlercode:
 0x80508022     Fehlerbeschreibung: Sie müssen den Computer neu starten, um die Entfernung
 der Spyware oder anderer potenziell unerwünschter Software abzuschließen. 
 
Error - 12.10.2010 05:46:42 | Computer Name = Sascha-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >
         
--- --- ---






So, ich hoffe das hilft euch weiter, um mein Problem zu lösen. Schoneinmal danke im Vorraus

Antwort

Themen zu Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-(
andere, antivir, avgntflt.sys, brauche, components, compu, computer, computern, conduit, corp./icp, counter-strike source, diverse, dringend, firefox.exe, hoffe, ieframe.dll, immer wieder, install.exe, local\temp, location, maßnahme, mehrere trojaner, mozilla thunderbird, neu, nvstor.sys, oldtimer, otl logfile, problem, programdata, programme, required, safer networking, saver, scan, scanner, searchplugins, shell32.dll, start menu, system restore, teilweise, troja, trojaner, trojanern, virenscan, virenscanner, wenig, windoof, wirklich



Ähnliche Themen: Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-(


  1. Trojan.Bubnix in c:\windows\system32\drivers\nqpqz.sys
    Plagegeister aller Art und deren Bekämpfung - 15.03.2011 (14)
  2. Trojan:WinNT/Bubnix.gen!A - lässt sich nicht entfernen
    Log-Analyse und Auswertung - 15.10.2010 (1)
  3. RKIT/Bubnix und TR/CRYPT.ZPACK -- Brauche dringend Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 14.10.2010 (2)
  4. TrojanDownloader:Win32/Bubnix.A
    Plagegeister aller Art und deren Bekämpfung - 16.09.2010 (4)
  5. Rootkit (Win32:Bubnix-J[Rtk]) wie sicher löschen?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2010 (15)
  6. Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys
    Plagegeister aller Art und deren Bekämpfung - 20.08.2010 (23)
  7. RKIT/Bubnix.AU in C:\Windows\System32\drivers\jzhkpqtl.sys
    Plagegeister aller Art und deren Bekämpfung - 17.08.2010 (24)
  8. Mehrere Trojaner entfernt (Zbot-MemA, Bredolab) System sicher?
    Plagegeister aller Art und deren Bekämpfung - 29.07.2010 (11)
  9. Trojan:WinNT/Bubnix.gen!A - wie werde ich den los??
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (1)
  10. Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (10)
  11. Antivir - TR/Bredolab.30208 und RKIT/Bubnix.S
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (1)
  12. Antivir findet folgende Trojaner; TR/Bredolab.30208 und RKIT/Bubnix.S
    Plagegeister aller Art und deren Bekämpfung - 27.05.2010 (14)
  13. TrojanDownloader:Win32/Bubnix.A & Co. Problem :(
    Plagegeister aller Art und deren Bekämpfung - 24.05.2010 (12)
  14. Rootkit RKIT/Bubnix.S in C:\Windows\System32\drivers\...sys gefunden
    Log-Analyse und Auswertung - 20.05.2010 (3)
  15. Trojanerr Epidemie- Agent.AN260, 261, 262, Agent.dyur, Bubnix.S
    Plagegeister aller Art und deren Bekämpfung - 20.05.2010 (25)
  16. RKIT/Bubnix.S HILFE
    Plagegeister aller Art und deren Bekämpfung - 14.05.2010 (2)
  17. erst Trojaner und jetzt Backdoor 'BDS/Bredolab.UI'
    Plagegeister aller Art und deren Bekämpfung - 20.09.2009 (3)

Zum Thema Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-( - Hallo, ich brauche dringend eure Hilfe. Mein Virenscanner Antivir zeigt mir immer wieder die oben genannten Trojaner an, kann sie aber wohl nicht löschen. Auch diverse andere Programme brachten keine - Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-(...
Archiv
Du betrachtest: Mehrere Trojaner wie Bubnix.ZM, Bubnix.abd.1, Bredolab.AA.312 :-( auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.