Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 24.10.2010, 12:44   #1
SilverSurger
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



//edit: Sorry, ich hab glaub ich das falsche Forum erwischt, ich bitte zu verschieben! Danke!!


Hallo liebe Community!

Ich habe mir gestern "Anti Malware Doctor" eingefangen und nach der Anleitung aus eurem Board wieder entfernt.
Malwarebytes Anti Malware hatte ich bereits installiert, ging somit einwandfrei.
Malewarebytes hat 10 Infizierungen gefunden:

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4923

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

23.10.2010 17:35:26
mbam-log-2010-10-23 (17-35-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 336786
Laufzeit: 3 Stunde(n), 56 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 1
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Users\SilverSurger\AppData\Local\Temp\BB33.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\SilverSurger\AppData\Local\Temp\C439.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\3016.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Antimalware Doctor.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antimalware Doctor\Uninstall.lnk (Rogue.AntiMalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\SilverSurger\Desktop\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\SilverSurger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Antimalware Doctor.lnk (Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.
Danach hab ich KIS2010 drüberlaufen lassen, hat allerdings keine Infizierungen mehr gefunden.

Leider läuft der Systemstart seit der Infizierung aber extrem langsam, IExplore stürzt ständig ab, auch andere Programme frieren gerne ein und alles in allem läuft alles sehr schleppend.

Darum bitte ich euch die OTL logfiles anzusehen und mir zu sagen was ich noch machen kann.

Vielen Dank!!

OTL.txt
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 24.10.2010 13:32:03 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\SilverSurger\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,48 Gb Total Space | 90,45 Gb Free Space | 39,94% Space Free | Partition Type: NTFS
Drive D: | 226,51 Gb Total Space | 185,60 Gb Free Space | 81,94% Space Free | Partition Type: NTFS
Drive E: | 114,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ACER-PC | User Name: SilverSurger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\SilverSurger\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe (mst software GmbH, Germany)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\SilverSurger\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\SysHook.dll (Acer Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mysql) -- d:\xampp\mysql\bin\mysqld.exe File not found
SRV - (FileZilla Server) -- d:\xampp\FileZillaFTP\FileZillaServer.exe File not found
SRV - (Apache2.2) -- d:\xampp\apache\bin\httpd.exe File not found
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe (mst software GmbH, Germany)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WPRO_40_1123) WinPcap Packet Driver (WPRO_40_1123) -- C:\Windows\System32\drivers\WPRO_40_1123.sys File not found
DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found
DRV - (vmkbd) --  File not found
DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (leafnets) -- C:\Windows\System32\drivers\leafnets.sys (Leaf Networks)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://chameleontom.iamwired.net/search.php?src=tops&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..keyword.URL: "hxxp://chameleontom.iamwired.net/search.php?src=tops&q="
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.01 22:27:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.21 15:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 15:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.21 15:46:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.16 18:50:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.07.15 19:21:33 | 000,000,000 | ---D | M]
 
[2010.09.16 19:57:17 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions
[2010.09.16 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.06 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010.10.23 17:42:21 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Firefox\Profiles\suj645lk.default\extensions
[2010.10.19 06:12:23 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-1.xml
[2010.03.23 20:10:10 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-2.xml
[2010.04.03 13:39:44 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-3.xml
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin.xml
[2010.02.09 19:15:18 | 000,005,395 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\Search.xml
[2010.08.22 14:59:56 | 000,001,379 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\winamp-search.xml
[2010.10.23 21:42:27 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.18 09:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.07.18 09:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009.09.13 23:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010.08.01 09:33:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 09:33:51 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.01 09:33:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.01 09:33:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.01 09:33:52 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.02.13 19:30:36 | 000,000,968 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1				activate.adobe.com
O1 - Hosts: 127.0.0.1 im.adtech.de
O1 - Hosts: 127.0.0.1 adserver.adtech.de
O1 - Hosts: 127.0.0.1 adtech.de
O1 - Hosts: 127.0.0.1 atwola.com
O1 - Hosts: 127.0.0.1 adserver.71i.de
O1 - Hosts: 127.0.0.1 adicqserver.71i.de
O1 - Hosts: 127.0.0.1 71i.de
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [Miranda Fusion] C:\Program Files\MirandaFusion\mfstart.exe (Miranda Fusion Team)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O4 - HKLM..\RunOnce: [Remove Uninstaller for VMware Player]  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.173.72.3 213.173.72.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\mzvkbd3.dll) - C:\ProgramData\AVP11\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~2\AVP11\kloehk.dll) - C:\ProgramData\AVP11\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\web\wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\web\wallpaper\img24.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.03 21:06:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.03.27 12:25:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell - "" = AutoRun
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.24 13:30:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\SilverSurger\Desktop\OTL.exe
[2010.10.23 17:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.10.23 13:17:02 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4
[2010.10.18 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Documents\Bewerbungen
[2010.10.17 12:19:31 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\NTI-Shadow
[2010.10.17 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems
[2010.10.17 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield Installation Information
[2010.10.17 12:18:01 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield
[2010.10.16 20:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin
[2010.10.15 20:05:54 | 000,000,000 | R-SD | C] -- C:\Users\SilverSurger\Documents\My Stationery
[2010.10.14 01:27:44 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.14 01:27:44 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.14 01:27:44 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.14 01:27:44 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.14 01:27:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.14 01:27:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.14 01:27:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.14 01:27:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.14 01:27:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.14 01:27:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.14 01:27:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.14 01:27:43 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.14 01:27:37 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.14 01:27:37 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.14 01:27:35 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.14 01:27:34 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.14 01:27:33 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.14 01:27:32 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.02 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Documents\Virtual Machines
[2010.10.02 21:57:45 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Local\VMware
[2010.10.02 21:57:38 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\VMware
[2010.10.02 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010.10.02 20:43:03 | 000,295,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcvmm.sys
[2010.10.02 20:43:02 | 003,330,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpc.exe
[2010.10.02 20:43:02 | 002,171,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCWizard.exe
[2010.10.02 20:43:02 | 001,003,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMWindow.exe
[2010.10.02 20:35:58 | 000,000,000 | R--D | C] -- C:\Users\SilverSurger\Virtual Machines
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Virtual PC
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA
[2010.10.02 20:25:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpchbus.sys.mui
[2010.10.02 20:25:20 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpchbus.sys.mui
[2010.10.02 20:25:20 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpchbus.sys.mui
[2010.10.02 20:25:20 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpchbus.sys.mui
[2010.10.02 20:25:20 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpchbus.sys.mui
[2010.10.02 20:25:20 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpchbus.sys.mui
[2010.10.02 20:25:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpchbus.sys.mui
[2010.10.02 20:25:20 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vpchbuspipe.dll
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpchbus.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcuxd.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcusb.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcnfltr.sys.mui
[2010.10.02 20:25:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcvmm.sys.mui
[2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\el-GR\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nl-NL\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcuxd.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcusb.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-TW\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\zh-CN\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\tr-TR\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\th-TH\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\sv-SE\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ru-RU\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ro-RO\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-PT\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pt-BR\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\pl-PL\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\nb-NO\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ko-KR\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ja-JP\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\it-IT\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hu-HU\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\he-IL\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fr-FR\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\fi-FI\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\es-ES\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\en-US\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\da-DK\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\cs-CZ\vpcnfltr.sys.mui
[2010.10.02 20:25:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ar-SA\vpcnfltr.sys.mui
[2010.10.02 20:25:17 | 000,165,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpchbus.sys
[2010.10.02 20:25:17 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcusb.sys
[2010.10.02 20:25:17 | 000,055,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\vpcnfltr.sys
[2010.10.02 20:25:16 | 001,260,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VPCSettings.exe
[2010.10.02 20:25:16 | 000,559,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VMCPropertyHandler.dll
[2010.10.02 20:25:15 | 000,793,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vmsal.exe
[2010.10.02 20:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010.09.29 03:00:36 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.09.29 01:18:13 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.09.26 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\copy trans manager
[2010.09.26 19:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Idle LE
[2010.09.26 19:35:32 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_edit_w7sbc.exe
[2010.09.26 19:35:32 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_w7sbc.exe
[2010.09.26 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC
[2010.09.26 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\orb
[2010.09.26 18:26:05 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Taskbar
[2010.09.26 17:34:35 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2010.09.26 12:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.09.26 12:05:52 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll.backup
[2010.09.24 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog
[2010.06.26 19:58:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFF7.dll
[2008.12.25 08:31:08 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.24 13:14:24 | 000,656,040 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.24 13:14:24 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.24 13:14:24 | 000,130,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.24 13:14:24 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.24 13:00:27 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.24 13:00:27 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.24 12:52:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.24 12:52:40 | 2411,876,352 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.24 11:07:03 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001UA.job
[2010.10.23 17:38:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.10.23 17:38:22 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.10.23 13:36:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\SilverSurger\Desktop\OTL.exe
[2010.10.23 10:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001Core.job
[2010.10.19 11:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.17 12:19:03 | 000,002,268 | ---- | M] () -- C:\Users\SilverSurger\Desktop\NTI Shadow for ReadyNAS.lnk
[2010.10.17 12:18:06 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTSHDW3.dll
[2010.10.16 20:19:26 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2010.10.16 18:50:29 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.14 03:22:04 | 002,530,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.02 21:52:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010.10.02 20:08:04 | 000,000,035 | ---- | M] () -- C:\Windows\lg.ini
[2010.10.02 19:36:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.02 19:36:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.10.01 19:41:49 | 000,001,204 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010.09.26 12:05:52 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll
[2010.09.26 12:05:39 | 000,758,040 | ---- | M] () -- C:\Windows\UTP.exe
[2010.09.24 20:05:05 | 000,000,210 | ---- | M] () -- C:\Users\SilverSurger\Documents\autotyper.scar
[2010.09.24 19:25:01 | 000,002,306 | ---- | M] () -- C:\Users\SilverSurger\Documents\fischen.scar
[2 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.10.17 12:19:03 | 000,002,268 | ---- | C] () -- C:\Users\SilverSurger\Desktop\NTI Shadow for ReadyNAS.lnk
[2010.10.17 12:18:06 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTSHDW3.dll
[2010.10.16 20:19:26 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2010.10.16 18:50:29 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.02 21:52:37 | 000,001,024 | ---- | C] () -- C:\.rnd
[2010.10.02 20:08:04 | 000,000,035 | ---- | C] () -- C:\Windows\lg.ini
[2010.10.02 19:36:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.10.02 19:36:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.09.26 19:40:24 | 000,017,408 | ---- | C] () -- C:\Windows\Shortcut.exe
[2010.09.26 12:05:39 | 000,758,040 | ---- | C] () -- C:\Windows\UTP.exe
[2010.09.24 20:05:04 | 000,000,210 | ---- | C] () -- C:\Users\SilverSurger\Documents\autotyper.scar
[2010.05.28 19:18:52 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.04.22 17:23:25 | 000,003,584 | ---- | C] () -- C:\Users\SilverSurger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.07 18:19:50 | 000,688,128 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2010.04.07 18:19:50 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009.11.14 12:29:01 | 000,004,140 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.10.26 08:38:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.12 01:11:18 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.09.06 12:26:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.09.06 12:26:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.07 18:01:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.03 12:48:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.13 17:20:26 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009.02.16 22:21:31 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI
[2008.12.24 23:42:13 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini
[2008.12.24 23:41:05 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.11.20 06:06:51 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.11.20 05:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.20 05:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.11 05:27:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.11 05:27:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.11.11 05:27:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.11.11 05:26:52 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.04.13 14:32:42 | 000,000,000 | -HSD | M] -- C:\Users\SilverSurger\AppData\Roaming\.#
[2009.10.26 07:26:29 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Acer GameZone Console
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Artisteer
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Ashampoo
[2010.01.03 21:20:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Autodesk
[2009.10.28 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\BitDefender
[2010.09.17 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\CometPlayer
[2010.06.18 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Lite
[2010.05.28 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Pro
[2009.11.24 20:02:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAZ 3D
[2010.10.23 13:30:30 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4
[2010.01.09 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Easy Thumbnails
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\eSobi
[2010.09.24 19:51:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog
[2010.10.12 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\FileZilla
[2010.02.13 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\GrabPro
[2009.12.09 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HartlauerFotoService3
[2010.08.27 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ICQ
[2010.08.27 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Miranda Fusion
[2010.10.17 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems
[2010.02.13 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\OCS
[2010.02.13 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Opera
[2010.08.08 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Orbit
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\PC Suite
[2010.06.26 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Samsung
[2010.03.17 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ScummVM
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\SoftDMA
[2010.06.26 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Sony
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Stardock
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TeamViewer
[2010.09.16 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Thunderbird
[2010.01.09 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TigerPlayer
[2010.09.06 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Vivox
[2010.09.10 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\WindSolutions
[2010.10.24 13:30:12 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.txt:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 24.10.2010 13:32:03 - Run 1
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\SilverSurger\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,48 Gb Total Space | 90,45 Gb Free Space | 39,94% Space Free | Partition Type: NTFS
Drive D: | 226,51 Gb Total Space | 185,60 Gb Free Space | 81,94% Space Free | Partition Type: NTFS
Drive E: | 114,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ACER-PC | User Name: SilverSurger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\encryption.exe:*:Enabled:encryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\decryption.exe:*:Enabled:decryption -- ( Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSfsu.exe:*:Enabled:eDSfsu -- (Egis Incorporated.)
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\encryption.exe:*:Enabled:encryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\decryption.exe:*:Enabled:decryption -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDSMgr.exe:*:Enabled:eDSMgr -- File not found
"C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe" = C:\Program Files\Acer\Empowering Technology\eDataSecurity\x64\eDStbmngr.exe:*:Enabled:eDStbmngr -- (Egis Incorporated.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{119B7481-0216-40D2-A5CC-C3E1F461ECC1}" = Windows Live Fotogalerie
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 15
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00
"{302E9B7B-2B6A-4C29-9A02-9F2110649779}" = Nuvoton EC Generic HID Driver
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D347E6D-5A03-4342-B5BA-6A771885F379}" = Autodesk Backburner 2008.1
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{5783F2D7-8001-0407-0002-0060B0CE6BBA}" = AutoCAD 2010 - Deutsch
"{5783F2D7-8001-0407-1002-0060B0CE6BBA}" = AutoCAD 2010 Language Pack - Deutsch
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{78C17AC9-80CF-4E9D-AFCA-336A1CB7B5ED}" = USB/DVD-Downloadtool für Windows 7
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard
"{91E04CA7-0B13-4F8C-AA4D-2A573AC96D19}" = Windows Live Essentials
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DC11D9A-6DCD-4064-8363-63914A0122AB}" = C4500
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{AA6F009F-0CCD-4DD6-A462-28419C101D54}" = HP Photosmart C4500 All-In-One Driver Software 13.0 Rel. 4
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEBBFC67-7A03-4DF3-9E71-BA5C9EB4FBEF}" = MobileMe Control Panel
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel(R) PROSet/Wireless WiFi-Software
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CF408B76-8698-4298-B549-5E6A94931B64}" = PS_AIO_04_C4500_Software_Min
"{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}" = Acer Crystal Eye webcam Ver:1.1.57.409
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{ED636101-1959-4360-8BF7-209436E7DEE4}" = Windows Live Sync
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F870B987-18BC-45FC-9BE8-35C02DCDA10F}" = Broadcom Gigabit Integrated Controller
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone-Konfigurationsprogramm
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Anti-Twin 2010-10-16 20.19.26" = Anti-Twin (Installation 16.10.2010)
"Artisteer 2" = Artisteer 2
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE
"Ashampoo WinOptimizer 7_is1" = Ashampoo WinOptimizer 7.17
"AutoCAD 2010 - Deutsch" = AutoCAD 2010 - Deutsch
"BitComet" = BitComet 1.15
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"Direktfotosystem2_is1" = Direkt Foto System 3.x
"DivX Setup.divx.com" = DivX-Setup
"FileZilla Client" = FileZilla Client 3.3.3
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"GridVista" = Acer GridVista
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.1.0 (Basic)
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MirandaFusion" = Miranda Fusion 2.1.1
"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)
"Mozilla Thunderbird (3.1.5)" = Mozilla Thunderbird (3.1.5)
"MpcStar" = MpcStar 4.8
"NVIDIA Drivers" = NVIDIA Drivers
"PokerStars" = PokerStars
"ProInst" = Intel PROSet Wireless
"RAIDar 4.01c1-p1" = RAIDar 4.01c1-p1
"RAM Idle LE_is1" = RAM Idle LE
"SCAR Divi 3.22_is1" = SCAR Divi CDE 3.22
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"Update Service" = Update Service
"VLC media player" = VLC media player 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{019D7B6B-1123-40E5-AD82-73DC6FE78B30}" = NTI Shadow for ReadyNAS
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         
--- --- ---

Alt 24.10.2010, 15:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
DRV - (vmkbd) --  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.03 21:06:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2006.03.27 12:25:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell - "" = AutoRun
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
[2010.10.23 13:17:02 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4
[2010.10.02 21:52:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009.04.13 14:32:42 | 000,000,000 | -HSD | M] -- C:\Users\SilverSurger\AppData\Roaming\.#
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________

__________________

Alt 24.10.2010, 16:35   #3
SilverSurger
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Hallo!

Erstmal vielen Dank für die schnelle Antwort!

Ich hab den Custom Scan Code reinkopiert und FIX geklickt.
Danach startet der Scan, einige Prozesse werden gekillt (darunter auc hder explorer) und bei der Zeile

Zitat:
O32 - AutoRun File - [2006.03.27 12:25:00 | 000,000,045 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
reagiert OTL eine zeitlang nicht mehr.
Danach kommt dann die Fehlermeldung

Zitat:
Cannot create file C:\Windows\System32\drivers\etc\Hosts.
__________________

Geändert von SilverSurger (24.10.2010 um 16:40 Uhr)

Alt 24.10.2010, 19:40   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Dann lassen wir die beiden Zeilen mal weg, mach es nochmal mit diesem Text:

Code:
ATTFilter
:OTL
DRV - (vmkbd) --  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.03 21:06:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.) - E:\Autorun.exe -- [ CDFS ]
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2007.12.27 22:09:18 | 000,358,872 | R--- | M] (NETGEAR Inc.)
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell - "" = AutoRun
O33 - MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\Shell\AutoRun\command - "" = G:\RunGame.exe -- File not found
[2010.10.23 13:17:02 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4
[2010.10.02 21:52:37 | 000,001,024 | ---- | M] () -- C:\.rnd
[2009.04.13 14:32:42 | 000,000,000 | -HSD | M] -- C:\Users\SilverSurger\AppData\Roaming\.#
:Commands
[purity]
[emptytemp]
         
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2010, 20:05   #5
SilverSurger
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



So nach dem Reboot hab ich diese Logdatei erhalten:

Zitat:
All processes killed
========== OTL ==========
Error: No service named vmkbd was found to stop!
Service\Driver key vmkbd not found.
File File not found not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File not found.
File C:\autoexec.bat not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c58d481-d202-11dd-b912-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4c58d481-d202-11dd-b912-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4c58d481-d202-11dd-b912-806e6f6e6963}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{711b610b-6a7d-11df-b60e-001d72ee7740}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{711b610b-6a7d-11df-b60e-001d72ee7740}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{711b610b-6a7d-11df-b60e-001d72ee7740}\ not found.
File G:\RunGame.exe not found.
Folder C:\Users\SilverSurger\AppData\Roaming\E1F6215D8513C313F473294815976EC4\ not found.
File C:\.rnd not found.
Folder C:\Users\SilverSurger\AppData\Roaming\.#\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: acer
->Temp folder emptied: 368875 bytes
->Temporary Internet Files folder emptied: 58560 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 9496602 bytes
->Flash cache emptied: 503 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Mcx1-ACER-PC
->Temp folder emptied: 516 bytes
->Temporary Internet Files folder emptied: 2164670 bytes
->Flash cache emptied: 75 bytes

User: Public

User: SilverSurger
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 119799825 bytes
->Java cache emptied: 65807763 bytes
->FireFox cache emptied: 49300080 bytes
->Google Chrome cache emptied: 32065056 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 2166 bytes

User: SilverSurger360
->Temp folder emptied: 398168 bytes
->Temporary Internet Files folder emptied: 59831 bytes
->FireFox cache emptied: 8421954 bytes
->Flash cache emptied: 531 bytes

%systemdrive% .tmp files removed: 287232 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 275641 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 275,00 mb


OTL by OldTimer - Version 3.2.16.0 log created on 10242010_205139

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\klsE19F.tmp not found!

Registry entries deleted on Reboot...
Leider bockt Windows noch immer, ich muss immer wieder mal brutal ausschalten weil nichts mehr geht...
Ich bin gerade am Daten sichern - ich denke ich werd mal die Windows 7 Installation neu machen *würg*

trotzdem vielen Dank für die Hilfe!


Alt 24.10.2010, 20:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.

Alt 24.10.2010, 21:07   #7
SilverSurger
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Ich habe jetzt CCleaner wie in der Anleitung beschrieben ausgeführt,
danach Combofix ebenso wie beschrieben.

Nach der Installation und einem von Combofix ausgeführten Neustart, kam wie es wohl sein sollte die ComboFix Konsole in der der Wiederherstellungspunkt gesetzt wurde und nach infizierungen gesucht wurde.
Die Suche nach Infizierungen dauerte in etwa 2 Minuten, dann startete Windows ganz normal.

Seitdem funktioniert allerdings die Internet Verbindung nicht mehr.
Der Zugriff zum Router per IP funktioniert, ein anderer PC (dieser) kommt einwandfrei ins Internet.

Die vergebene IP Adresse per DHCP an den infizierten PC stimmt allerdings auch.

Seit dem Neustart Melde KIS2011 "MBR.cfxee" würde eine potenziell gefährdende Veränderung aufweisen.

edit:/ Nach einer Trennung und erneuten Verbindung zum Netzwerk funktioniert die internetverbindung wieder

Die Datei c:\ComboFix.txt wurde nicht erstellt (zumindest nicht in c:\ ),
auch die Windows Suche konnte die Datei nicht finden.

edit:// Bei ComboFix wurde keine "Fertiggestellt" Meldung wie in den Screenshots der Anleitung gebracht, das Fenster hat sich nach der Meldung "Dies dauert nicht länger als 10 Minuten...." geschlossen und dann wurde der windows explorer usw gestartet - erst war der Hintergrund nur schwarz.

Geändert von SilverSurger (24.10.2010 um 21:18 Uhr)

Alt 24.10.2010, 21:23   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Zitat:
Seit dem Neustart Melde KIS2011 "MBR.cfxee" würde eine potenziell gefährdende Veränderung aufweisen.
Das ist Quatsch, denn es ist ein Bestandteil von CF. Existiert denn ein Ordner c:\Qoobox?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 24.10.2010, 21:26   #9
SilverSurger
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Ja der Ordner ist da.

edit: Ich hatte vor einiger Zeit mit einem "Windows 7 Start button Changer" die explorer.exe gepatcht - kann es sein dass deswegen der explorer eventuell zu spät gestartet wird und die Datei nicht erstellt wird?
Ich habe jetzt die original explorer.exe wieder eingesetzt und gestartet,
vielleicht funktioniert es jetzt so wie es sollte?

Geändert von SilverSurger (24.10.2010 um 21:46 Uhr)

Alt 25.10.2010, 07:57   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Ja das mit der explorer.exe kann daran liegen.

ich brauch den Quarantäneordner von Combofix. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf da nicht rummurksen!
2.) Ordner C:\Qoobox in eine Datei zippen
3.) die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html
4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2010, 14:02   #11
SilverSurger
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Ich hab den Ornder heute gezippt und hochgeladen,
jetzt hab ich mich gerade etwas über den schwarzen Bildschirm informiert den ich beim hochladen habe und der soll in Kombination mit dem Trojanerbefall und Windows update entstehen.

Das ist auch nicht weit hergeholt, weil nämlich seit dem Befall die automatische Installation & Download von Updates geblockt wird.

Gehe ich manuell auf die Updatesuche kommt ein Fehler und gehe ich auf die windows update Internetseite von Microsoft steht dass die Verbindung zum Server zurückgesetzt wurde...

Alt 25.10.2010, 14:56   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2010, 15:23   #13
SilverSurger
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



Neue informationen:

Ich habe mir vorher von eurer Seite die tdsskiller.exe runtergeladen und damit festgestellt dass ich eine rootkit.tdss infizierung hatte (die aber anscheinend bereinigt wurde)
Eine Logfile wurde aber nicht erstellt, nach dem Neustart war auch im Report der im Programm enthalten ist nichts zu finden.

Danach habe ich noch Norman TDSS Cleaner rüberlaufen lassen - kein Fund.

Windows Update funktioniert nach dem Scan mit tdsskiller wieder einwandfrei,
auch die Website lässt sich wieder normal aufrufen.

Das ist jetzt das Ergebnis von OTL:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 25.10.2010 16:04:38 - Run 2
OTL by OldTimer - Version 3.2.16.0     Folder = C:\Users\SilverSurger\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 62,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 226,48 Gb Total Space | 130,53 Gb Free Space | 57,63% Space Free | Partition Type: NTFS
Drive D: | 226,51 Gb Total Space | 185,60 Gb Free Space | 81,94% Space Free | Partition Type: NTFS
 
Computer Name: ACER-PC | User Name: SilverSurger | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\SILVER~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\SilverSurger\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\DfSdkS.exe (mst software GmbH, Germany)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
PRC - C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\SilverSurger\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\winsta.dll (Microsoft Corporation)
MOD - C:\Windows\System32\wkscli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\ntlanman.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\drprov.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davclnt.dll (Microsoft Corporation)
MOD - C:\Windows\System32\davhlpr.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll (Adobe Systems Incorporated)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mysql) -- d:\xampp\mysql\bin\mysqld.exe File not found
SRV - (FileZilla Server) -- d:\xampp\FileZillaFTP\FileZillaServer.exe File not found
SRV - (Apache2.2) -- d:\xampp\apache\bin\httpd.exe File not found
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (EvtEng) Intel(R) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe (mst software GmbH, Germany)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (OMSI download service) -- C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WPRO_40_1123) WinPcap Packet Driver (WPRO_40_1123) -- C:\Windows\System32\drivers\WPRO_40_1123.sys File not found
DRV - (VMnetAdapter) -- C:\Windows\System32\DRIVERS\vmnetadapter.sys File not found
DRV - (VBoxNetFlt) -- C:\Windows\System32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (catchme) -- C:\Users\SILVER~1\AppData\Local\Temp\catchme.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (leafnets) -- C:\Windows\System32\drivers\leafnets.sys (Leaf Networks)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Sun Microsystems, Inc.)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (hidshim) -- C:\Windows\System32\drivers\hidshim.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (nuvotonhidgeneric) -- C:\Windows\System32\drivers\nuvotonhidgeneric.sys (Nuvoton Technology Corporation)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://chameleontom.iamwired.net/search.php?src=tops&q="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..keyword.URL: "hxxp://chameleontom.iamwired.net/search.php?src=tops&q="
 
FF - user.js..browser.search.openintab: false
 
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009.12.01 22:27:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.24 20:13:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.21 15:47:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.10.21 15:46:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.16 18:50:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.07.15 19:21:33 | 000,000,000 | ---D | M]
 
[2010.09.16 19:57:17 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions
[2010.09.16 19:57:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.06 20:32:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Extensions\IMVUClientXUL@imvu.com
[2010.10.24 20:00:07 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\mozilla\Firefox\Profiles\suj645lk.default\extensions
[2010.10.19 06:12:23 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-1.xml
[2010.03.23 20:10:10 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-2.xml
[2010.04.03 13:39:44 | 000,000,950 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin-3.xml
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\icqplugin.xml
[2010.02.09 19:15:18 | 000,005,395 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\Search.xml
[2010.08.22 14:59:56 | 000,001,379 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\Mozilla\FireFox\Profiles\suj645lk.default\searchplugins\winamp-search.xml
[2010.10.24 22:19:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.07.18 09:57:24 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.07.18 09:57:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2009.09.13 23:10:06 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\Mozilla Firefox\components\FFComm.dll
[2009.07.17 10:40:12 | 000,704,512 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010.08.01 09:33:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.01 09:33:51 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.01 09:33:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.01 09:33:52 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.01 09:33:52 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk File not found
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.173.72.3 213.173.72.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Windows\web\wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\web\wallpaper\img24.jpg
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.03 21:06:53 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
 
SafeBootMin: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - C:\Windows\System32\appmgmts.dll File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1966CAF0-DEE0-B244-B08D-5303F93CBBA2} - Browser Customizations
ActiveX: {1D476059-756E-EC06-03D6-77A39788F969} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6EE84F6C-C803-83D8-EFFE-DB298867C315} - .NET Framework
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7E43D666-A4C3-F1BB-902D-95AEA2B0C1C7} - Internet Explorer
ActiveX: {88DD3A09-0DE8-AED3-9B12-252F32865220} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9F1DA068-8B0D-8416-A5DC-1E6F62DAE3A4} - Microsoft Windows Media Player 12.0
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E564FBBC-8184-9A62-C0A9-F23170364DBB} - Internet Explorer
ActiveX: {E8CF53D9-A695-E6CD-D18D-2F54DA348BCF} - Browser Customizations
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {FB15F807-B62E-1BBE-3854-0F2C13541026} - Microsoft Windows Media Player 12.0
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.tscc - C:\Program Files\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.10.25 15:59:51 | 002,661,704 | ---- | C] (Norman ASA) -- C:\Users\SilverSurger\Desktop\Norman_TDSS_Cleaner.exe
[2010.10.25 15:51:23 | 001,317,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\SilverSurger\Desktop\TDSSKiller.exe
[2010.10.25 15:26:21 | 000,049,504 | ---- | C] (Prevx) -- C:\Users\SilverSurger\Desktop\fixshell.exe
[2010.10.24 21:51:19 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.10.24 21:51:19 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.10.24 21:51:19 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.10.24 21:50:58 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.10.24 21:48:14 | 000,000,000 | --SD | C] -- C:\cofi
[2010.10.24 21:47:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.10.24 21:47:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.10.24 21:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.10.24 21:37:41 | 001,187,896 | ---- | C] (Piriform Ltd) -- C:\Users\SilverSurger\Desktop\ccsetup236.exe
[2010.10.24 20:34:20 | 000,000,000 | ---D | C] -- C:\Program Files\Magical Jelly Bean
[2010.10.24 17:28:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.10.24 16:22:58 | 000,000,000 | ---D | C] -- C:\JDownloader
[2010.10.24 16:12:49 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\kikin
[2010.10.24 16:12:43 | 000,000,000 | ---D | C] -- C:\Program Files\kikin
[2010.10.24 16:12:36 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
[2010.10.24 13:30:19 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\SilverSurger\Desktop\OTL.exe
[2010.10.23 17:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010.10.18 19:56:27 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Documents\Bewerbungen
[2010.10.17 12:19:31 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\NTI-Shadow
[2010.10.17 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems
[2010.10.17 12:19:00 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield Installation Information
[2010.10.17 12:18:01 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield
[2010.10.16 20:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\AntiTwin
[2010.10.15 20:05:54 | 000,000,000 | R-SD | C] -- C:\Users\SilverSurger\Documents\My Stationery
[2010.10.02 22:03:09 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Documents\Virtual Machines
[2010.10.02 21:57:45 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Local\VMware
[2010.10.02 21:57:38 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\VMware
[2010.10.02 21:52:02 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2010.10.02 20:35:58 | 000,000,000 | R--D | C] -- C:\Users\SilverSurger\Virtual Machines
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-TW
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\zh-CN
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Virtual PC
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\tr-TR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\th-TH
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\sv-SE
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ru-RU
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ro-RO
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-PT
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pt-BR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\pl-PL
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nl-NL
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\nb-NO
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ko-KR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ja-JP
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\it-IT
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\hu-HU
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\he-IL
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fr-FR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\fi-FI
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\es-ES
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\en-US
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\el-GR
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\da-DK
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\cs-CZ
[2010.10.02 20:30:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\ar-SA
[2010.10.02 20:22:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010.09.26 20:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\copy trans manager
[2010.09.26 19:40:23 | 000,000,000 | ---D | C] -- C:\Program Files\RAM Idle LE
[2010.09.26 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC
[2010.09.26 19:35:07 | 000,000,000 | ---D | C] -- C:\Program Files\orb
[2010.09.26 18:26:05 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\Taskbar
[2010.09.26 17:34:35 | 000,028,160 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\System32\DfSdkBt.exe
[2010.09.26 12:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2010.09.24 19:51:03 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog
[2010.09.10 18:33:33 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\WindSolutions
[2010.09.10 18:32:51 | 000,000,000 | ---D | C] -- C:\ProgramData\WindSolutions
[2010.09.06 20:42:36 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\Vivox
[2010.09.05 16:18:49 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2010.09.05 15:05:41 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\CometPlayer
[2010.09.02 19:47:23 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll
[2010.09.02 19:47:22 | 000,000,000 | ---D | C] -- C:\Program Files\Smarty Uninstaller Pro
[2010.08.27 19:02:17 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\Miranda Fusion
[2010.08.27 19:02:07 | 000,000,000 | ---D | C] -- C:\Program Files\MirandaFusion
[2010.08.27 17:35:04 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Roaming\Malwarebytes
[2010.08.27 17:34:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.27 17:34:40 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.27 17:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.27 17:34:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.22 20:29:05 | 000,000,000 | ---D | C] -- C:\Users\SilverSurger\AppData\Local\Cooliris
[2010.08.22 14:59:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\IO
[2010.06.26 19:58:54 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeFF7.dll
[2008.12.25 08:31:08 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.10.25 16:07:00 | 000,001,146 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001UA.job
[2010.10.25 16:05:38 | 000,656,040 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.25 16:05:38 | 000,616,546 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.25 16:05:38 | 000,130,640 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.25 16:05:38 | 000,106,926 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.25 16:04:50 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.25 16:04:50 | 000,015,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.25 16:00:04 | 002,661,704 | ---- | M] (Norman ASA) -- C:\Users\SilverSurger\Desktop\Norman_TDSS_Cleaner.exe
[2010.10.25 15:57:48 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010.10.25 15:57:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.25 15:56:54 | 2411,888,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.25 15:26:22 | 000,049,504 | ---- | M] (Prevx) -- C:\Users\SilverSurger\Desktop\fixshell.exe
[2010.10.25 10:08:51 | 000,008,065 | ---- | M] () -- C:\Qoobox.zip
[2010.10.25 09:50:38 | 001,317,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\SilverSurger\Desktop\TDSSKiller.exe
[2010.10.24 21:43:27 | 000,093,274 | ---- | M] () -- C:\Users\SilverSurger\Documents\cc_20101024_214305.reg
[2010.10.24 21:40:00 | 000,000,929 | ---- | M] () -- C:\Users\SilverSurger\Desktop\CCleaner.lnk
[2010.10.24 21:38:42 | 001,187,896 | ---- | M] (Piriform Ltd) -- C:\Users\SilverSurger\Desktop\ccsetup236.exe
[2010.10.24 21:38:31 | 003,883,109 | R--- | M] () -- C:\Users\SilverSurger\Desktop\cofi.exe
[2010.10.24 20:36:51 | 000,000,000 | ---- | M] () -- C:\Windows\System32\HP_169.254.138.143_CN8B4F21TN057K
[2010.10.24 20:34:20 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2010.10.24 16:23:04 | 000,000,668 | ---- | M] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.10.23 17:38:25 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.10.23 13:36:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\SilverSurger\Desktop\OTL.exe
[2010.10.23 10:07:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001Core.job
[2010.10.17 12:19:03 | 000,002,268 | ---- | M] () -- C:\Users\SilverSurger\Desktop\NTI Shadow for ReadyNAS.lnk
[2010.10.17 12:18:06 | 000,001,024 | RH-- | M] () -- C:\Users\Public\Documents\NTSHDW3.dll
[2010.10.16 20:19:26 | 000,000,931 | ---- | M] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2010.10.16 18:50:29 | 000,001,948 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.14 03:22:04 | 002,530,448 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.02 20:08:04 | 000,000,035 | ---- | M] () -- C:\Windows\lg.ini
[2010.10.02 19:36:38 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.10.02 19:36:38 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010.10.01 19:41:49 | 000,001,204 | ---- | M] () -- C:\Windows\System32\mapisvc.inf
[2010.09.26 12:05:39 | 000,758,040 | ---- | M] () -- C:\Windows\UTP.exe
[2010.09.24 20:05:05 | 000,000,210 | ---- | M] () -- C:\Users\SilverSurger\Documents\autotyper.scar
[2010.09.24 19:25:01 | 000,002,306 | ---- | M] () -- C:\Users\SilverSurger\Documents\fischen.scar
[2010.09.19 15:47:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010.09.18 20:58:04 | 000,000,276 | ---- | M] () -- C:\Users\SilverSurger\SciTE.session
[2010.09.10 18:35:45 | 000,003,584 | ---- | M] () -- C:\Users\SilverSurger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.04 22:54:19 | 000,025,088 | ---- | M] () -- C:\Users\SilverSurger\Documents\Verkauf Spiele + Konsolen.doc
[2010.08.04 17:10:03 | 000,028,160 | ---- | M] () -- C:\Users\SilverSurger\Documents\Filme.doc
[2010.07.29 19:00:46 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.07.29 19:00:46 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
 
========== Files Created - No Company Name ==========
 
[2010.10.25 10:08:51 | 000,008,065 | ---- | C] () -- C:\Qoobox.zip
[2010.10.24 22:24:41 | 002,413,056 | ---- | C] () -- C:\Users\SilverSurger\Desktop\UxStyle_Core_Jul13_x86.msi
[2010.10.24 21:51:20 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.10.24 21:51:19 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.10.24 21:51:19 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.10.24 21:51:19 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.10.24 21:51:19 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.10.24 21:43:09 | 000,093,274 | ---- | C] () -- C:\Users\SilverSurger\Documents\cc_20101024_214305.reg
[2010.10.24 21:40:00 | 000,000,929 | ---- | C] () -- C:\Users\SilverSurger\Desktop\CCleaner.lnk
[2010.10.24 21:35:06 | 003,883,109 | R--- | C] () -- C:\Users\SilverSurger\Desktop\cofi.exe
[2010.10.24 20:36:51 | 000,000,000 | ---- | C] () -- C:\Windows\System32\HP_169.254.138.143_CN8B4F21TN057K
[2010.10.24 20:34:20 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\KeyFinder.lnk
[2010.10.24 16:23:04 | 000,000,668 | ---- | C] () -- C:\Users\Public\Desktop\JDownloader.lnk
[2010.10.17 12:19:03 | 000,002,268 | ---- | C] () -- C:\Users\SilverSurger\Desktop\NTI Shadow for ReadyNAS.lnk
[2010.10.17 12:18:06 | 000,001,024 | RH-- | C] () -- C:\Users\Public\Documents\NTSHDW3.dll
[2010.10.16 20:19:26 | 000,000,931 | ---- | C] () -- C:\Users\Public\Desktop\Anti-Twin.lnk
[2010.10.16 18:50:29 | 000,001,948 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.10.02 20:08:04 | 000,000,035 | ---- | C] () -- C:\Windows\lg.ini
[2010.10.02 19:36:38 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010.10.02 19:36:38 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010.09.26 19:40:24 | 000,017,408 | ---- | C] () -- C:\Windows\Shortcut.exe
[2010.09.26 12:05:39 | 000,758,040 | ---- | C] () -- C:\Windows\UTP.exe
[2010.09.24 20:05:04 | 000,000,210 | ---- | C] () -- C:\Users\SilverSurger\Documents\autotyper.scar
[2010.09.19 17:42:43 | 000,002,306 | ---- | C] () -- C:\Users\SilverSurger\Documents\fischen.scar
[2010.09.19 15:47:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_dc3d_01009.Wdf
[2010.09.18 20:46:07 | 000,000,276 | ---- | C] () -- C:\Users\SilverSurger\SciTE.session
[2010.08.04 17:06:26 | 000,028,160 | ---- | C] () -- C:\Users\SilverSurger\Documents\Filme.doc
[2010.08.04 16:49:34 | 000,025,088 | ---- | C] () -- C:\Users\SilverSurger\Documents\Verkauf Spiele + Konsolen.doc
[2010.04.22 17:23:25 | 000,003,584 | ---- | C] () -- C:\Users\SilverSurger\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.07 18:19:50 | 000,688,128 | ---- | C] () -- C:\Windows\System32\libeay32.dll
[2010.04.07 18:19:50 | 000,155,648 | ---- | C] () -- C:\Windows\System32\ssleay32.dll
[2009.11.14 12:29:01 | 000,004,140 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2009.10.26 08:38:41 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009.09.12 01:11:18 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.09.06 12:26:46 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.09.06 12:26:46 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.07.13 01:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\System32\drivers\uxpatch.sys
[2009.06.07 18:01:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.03 12:48:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.04.13 17:20:26 | 000,058,792 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2009.02.16 22:21:31 | 000,000,632 | ---- | C] () -- C:\Windows\CoDUO.INI
[2008.12.24 23:42:13 | 000,000,057 | ---- | C] () -- C:\Windows\PidList.ini
[2008.12.24 23:41:05 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2008.11.20 06:06:51 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.11.20 05:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.11.20 05:52:53 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.11.11 05:27:31 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.11.11 05:27:24 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.11.11 05:27:24 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.11.11 05:26:52 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2001.12.26 17:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.04 00:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 17:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 23:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2009.10.26 07:26:29 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Acer GameZone Console
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Artisteer
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Ashampoo
[2010.01.03 21:20:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Autodesk
[2009.10.28 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\BitDefender
[2010.09.17 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\CometPlayer
[2010.06.18 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Lite
[2010.05.28 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Pro
[2009.11.24 20:02:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAZ 3D
[2010.01.09 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Easy Thumbnails
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\eSobi
[2010.09.24 19:51:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog
[2010.10.12 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\FileZilla
[2010.02.13 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\GrabPro
[2009.12.09 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HartlauerFotoService3
[2010.08.27 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ICQ
[2010.10.24 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\kikin
[2010.08.27 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Miranda Fusion
[2010.10.17 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems
[2010.02.13 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\OCS
[2010.02.13 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Opera
[2010.08.08 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Orbit
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\PC Suite
[2010.06.26 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Samsung
[2010.03.17 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ScummVM
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\SoftDMA
[2010.06.26 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Sony
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Stardock
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TeamViewer
[2010.09.16 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Thunderbird
[2010.01.09 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TigerPlayer
[2010.09.06 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Vivox
[2010.09.10 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\WindSolutions
[2010.10.25 15:43:08 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.10.26 07:26:29 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Acer GameZone Console
[2009.10.28 23:02:15 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Adobe
[2010.07.23 19:24:01 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Apple Computer
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Artisteer
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Ashampoo
[2010.01.03 21:20:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Autodesk
[2009.10.28 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\BitDefender
[2010.09.17 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\CometPlayer
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\CyberLink
[2010.06.18 19:47:26 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Lite
[2010.05.28 19:11:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAEMON Tools Pro
[2009.11.24 20:02:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DAZ 3D
[2010.06.26 20:00:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\DivX
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Download Manager
[2010.01.09 17:19:16 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Easy Thumbnails
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\eSobi
[2010.09.24 19:51:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\EurekaLog
[2010.10.12 15:59:58 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\FileZilla
[2009.10.26 07:26:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Google
[2010.02.13 18:22:15 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\GrabPro
[2009.12.09 19:04:03 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HartlauerFotoService3
[2009.12.01 22:32:31 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HP
[2009.12.12 22:03:47 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\HpUpdate
[2010.08.27 19:11:28 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ICQ
[2010.10.15 20:05:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Identities
[2009.10.26 07:26:32 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\IDMComp
[2010.10.17 12:18:01 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield
[2010.10.17 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\InstallShield Installation Information
[2009.10.26 08:44:53 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Intel
[2010.10.24 20:00:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\kikin
[2009.11.29 18:03:59 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Macromedia
[2010.08.27 17:35:04 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Media Center Programs
[2009.10.28 22:00:22 | 000,000,000 | --SD | M] -- C:\Users\SilverSurger\AppData\Roaming\Microsoft
[2010.08.27 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Miranda Fusion
[2009.10.26 07:26:44 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Mozilla
[2010.10.17 12:19:00 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems
[2010.02.13 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\OCS
[2010.02.13 20:01:59 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Opera
[2010.08.08 14:20:32 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Orbit
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\PC Suite
[2010.03.22 10:19:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Real
[2010.06.26 19:44:02 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Samsung
[2010.03.17 20:01:55 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\ScummVM
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\SoftDMA
[2010.06.26 20:00:06 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Sony
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Stardock
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Talkback
[2009.10.26 07:26:45 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TeamViewer
[2010.09.16 19:56:57 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Thunderbird
[2010.01.09 22:12:48 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\TigerPlayer
[2010.09.06 20:42:36 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\Vivox
[2010.10.09 19:00:24 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\vlc
[2010.10.24 13:00:26 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\VMware
[2010.09.10 18:33:33 | 000,000,000 | ---D | M] -- C:\Users\SilverSurger\AppData\Roaming\WindSolutions
 
< %APPDATA%\*.exe /s >
[2009.12.07 17:50:11 | 002,056,658 | ---- | M] (                                                            ) -- C:\Users\SilverSurger\AppData\Roaming\HartlauerFotoService3\update\dfs.exe
[2010.10.17 12:18:00 | 000,455,600 | ---- | M] (Macrovision Corporation) -- C:\Users\SilverSurger\AppData\Roaming\InstallShield Installation Information\{019D7B6B-1123-40E5-AD82-73DC6FE78B30}\setup.exe
[2009.10.25 21:37:23 | 000,098,304 | R--- | M] (Microsoft Corp.) -- C:\Users\SilverSurger\AppData\Roaming\Microsoft\Installer\{78C17AC9-80CF-4E9D-AFCA-336A1CB7B5ED}\icons.exe
[2008.01.18 09:15:42 | 000,652,536 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Users\SilverSurger\AppData\Roaming\NewTech Infosystems\NTI Shadow for ReadyNAS\Shadow.exe
[2010.02.13 20:01:55 | 000,106,496 | ---- | M] (OCS) -- C:\Users\SilverSurger\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2010.02.13 20:01:55 | 000,040,960 | ---- | M] () -- C:\Users\SilverSurger\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2010.05.07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl1.sys
[2010.05.07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\kl2.sys
[2010.07.15 19:20:59 | 000,475,224 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klif.sys
[2010.04.22 19:07:34 | 000,022,104 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\drivers\klim6.sys
[2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) Unable to obtain MD5 -- C:\Windows\System32\drivers\klmouflt.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.05.07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) Unable to obtain MD5 -- C:\Windows\System32\klogon.dll
[2009.07.14 03:15:50 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll

< End of report >
         
--- --- ---

Alt 25.10.2010, 17:52   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



tdsskiller kann manchmal helfen, CF löscht den aber auch aber das lief ja bei Dir nicht
Probier CF bitte nach Anleitung nochmal aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 25.10.2010, 20:09   #15
SilverSurger
 
Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - Standard

Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.



So hier die Logdatei von ComboFix.

Ich habe das Gefühl dass alles wieder recht okay ist - natürlich weiß ich nicht was die Logdatei sagt, weil ich davon keinen Plan habe, aber Abstürze, schwarzer Bildschirm und das Lahmen haben anscheinend ein Ende gefunden.

Combofix Logfile:
Code:
ATTFilter
ComboFix 10-10-24.06 - SilverSurger 25.10.2010  20:58:30.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.43.1031.18.3067.1821 [GMT 2:00]
ausgeführt von:: c:\users\SilverSurger\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpeFF7.dll
c:\users\SilverSurger\AppData\Roaming\EurekaLog

.
(((((((((((((((((((((((   Dateien erstellt von 2010-09-25 bis 2010-10-25  ))))))))))))))))))))))))))))))
.

2010-10-25 19:04 . 2010-10-25 19:04	--------	d-----w-	c:\users\Mcx1-ACER-PC\AppData\Local\temp
2010-10-25 19:04 . 2010-10-25 19:04	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-10-25 19:04 . 2010-10-25 19:04	--------	d-----w-	c:\users\acer\AppData\Local\temp
2010-10-24 19:39 . 2010-10-24 19:40	--------	d-----w-	c:\program files\CCleaner
2010-10-24 18:34 . 2010-10-24 18:34	--------	d-----w-	c:\program files\Magical Jelly Bean
2010-10-24 18:12 . 2010-10-24 18:13	--------	d-----w-	c:\users\SilverSurger360
2010-10-24 15:28 . 2010-10-24 15:28	--------	d-----w-	C:\_OTL
2010-10-24 14:22 . 2010-10-25 15:36	--------	d-----w-	C:\JDownloader
2010-10-24 14:12 . 2010-10-24 18:00	--------	d-----w-	c:\users\SilverSurger\AppData\Roaming\kikin
2010-10-24 14:12 . 2010-10-24 14:12	--------	d-----w-	c:\program files\kikin
2010-10-24 14:12 . 2010-10-24 18:07	--------	d-----w-	c:\program files\JDownloader
2010-10-23 15:31 . 2010-10-23 15:31	--------	d-----w-	c:\program files\McAfee Security Scan
2010-10-22 11:23 . 2010-10-07 23:21	6146896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E67CDB9-A1FC-42A8-8342-0FD272A9E365}\mpengine.dll
2010-10-17 10:19 . 2010-10-17 22:24	--------	d-----w-	c:\users\SilverSurger\NTI-Shadow
2010-10-17 10:19 . 2010-10-17 10:19	--------	d-----w-	c:\users\SilverSurger\AppData\Roaming\NewTech Infosystems
2010-10-17 10:19 . 2010-10-17 10:19	--------	d-----w-	c:\users\SilverSurger\AppData\Roaming\InstallShield Installation Information
2010-10-17 10:18 . 2010-10-17 10:18	--------	d-----w-	c:\users\SilverSurger\AppData\Roaming\InstallShield
2010-10-16 18:19 . 2010-10-16 18:19	--------	d-----w-	c:\program files\AntiTwin
2010-10-02 19:57 . 2010-10-03 10:23	--------	d-----w-	c:\users\SilverSurger\AppData\Local\VMware
2010-10-02 19:57 . 2010-10-24 11:00	--------	d-----w-	c:\users\SilverSurger\AppData\Roaming\VMware
2010-10-02 19:52 . 2010-10-24 11:02	--------	d-----w-	c:\programdata\VMware
2010-10-02 18:43 . 2009-12-31 09:22	295936	----a-w-	c:\windows\system32\drivers\vpcvmm.sys
2010-10-02 18:43 . 2009-12-31 09:05	2171392	----a-w-	c:\windows\system32\VPCWizard.exe
2010-10-02 18:43 . 2009-12-31 09:05	3330560	----a-w-	c:\windows\system32\vpc.exe
2010-10-02 18:43 . 2009-12-31 06:48	1003008	----a-w-	c:\windows\system32\VMWindow.exe
2010-10-02 18:35 . 2010-10-02 19:58	--------	d-----r-	c:\users\SilverSurger\Virtual Machines
2010-10-02 18:25 . 2009-09-23 01:18	14848	----a-w-	c:\windows\system32\vpchbuspipe.dll
2010-10-02 18:25 . 2009-09-23 01:19	55040	----a-w-	c:\windows\system32\drivers\vpcnfltr.sys
2010-10-02 18:25 . 2009-09-23 01:18	78336	----a-w-	c:\windows\system32\drivers\vpcusb.sys
2010-10-02 18:25 . 2009-09-23 01:18	165376	----a-w-	c:\windows\system32\drivers\vpchbus.sys
2010-10-02 18:25 . 2009-09-23 01:18	1260032	----a-w-	c:\windows\system32\VPCSettings.exe
2010-10-02 18:25 . 2009-09-23 01:18	559616	----a-w-	c:\windows\system32\VMCPropertyHandler.dll
2010-10-02 18:25 . 2009-09-23 01:18	793600	----a-w-	c:\windows\system32\vmsal.exe
2010-10-02 18:20 . 2009-06-25 11:20	1446264	----a-w-	c:\program files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
2010-10-02 17:36 . 1996-12-03 11:35	18862131	----a-w-	c:\program files\Mozilla Firefox\F95_DEMO.EXE
2010-09-29 01:00 . 2010-03-04 04:04	146304	----a-w-	c:\windows\system32\drivers\usbvideo.sys
2010-09-29 01:00 . 2010-03-04 03:57	190976	----a-w-	c:\windows\system32\drivers\ks.sys
2010-09-28 23:18 . 2010-06-19 06:15	2048	----a-w-	c:\windows\system32\tzres.dll
2010-09-28 23:18 . 2010-08-27 05:30	13312	----a-w-	c:\program files\Internet Explorer\iecompat.dll
2010-09-26 18:33 . 2010-09-26 18:33	--------	d-----w-	c:\program files\copy trans manager
2010-09-26 17:40 . 2002-09-22 10:42	17408	----a-w-	c:\windows\Shortcut.exe
2010-09-26 17:40 . 2010-09-26 17:40	--------	d-----w-	c:\program files\RAM Idle LE
2010-09-26 17:35 . 2010-09-26 17:35	--------	d-----w-	c:\windows\W7SBC
2010-09-26 17:35 . 2009-10-31 05:45	2614272	----a-w-	c:\windows\explorer_edit_w7sbc.exe
2010-09-26 17:35 . 2010-09-26 17:35	--------	d-----w-	c:\program files\orb
2010-09-26 16:26 . 2010-09-26 16:26	--------	d-----w-	c:\users\SilverSurger\Taskbar
2010-09-26 15:34 . 2009-08-24 20:08	28160	----a-w-	c:\windows\system32\DfSdkBt.exe
2010-09-26 10:26 . 2010-09-26 10:26	--------	d-----w-	c:\program files\7-Zip
2010-09-26 10:05 . 2009-07-14 01:16	2755072	----a-w-	c:\windows\system32\themeui.dll.backup
2010-09-26 10:05 . 2009-07-14 01:16	37376	----a-w-	c:\windows\system32\themeservice.dll.backup
2010-09-26 10:05 . 2009-07-14 01:16	249856	----a-w-	c:\windows\system32\uxtheme.dll.backup
2010-09-26 10:05 . 2010-09-26 10:05	758040	----a-w-	c:\windows\UTP.exe

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-25 08:08 . 2010-10-25 08:08	8065	----a-w-	C:\Qoobox.zip
2010-10-19 09:41 . 2009-10-26 06:04	222080	------w-	c:\windows\system32\MpSigStub.exe
2010-09-08 09:17 . 2010-09-08 09:17	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2010-09-08 09:17 . 2010-09-08 09:17	69632	----a-w-	c:\windows\system32\QuickTime.qts
2010-08-21 05:32 . 2010-09-14 22:55	316928	----a-w-	c:\windows\system32\spoolsv.exe
2010-07-29 06:30 . 2010-08-11 11:06	197632	----a-w-	c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 11:06	82944	----a-w-	c:\windows\system32\iccvid.dll
2009-09-13 21:10 . 2009-10-28 20:58	47104	----a-w-	c:\program files\mozilla firefox\components\FFComm.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}]
2010-06-24 00:17	782568	----a-w-	c:\program files\kikin\ie_kikin.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-07-29 16:52	121392	----a-w-	c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-07-14 144384]
"ProductReg"="c:\program files\Acer\WR_PopUp\ProductReg.exe" [2008-11-17 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-09-19 6294048]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-11-22 13601312]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-11-22 92704]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 544768]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-07-29 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 417792]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-25 49152]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"LManager"="c:\progra~1\Launch Manager\LManager.exe" [2008-11-21 858632]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-05-07 344736]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoFileAssociate"= 0 (0x0)
"NoResolveTrack"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-05-06 132184]
R2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-11-28 24576]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 44432]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-03-31 36608]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2010-06-26 13224]
R3 leafnets;Leaf Networks Adapter;c:\windows\system32\DRIVERS\leafnets.sys [2010-01-12 55296]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2009-10-29 95376]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-09 1343400]
R3 WPRO_40_1123;WinPcap Packet Driver (WPRO_40_1123);c:\windows\system32\drivers\WPRO_40_1123.sys [x]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-05-28 691696]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 7\Dfsdks.exe [2009-08-24 406016]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-01-12 185640]
S3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2008-10-08 5632]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2009-09-15 6114816]
S3 nuvotonhidgeneric;Nuvoton EC Generic HID;c:\windows\system32\DRIVERS\nuvotonhidgeneric.sys [2008-10-08 22528]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-09-25 45600]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - NDISKIO
*NewlyCreated* - NSAK
*Deregistered* - klmd25
*Deregistered* - NDISKIO
*Deregistered* - nsak
*Deregistered* - UBHelper

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
HPZ12	REG_MULTI_SZ   	Pml Driver HPZ12 Net Driver HPZ12
HPService	REG_MULTI_SZ   	HPSLPSVC
.
Inhalt des "geplante Tasks" Ordners

2010-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001Core.job
- c:\users\SilverSurger\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 14:57]

2010-10-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2470086164-179386694-4040076334-1001UA.job
- c:\users\SilverSurger\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-23 14:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=1208&m=aspire_8730
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft &Excel exportieren - c:\progra~1\Microsoft Office\Office10\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\SilverSurger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
FF - ProfilePath - c:\users\SilverSurger\AppData\Roaming\Mozilla\Firefox\Profiles\suj645lk.default\
FF - prefs.js: browser.search.defaulturl - hxxp://chameleontom.iamwired.net/search.php?src=tops&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://chameleontom.iamwired.net/search.php?src=tops&q=
FF - component: c:\program files\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\SilverSurger\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: layout.spellcheckDefault - 2
FF - user.js: network.prefetch-next - true
FF - user.js: nglayout.initialpaint.delay - 250
FF - user.js: browser.urlbar.autoFill - false
FF - user.js: browser.search.openintab - false
FF - user.js: browser.tabs.closeButtons - 1
FF - user.js: browser.tabs.opentabfor.middleclick - true
FF - user.js: browser.tabs.tabMinWidth - 100
FF - user.js: browser.urlbar.hideGoButton - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1064)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Zeit der Fertigstellung: 2010-10-25  21:06:33
ComboFix-quarantined-files.txt  2010-10-25 19:06

Vor Suchlauf: 17 Verzeichnis(se), 140.209.500.160 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 139.888.488.448 Bytes frei

- - End Of File - - 2A529D9AA84D371050B523F0A9A3D2FB
         
--- --- ---

Antwort

Themen zu Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.
32 bit, avp.exe, bho, bonjour, components, conhost.exe, converter, corp./icp, desktop, error, firefox, firefox.exe, flash player, fontcache, google chrome, helper, home, home premium, iexplore, install.exe, installation, internet security 2011, kaspersky, kis, langsam, launch, location, malware, mozilla, mozilla thunderbird, mp3, nvlddmkm.sys, nvstor.sys, oldtimer, otl.exe, popup, programdata, realtek, registry, rogue.antimalwaredoctor, saver, scan, searchplugins, security, server, shell32.dll, software, sptd.sys, start menu, studio, taskhost.exe, tastatur, vlc media player, webcheck, winpcap packet driver



Ähnliche Themen: Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze.


  1. Nach Trojaner-Angriff: Grüne kritisieren Bundestagsverwaltung
    Nachrichten - 15.06.2015 (0)
  2. Windows 8.1: Sporadische Bluescreens (meist ntoskrnl.exe) und häufige Abstürze
    Plagegeister aller Art und deren Bekämpfung - 03.11.2014 (7)
  3. Häufige Abstürze und Bluescreens - Software oder Hardware Problem?
    Plagegeister aller Art und deren Bekämpfung - 17.06.2014 (5)
  4. Nach GVU Trojaner Entfernung RUNDLL Fehlermeldung nach Systemstart ?
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (2)
  5. Kann keine Dateien mehr öffnen nach Trojaner angriff
    Alles rund um Windows - 06.07.2012 (3)
  6. Meine Anziege bei der Polizei nach Verschlüsselungs-Trojaner Angriff
    Plagegeister aller Art und deren Bekämpfung - 11.06.2012 (0)
  7. gema trojaner - kommt direkt nach Systemstart
    Log-Analyse und Auswertung - 03.05.2012 (5)
  8. Häufige Abstürze von Vista, Antivir hat Virenfunde gemeldet
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (1)
  9. Häufige Abstürze von Firefox und PC extrem langsam -
    Log-Analyse und Auswertung - 21.06.2010 (2)
  10. !!! mehrfach (4-6) iexploer.exe im taskmanager + lahmer systemstart
    Log-Analyse und Auswertung - 18.08.2009 (1)
  11. Häufige Systemabstürze nach diversen Malwarefunden
    Plagegeister aller Art und deren Bekämpfung - 02.04.2009 (29)
  12. Kein Download nach Trojaner Angriff möglich!
    Plagegeister aller Art und deren Bekämpfung - 29.11.2008 (9)
  13. häufige PC Abstürze
    Plagegeister aller Art und deren Bekämpfung - 06.09.2008 (3)
  14. Nach Trojaner-Angriff auf Hilfe angewiesen
    Mülltonne - 21.07.2008 (0)
  15. Notebook extrem langsam, häufige Abstürze, smsss.exe?!?
    Log-Analyse und Auswertung - 15.06.2008 (1)
  16. msvcrl.dll fehlt nach Trojaner Angriff
    Plagegeister aller Art und deren Bekämpfung - 29.05.2007 (13)
  17. System neuaufgesetzt nach Trojaner angriff
    Log-Analyse und Auswertung - 22.04.2005 (2)

Zum Thema Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. - //edit: Sorry, ich hab glaub ich das falsche Forum erwischt, ich bitte zu verschieben! Danke!! Hallo liebe Community! Ich habe mir gestern "Anti Malware Doctor" eingefangen und nach der Anleitung - Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze....
Archiv
Du betrachtest: Nach Trojaner-Angriff lahmer Systemstart, häufige Abstürze. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.