Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.02.2011, 16:11   #1
User90
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



Hallo zusammen!

Ich bin neu in diesem Forum und hoffe, dass ich alle Formalitäten beachte.

Zu meinem Problem: Seit kurzem kann ich mit Firefox so gut wie keine Seiten mehr öffnen. Stattdessen bekomme ich die Meldung:

Bad Request

Your browser sent a request that this server could not understand.
Request header field is missing ':' separator.

Prox

Ausnahmen sind etwa Google.com oder die HP der Sparkasse. Jedoch erhalte ich bei 90% aller seiten obige Meldung.

Des Weiteren habe ich im Internet Explorer das Problem, dass von Google gefundene Seiten falsch verlinkt sind bzw ich auf Seiten wie gomeo.de oder monstermarketplace.com weitergeleitet werde, statt zu der gewünschten Seite.

Ich vermute, dass ich mir die Malware (Virus?Trojaner?) beim Betrachten von einem Flash-Video auf einer unbekannten Seite ca. eine Woche zuvor eingefangen habe. Dabei kam es nämlich zu Warnmeldungen von Antivir (kann leider nicht mehr sagen,wie genau die Meldung lautete und kann mich auch nicht mehr an die Seite erinnern). Bis vor zwei Tagen blieb dies jedoch ohne offensichtliche Auswirkungen.

Mir ist außerdem der Prozess conhost.exe im Task-Manager aufgefallen, der meines Erachtens vor dem Auftreten des Problems dort nicht vorhanden war bzw nun sogar zweimal gelistet ist. Einmal mit der Beschreibung "Host für Konsolenfenster" (Dateipfad: C:\Windows\System32) und einmal nur "conhost.exe" (Dateipfad: C:\Benutzer\***\AppData\Roaming\Microsoft). Letzt besagter Prozess startet sich automatisch nach dem manuellen Beenden wieder. Außerdem waren gestern auf einmal über 800 Prozesse im Task-Manager gelistet, darunter am meisten besagter conhost.exe.

Ich benutze Antivir und die Windows-Firewall unter Windows 7.
Habe bereits einen Systemcheck mit Antivir durchgeführt,welcher ohne Ergebnisse blieb.
Des Weiteren einen Systemcheck mit Spybot - Search & Destroy durchgeführt. Dort erhalte ich die Meldung, dass "DoubleClick", "Right Media", "Tradedoubler" und "Win32.Palevo" gefunden wurde. Diese Einträge tauchen auch nach dem vermeintlichen Entfernen bei erneuten Scans auf.

Ich hoffe ich habe alle benötigten Angaben gemacht.


Mfg

User90

P.S: Seit dem wahrscheinlichen Befallszeitpunkt habe ich mehrmals eine externe Festplatte bzw USB-Sticks an den PC angeschlossen. Müssen diese nun auch in irgendeiner Weise bereinigt werden oder bleibt dies ohne Auswirkung?

Alt 14.02.2011, 16:32   #2
markusg
/// Malware-holic
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten
__________________

__________________

Alt 14.02.2011, 17:08   #3
User90
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



OTL.txt

Code:
ATTFilter
OTL logfile created on: 14.02.2011 17:54:35 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = D:\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,97 Gb Total Space | 26,40 Gb Free Space | 53,91% Space Free | Partition Type: NTFS
Drive D: | 249,02 Gb Total Space | 225,98 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Daniel\AppData\Roaming\dwm.exe ()
PRC - C:\Users\Daniel\AppData\Roaming\Microsoft\conhost.exe ()
PRC - C:\Users\Daniel\AppData\Local\Temp\csrss.exe ()
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
PRC - C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gupdate) Google Update Service (gupdate) --  File not found
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 A1 98 E5 40 5A CA 01  [binary data]
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:59697
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8q="
FF - prefs.js..browser.search.distributionID: "google.com"
FF - prefs.js..browser.search.order.1: "data:text/plain,browser.search.order.1=Google"
FF - prefs.js..browser.search.order.2: "data:text/plain,browser.search.order.2=Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "web.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59697
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.13 12:31:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.13 12:31:29 | 000,000,000 | ---D | M]
 
[2009.12.25 14:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2009.12.25 14:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.02.14 16:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0vt9m6xv.default\extensions
[2010.12.24 11:57:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0vt9m6xv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.18 18:30:12 | 000,004,153 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\0vt9m6xv.default\searchplugins\youtube.xml
[2011.02.13 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.12 12:56:02 | 000,001,216 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 236.210.186.140	personal.nl.avira-update.com
O1 - Hosts: 218.193.235.22	professional.nl.avira-update.com
O1 - Hosts: 188.56.87.85	premium.nl.avira-update.com
O1 - Hosts: 243.66.49.166	personal.avira-update.com
O1 - Hosts: 142.130.193.212	professional.avira-update.com
O1 - Hosts: 117.172.80.86	premium.avira-update.com
O1 - Hosts: 77.29.66.204	perspeak.avira-update.com
O1 - Hosts: 103.191.229.165	profpeak.avira-update.com
O1 - Hosts: 242.216.137.65	prempeak.avira-update.com
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [conhost] C:\Users\Daniel\AppData\Roaming\Microsoft\conhost.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
F3 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001 WinNT: Load - (C:\Users\Daniel\AppData\Local\Temp\csrss.exe) - C:\Users\Daniel\AppData\Local\Temp\csrss.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001 Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6acf144b-21ea-11df-9711-001fe1e21c7b}\Shell - "" = AutoRun
O33 - MountPoints2\{6acf144b-21ea-11df-9711-001fe1e21c7b}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{932e61c0-da87-11de-b2db-001c232bf495}\Shell - "" = AutoRun
O33 - MountPoints2\{932e61c0-da87-11de-b2db-001c232bf495}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.13 12:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Mozilla Firefox
[2011.02.13 12:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.02.13 12:27:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2011.02.13 00:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Spybot - Search & Destroy
[2011.02.13 00:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.02.13 00:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.13 00:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.02.04 13:44:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Media Player Classic
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.14 17:11:47 | 000,204,288 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\dwm.exe
[2011.02.14 16:03:29 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.14 16:03:29 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.14 16:00:32 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.14 16:00:32 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.14 16:00:32 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.14 16:00:32 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.14 15:59:36 | 000,017,759 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\350E.E70
[2011.02.14 15:56:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.14 15:56:05 | 2616,037,376 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.13 12:28:41 | 000,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
[2011.02.13 00:55:07 | 000,001,176 | ---- | M] () -- C:\Users\Daniel\Desktop\Spybot - Search & Destroy.lnk
[2011.02.12 12:57:09 | 000,000,376 | ---- | M] () -- C:\Windows\tasks\At1.job
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.14 17:11:47 | 000,204,288 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\dwm.exe
[2011.02.13 12:28:41 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2011.02.13 00:55:07 | 000,001,176 | ---- | C] () -- C:\Users\Daniel\Desktop\Spybot - Search & Destroy.lnk
[2011.02.12 12:56:02 | 000,000,376 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.02.12 12:50:30 | 000,017,759 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\350E.E70
[2010.05.12 19:33:27 | 000,139,152 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys
[2010.05.12 19:33:27 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.04.13 17:16:27 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.04.13 17:16:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.04.08 16:24:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.02.16 13:49:48 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.01.08 00:56:07 | 000,000,311 | ---- | C] () -- C:\Windows\game.ini
[2009.11.26 13:19:35 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.08 11:22:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.11.01 15:49:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.03.18 14:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.11.26 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 17:19:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dev-Cpp
[2011.02.13 12:28:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2010.04.24 12:24:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GlobalSCAPE
[2011.02.14 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2011.01.18 15:40:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
[2009.12.25 14:01:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TomTom
[2009.11.02 13:13:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TuneUp Software
[2010.04.13 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
[2011.02.12 12:57:09 | 000,000,376 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2010.12.26 11:05:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.02 12:59:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Adobe
[2009.11.19 23:51:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2010.04.01 06:48:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Avira
[2009.11.26 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 17:19:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dev-Cpp
[2010.08.09 01:44:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DivX
[2011.02.05 19:49:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\dvdcss
[2011.02.13 12:28:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2010.04.24 12:24:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GlobalSCAPE
[2011.02.14 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2009.10.31 16:27:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Identities
[2010.01.19 15:15:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\InstallShield
[2010.06.01 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\InstallShield Installation Information
[2009.10.31 17:24:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Macromedia
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Media Center Programs
[2011.02.04 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Media Player Classic
[2011.02.14 15:59:59 | 000,000,000 | --SD | M] -- C:\Users\Daniel\AppData\Roaming\Microsoft
[2009.10.31 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla
[2010.04.15 18:26:30 | 000,000,000 | RH-D | M] -- C:\Users\Daniel\AppData\Roaming\SecuROM
[2011.01.18 15:40:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
[2009.12.25 14:01:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TomTom
[2009.11.02 13:13:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TuneUp Software
[2010.02.25 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\U3
[2010.04.13 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
[2011.02.04 12:21:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\vlc
[2009.11.01 12:22:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011.02.14 17:11:47 | 000,204,288 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\dwm.exe
[2004.10.22 05:16:58 | 000,118,736 | ---- | M] (Macrovision Corporation) -- C:\Users\Daniel\AppData\Roaming\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe
[2002.12.02 21:33:00 | 000,107,512 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Daniel\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe
[2011.02.14 15:59:59 | 000,185,344 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\conhost.exe
[2010.11.26 16:24:58 | 000,029,184 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
[2010.01.09 11:26:14 | 000,298,496 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A.exe
[2010.01.09 11:26:14 | 000,107,008 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A1.exe
[2010.01.09 11:26:14 | 000,004,608 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A2.exe
[2010.01.09 11:26:14 | 000,106,496 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A3.exe
[2010.01.09 11:26:14 | 000,107,008 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A4.exe
[2010.01.09 11:26:14 | 000,210,432 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A5.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\Launchpad Removal.exe
[2008.05.04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\LaunchPad.exe
[2007.10.23 09:44:48 | 000,054,584 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\U3AccessGrant.exe
[2007.10.02 18:14:46 | 000,024,064 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\hostClnUpNoOp.exe
[2007.10.02 18:14:46 | 022,882,088 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe
[2007.10.02 18:14:46 | 000,025,896 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skypeshutdown.exe
[2007.10.02 18:14:46 | 000,241,664 | ---- | M] (U3 LLC) -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\U3Action.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Daniel\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.11.26 13:19:35 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.11.04 16:14:46 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) Unable to obtain MD5 -- C:\Windows\System32\deploytk.dll
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2010.03.08 22:33:56 | 000,427,520 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\vbscript.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 14.02.2011 17:54:35 - Run 2
OTL by OldTimer - Version 3.2.20.6     Folder = D:\Downloads
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,97 Gb Total Space | 26,40 Gb Free Space | 53,91% Space Free | Partition Type: NTFS
Drive D: | 249,02 Gb Total Space | 225,98 Gb Free Space | 90,75% Space Free | Partition Type: NTFS
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{359ADF3A-F727-40F1-9D8A-6699EE355287}" = Gothic 3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{611ED207-22E5-4543-B9D3-E73096759A4F}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Cromo Pad
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D30E4145-9120-4497-AD35-F78482C3CF88}" = LEGO MINDSTORMS NXT Driver
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HTPE3" = HyperTerminal Private Edition v6.3
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LOGO!Soft Comfort V6.1" = LOGO!Soft Comfort V6.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.02.2011 05:13:24 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.02.2011 05:13:24 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.02.2011 08:12:01 | Computer Name = Daniel-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ICQ.exe, Version: 6.5.0.2026, Zeitstempel:
 0x4ce13635  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16559, Zeitstempel:
 0x4ba9b21e  Ausnahmecode: 0xc000071c  Fehleroffset: 0x000985bb  ID des fehlerhaften Prozesses:
 0x47c  Startzeit der fehlerhaften Anwendung: 0x01cbcb6a1d667c9b  Pfad der fehlerhaften
 Anwendung: C:\Program Files\ICQ6.5\ICQ.exe  Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll
Berichtskennung:
 762ee234-376a-11e0-8fc9-001fe1e21c7b
 
Error - 13.02.2011 08:38:54 | Computer Name = Daniel-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 13.02.2011 10:19:42 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.02.2011 10:19:42 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.02.2011 15:38:50 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.02.2011 15:38:50 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 10:56:25 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 10:56:25 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ OSession Events ]
Error - 24.10.2010 14:18:11 | Computer Name = Daniel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.02.2011 11:54:06 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.02.2011 11:54:06 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.02.2011 11:54:06 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.02.2011 11:54:06 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.02.2011 12:15:58 | Computer Name = Daniel-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.02.2011 12:15:58 | Computer Name = Daniel-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.02.2011 12:15:58 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.02.2011 12:15:58 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.02.2011 12:15:58 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.02.2011 12:15:58 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         
__________________

Alt 14.02.2011, 17:17   #4
markusg
/// Malware-holic
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.

:OTL
[2011.02.14 17:11:47 | 000,204,288 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\dwm.exe
:Files
C:\Users\Daniel\AppData\Roaming\dwm.exe
C:\Users\Daniel\AppData\Local\Temp\csrss.exe
C:\Users\Daniel\AppData\Local\Temp\csrss.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[resethosts]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.

öffne computer, c: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
lade das archiv in unserem upload channel hoch.
http://www.trojaner-board.de/54791-anleitung-uploadchannel-trojaner-board.html
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.02.2011, 17:41   #5
User90
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



Nach dem Klicken auf Fix startet der PC sofort neu und ich bekomme einen Bluescreen beim Runterfahren. Beim Hochfahren wird gemeldet, dass Windows nicht ordnungsgemäß runtergefahren wird und ich kann entscheiden, ob ich im abgesicherten Modus oder normal starten möchte.
Es wird kein Textfile erstellt (wo sollte dieser zu finden sein, im OTL Ordner?) und unter C: findet sich auch kein _OTL bzw. moved files.

btw danke für die schnellen antworten


Alt 14.02.2011, 17:44   #6
markusg
/// Malware-holic
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



kannst du mal zusätzlich noch folgende zeile nach :OTL einfügen:
F3 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001 WinNT: Load - (C:\Users\Daniel\AppData\Local\Temp\csrss.exe) - C:\Users\Daniel\AppData\Local\Temp\csrss.exe
()

aber du musst darauf achten dass es in otl hintereinander steht
und nach
.exe muss ein leerzeichen und dann erst ()
kommen.
wenn otl trotzdem nicht läuft versuchs mal im abgesichertem modus.
__________________
--> Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)

Alt 14.02.2011, 17:59   #7
User90
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



Das Ergebnis ist nach Einfügen der Zeile das gleiche, sowohl im normalen als auch im abgesicherten Modus.

Hab im Anhang einen Screenshot beigefügt. Der Text ist richtig eingefügt oder? Einstellungen habe ich ebenfalls so wie auf dem Screenshot zu sehen.
Angehängte Grafiken
Dateityp: jpg Unbenannt.jpg (52,8 KB, 188x aufgerufen)

Alt 14.02.2011, 18:02   #8
markusg
/// Malware-holic
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.02.2011, 18:32   #9
User90
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



ComboFix.txt

Code:
ATTFilter
ComboFix 11-02-13.04 - Daniel 14.02.2011  19:22:56.1.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3326.2558 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Desktop
C:\syscheckrt
c:\syscheckrt\config.bin
c:\syscheckrt\syscheckrt.exe
c:\users\Daniel\AppData\Roaming\dwm.exe
c:\users\Daniel\AppData\Roaming\Microsoft\conhost.exe

.
(((((((((((((((((((((((   Dateien erstellt von 2011-01-14 bis 2011-02-14  ))))))))))))))))))))))))))))))
.

2011-02-14 18:27 . 2011-02-14 18:27	--------	d-----w-	c:\users\Daniel\AppData\Local\temp
2011-02-14 18:27 . 2011-02-14 18:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-13 11:28 . 2011-02-13 11:28	1152	----a-w-	c:\windows\system32\windrv.sys
2011-02-13 11:27 . 2011-02-13 11:28	--------	d-----w-	c:\users\Daniel\AppData\Roaming\GetRightToGo
2011-02-12 23:55 . 2011-02-13 08:57	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-02-12 23:55 . 2011-02-12 23:58	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-02-04 12:44 . 2011-02-04 12:44	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Media Player Classic
2011-01-21 20:05 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDBDF387-E51D-421B-AF87-CF3BC6E85DD4}\mpengine.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 18:39 . 2010-03-29 10:24	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-12-01 13:15 . 2009-10-31 16:04	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-26 15:24 . 2010-11-26 15:24	29184	----a-r-	c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2010-11-19 14:33 . 2009-11-02 12:13	30528	----a-w-	c:\windows\system32\TURegOpt.exe
2010-11-19 14:30 . 2009-11-02 12:13	21312	----a-w-	c:\windows\system32\authuitu.dll
2010-11-19 14:29 . 2009-11-02 12:13	30016	----a-w-	c:\windows\system32\uxtuneup.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-06 96800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2010-3-2 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"RESTART_STICKY_NOTES"=c:\windows\System32\StikyNot.exe
"syscheckrt.exe"=c:\syscheckrt\syscheckrt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"conhost"=c:\users\Daniel\AppData\Roaming\Microsoft\conhost.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\DRIVERS\fantom.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-11-19 1051968]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:59697
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\0vt9m6xv.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59697
FF - prefs.js: network.proxy.type - 1
FF - user.js: browser.blink_allowed - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
HKLM-Run-conhost - c:\users\Daniel\AppData\Roaming\Microsoft\conhost.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1829377223-3649973229-498654646-1001\Software\SecuROM\License information*]
"datasecu"=hex:52,d5,12,df,ae,74,6e,a3,39,67,a9,5b,8c,28,45,7c,a8,0d,e2,0c,72,
   9c,b7,2c,7f,ce,8a,ab,63,88,71,cd,c0,c9,9d,03,b3,c3,e1,47,f5,bc,ca,b6,0e,cd,\
"rkeysecu"=hex:61,06,00,85,0a,ef,d2,a4,28,61,5a,b0,5a,0b,de,e7

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-02-14  19:28:49
ComboFix-quarantined-files.txt  2011-02-14 18:28

Vor Suchlauf: 6 Verzeichnis(se), 28.085.563.392 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 28.048.207.872 Bytes frei

- - End Of File - - A03BB115F21FA7D75FAFE5C63864BBB3
         

Alt 14.02.2011, 18:37   #10
markusg
/// Malware-holic
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



neustar.

start programme zubehör editor kopiere rein.

Killall::

Rootkit::
C:\Users\Daniel\AppData\Roaming\dwm.exe
C:\Users\Daniel\AppData\Local\Temp\csrss.exe
C:\Users\Daniel\AppData\Local\Temp\csrss.exe

Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"syscheckrt.exe"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"conhost"=-

DDS::
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:59697


datei speichern unter, datei typ alle dateien.
name
cfscript.txt
dort speichern wo sich combofix.exe befindet, ziehe cfscript auf combofix, programm startet,log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.02.2011, 18:56   #11
User90
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



Code:
ATTFilter
ComboFix 11-02-13.04 - Daniel 14.02.2011  19:45:23.2.2 - x86
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1031.18.3326.2525 [GMT 1:00]
ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Daniel\Desktop\cfscript.txt
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((   Dateien erstellt von 2011-01-14 bis 2011-02-14  ))))))))))))))))))))))))))))))
.

2011-02-14 18:50 . 2011-02-14 18:50	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-02-14 18:28 . 2011-02-14 18:52	--------	d-----w-	c:\users\Daniel\AppData\Local\temp
2011-02-13 11:28 . 2011-02-13 11:28	1152	----a-w-	c:\windows\system32\windrv.sys
2011-02-13 11:27 . 2011-02-13 11:28	--------	d-----w-	c:\users\Daniel\AppData\Roaming\GetRightToGo
2011-02-12 23:55 . 2011-02-13 08:57	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2011-02-12 23:55 . 2011-02-12 23:58	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2011-02-04 12:44 . 2011-02-04 12:44	--------	d-----w-	c:\users\Daniel\AppData\Roaming\Media Player Classic
2011-01-21 20:05 . 2011-01-13 09:41	5890896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DDBDF387-E51D-421B-AF87-CF3BC6E85DD4}\mpengine.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 18:39 . 2010-03-29 10:24	135096	----a-w-	c:\windows\system32\drivers\avipbb.sys
2010-12-01 13:15 . 2009-10-31 16:04	61960	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2010-11-26 15:24 . 2010-11-26 15:24	29184	----a-r-	c:\users\Daniel\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
2010-11-19 14:33 . 2009-11-02 12:13	30528	----a-w-	c:\windows\system32\TURegOpt.exe
2010-11-19 14:30 . 2009-11-02 12:13	21312	----a-w-	c:\windows\system32\authuitu.dll
2010-11-19 14:29 . 2009-11-02 12:13	30016	----a-w-	c:\windows\system32\uxtuneup.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-03-06 96800]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 815104]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2010-3-2 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
"RESTART_STICKY_NOTES"=c:\windows\System32\StikyNot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\DRIVERS\fantom.sys [x]
R4 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-26 691696]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-07 135336]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-11-19 1051968]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]


HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://google.de/
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\0vt9m6xv.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 59697
FF - prefs.js: network.proxy.type - 1
FF - user.js: browser.blink_allowed - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1829377223-3649973229-498654646-1001\Software\SecuROM\License information*]
"datasecu"=hex:52,d5,12,df,ae,74,6e,a3,39,67,a9,5b,8c,28,45,7c,a8,0d,e2,0c,72,
   9c,b7,2c,7f,ce,8a,ab,63,88,71,cd,c0,c9,9d,03,b3,c3,e1,47,f5,bc,ca,b6,0e,cd,\
"rkeysecu"=hex:61,06,00,85,0a,ef,d2,a4,28,61,5a,b0,5a,0b,de,e7

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4012)
c:\windows\system32\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\STacSV.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-02-14  19:55:29 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-02-14 18:55
ComboFix2.txt  2011-02-14 18:28

Vor Suchlauf: 9 Verzeichnis(se), 28.080.046.080 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 28.004.888.576 Bytes frei

- - End Of File - - FA30A6461A907651D94B67A97B6AC6B7
         

Alt 14.02.2011, 18:58   #12
markusg
/// Malware-holic
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



kannst du mal bitte computer öffnen, c: dort qoobox, den quarantain ordner packen und dann hochladen, der link ist unter dem otl script :-)
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.02.2011, 19:02   #13
User90
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



upload ist erfolgt

Alt 14.02.2011, 19:13   #14
markusg
/// Malware-holic
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



bitte poste ne neue otl.txt und berichte wie der pc läuft.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.02.2011, 19:30   #15
User90
 
Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Standard

Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)



Die zweiten Prozesse von conhost.exe und dwm.exe sind nicht mehr im Task-Manager gelistetVerlinkung von Google im IE scheint wieder zu funktionieren. Firefox meldet nun einen anderen Fehler:

Fehler: Proxy-Server verweigert die Verbindung

Firefox wurde konfiguriert, einen Proxy-Server zu nutzen, der die Verbindung zurückweist.



* Überprüfen Sie bitte, ob die Proxy-Einstellungen korrekt sind

* Kontaktieren Sie bitte Ihren Netzwerk-Administrator, um sicherzustellen, dass der Proxy-Server funktioniert


Jetzt schoneinmal vielen vielen Dank für die kompetente und schnelle Hilfe! Auch wenn ich nicht verstehe, was ich die ganze Zeit überhaupt mache

Neuer OTL

Code:
ATTFilter
OTL logfile created on: 14.02.2011 20:15:48 - Run 3
OTL by OldTimer - Version 3.2.20.6     Folder = D:\Downloads\OTL
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,97 Gb Total Space | 26,14 Gb Free Space | 53,38% Space Free | Partition Type: NTFS
Drive D: | 249,02 Gb Total Space | 226,03 Gb Free Space | 90,77% Space Free | Partition Type: NTFS
Drive E: | 426,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,87 Gb Total Space | 1,19 Gb Free Space | 63,74% Space Free | Partition Type: FAT
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Downloads\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe (Dell Inc)
 
 
========== Modules (SafeList) ==========
 
MOD - D:\Downloads\OTL\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Program Files\Dell\QuickSet\dadkeyb.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (gupdate) Google Update Service (gupdate) --  File not found
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (nicconfigsvc) -- C:\Program Files\Dell\QuickSet\NicConfigSvc.exe (Dell Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (btwaudio) -- C:\Windows\System32\drivers\btwaudio.sys (Broadcom Corporation.)
DRV - (btwrchid) -- C:\Windows\System32\drivers\btwrchid.sys (Broadcom Corporation.)
DRV - (btwavdt) -- C:\Windows\System32\drivers\btwavdt.sys (Broadcom Corporation.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 18 A1 98 E5 40 5A CA 01  [binary data]
IE - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 59697
FF - prefs.js..network.proxy.type: 1
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.02.13 12:31:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.02.13 12:31:29 | 000,000,000 | ---D | M]
 
[2009.12.25 14:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions
[2009.12.25 14:01:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011.02.14 16:11:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0vt9m6xv.default\extensions
[2010.12.24 11:57:07 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\0vt9m6xv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.11.18 18:30:12 | 000,004,153 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\0vt9m6xv.default\searchplugins\youtube.xml
[2011.02.13 12:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.12.03 19:14:08 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.12.03 19:14:08 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.12.03 19:14:08 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.03 19:14:08 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.12.03 19:14:08 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.14 19:52:06 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010.07.07 15:13:34 | 000,000,096 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
 
MsConfig - State: "services" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.14 19:55:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.02.14 19:52:19 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.02.14 19:44:32 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.02.14 19:44:32 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.02.14 19:44:32 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.02.14 19:44:11 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011.02.14 19:28:50 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\temp
[2011.02.14 19:20:51 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.02.14 19:20:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.02.14 18:31:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.02.13 12:31:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Mozilla Firefox
[2011.02.13 12:31:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.02.13 12:27:33 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2011.02.13 00:55:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Spybot - Search & Destroy
[2011.02.13 00:55:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.02.13 00:55:03 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011.02.13 00:51:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.02.04 13:44:00 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Media Player Classic
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.14 20:15:22 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.02.14 20:15:22 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.02.14 20:15:22 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.02.14 20:15:22 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.02.14 19:59:56 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.14 19:59:56 | 000,013,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.14 19:52:06 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.02.14 19:51:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.14 19:51:39 | 2616,037,376 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.14 19:06:05 | 004,268,422 | R--- | M] () -- C:\Users\Daniel\Desktop\ComboFix.exe
[2011.02.14 18:54:51 | 170,349,685 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.02.14 15:59:36 | 000,017,759 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\350E.E70
[2011.02.13 12:28:41 | 000,001,152 | ---- | M] () -- C:\Windows\System32\windrv.sys
[2011.02.13 00:55:07 | 000,001,176 | ---- | M] () -- C:\Users\Daniel\Desktop\Spybot - Search & Destroy.lnk
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.14 19:44:32 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.02.14 19:44:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.02.14 19:44:32 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011.02.14 19:44:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.02.14 19:44:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.02.14 19:06:01 | 004,268,422 | R--- | C] () -- C:\Users\Daniel\Desktop\ComboFix.exe
[2011.02.14 18:31:22 | 170,349,685 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.02.13 12:28:41 | 000,001,152 | ---- | C] () -- C:\Windows\System32\windrv.sys
[2011.02.13 00:55:07 | 000,001,176 | ---- | C] () -- C:\Users\Daniel\Desktop\Spybot - Search & Destroy.lnk
[2011.02.12 12:50:30 | 000,017,759 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\350E.E70
[2010.05.12 19:33:27 | 000,139,152 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys
[2010.05.12 19:33:27 | 000,138,384 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.04.13 17:16:27 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.04.13 17:16:27 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.04.08 16:24:33 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.02.16 13:49:48 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2010.01.08 00:56:07 | 000,000,311 | ---- | C] () -- C:\Windows\game.ini
[2009.11.26 13:19:35 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.08 11:22:43 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.11.01 15:49:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.19 19:06:22 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.06.19 19:06:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.11.03 17:25:56 | 000,389,120 | ---- | C] () -- C:\Windows\System32\btwhidcs.dll
[2006.03.18 14:16:04 | 000,540,178 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2005.05.06 19:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2001.11.14 12:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.11.26 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 17:19:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dev-Cpp
[2011.02.13 12:28:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2010.04.24 12:24:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GlobalSCAPE
[2011.02.14 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2011.01.18 15:40:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
[2009.12.25 14:01:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TomTom
[2009.11.02 13:13:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TuneUp Software
[2010.04.13 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
[2010.12.26 11:05:58 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.11.02 12:59:58 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Adobe
[2009.11.19 23:51:27 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Apple Computer
[2010.04.01 06:48:52 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Avira
[2009.11.26 13:37:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite
[2011.01.10 17:19:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dev-Cpp
[2010.08.09 01:44:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DivX
[2011.02.05 19:49:23 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\dvdcss
[2011.02.13 12:28:26 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GetRightToGo
[2010.04.24 12:24:33 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GlobalSCAPE
[2011.02.14 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ
[2009.10.31 16:27:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Identities
[2010.01.19 15:15:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\InstallShield
[2010.06.01 19:36:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\InstallShield Installation Information
[2009.10.31 17:24:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Macromedia
[2009.07.14 09:56:56 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Media Center Programs
[2011.02.04 13:44:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Media Player Classic
[2011.02.14 19:27:05 | 000,000,000 | --SD | M] -- C:\Users\Daniel\AppData\Roaming\Microsoft
[2009.10.31 16:54:55 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Mozilla
[2010.04.15 18:26:30 | 000,000,000 | RH-D | M] -- C:\Users\Daniel\AppData\Roaming\SecuROM
[2011.01.18 15:40:25 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TeamViewer
[2009.12.25 14:01:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TomTom
[2009.11.02 13:13:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\TuneUp Software
[2010.02.25 09:54:21 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\U3
[2010.04.13 18:17:12 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ubisoft
[2011.02.04 12:21:13 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\vlc
[2009.11.01 12:22:05 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2004.10.22 05:16:58 | 000,118,736 | ---- | M] (Macrovision Corporation) -- C:\Users\Daniel\AppData\Roaming\InstallShield Installation Information\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}\setup.exe
[2002.12.02 21:33:00 | 000,107,512 | ---- | M] (InstallShield Software Corporation) -- C:\Users\Daniel\AppData\Roaming\InstallShield Installation Information\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}\setup.exe
[2010.11.26 16:24:58 | 000,029,184 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}\Icon21AE04E8.exe
[2010.01.09 11:26:14 | 000,298,496 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A.exe
[2010.01.09 11:26:14 | 000,107,008 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A1.exe
[2010.01.09 11:26:14 | 000,004,608 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A2.exe
[2010.01.09 11:26:14 | 000,106,496 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A3.exe
[2010.01.09 11:26:14 | 000,107,008 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A4.exe
[2010.01.09 11:26:14 | 000,210,432 | R--- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Installer\{359ADF3A-F727-40F1-9D8A-6699EE355287}\Icon359ADF3A5.exe
[2007.10.23 09:27:20 | 000,110,592 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\cleanup.exe
[2008.05.02 10:41:48 | 003,493,888 | ---- | M] (SanDisk Corporation) -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\Launchpad Removal.exe
[2008.05.04 16:02:26 | 004,603,904 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\LaunchPad.exe
[2007.10.23 09:44:48 | 000,054,584 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\U3AccessGrant.exe
[2007.10.02 18:14:46 | 000,024,064 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\hostClnUpNoOp.exe
[2007.10.02 18:14:46 | 022,882,088 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\Skype.exe
[2007.10.02 18:14:46 | 000,025,896 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\skypeshutdown.exe
[2007.10.02 18:14:46 | 000,241,664 | ---- | M] (U3 LLC) -- C:\Users\Daniel\AppData\Roaming\U3\1738830527505CB0\0DE4F643-C398-46ec-9339-2362F2311932\Exec\U3Action.exe
[2008.05.02 10:41:48 | 003,493,888 | -H-- | M] (SanDisk Corporation) -- C:\Users\Daniel\AppData\Roaming\U3\temp\Launchpad Removal.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\ERDNT\cache\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\ERDNT\cache\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\ERDNT\cache\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\ERDNT\cache\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\System32\user32.dll
[2009.07.14 02:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2009.11.26 13:19:35 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 02:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 02:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >
         

Neuer Extras

Code:
ATTFilter
OTL Extras logfile created on: 14.02.2011 20:15:48 - Run 3
OTL by OldTimer - Version 3.2.20.6     Folder = D:\Downloads\OTL
 An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 72,00% Memory free
6,00 Gb Paging File | 6,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 48,97 Gb Total Space | 26,14 Gb Free Space | 53,38% Space Free | Partition Type: NTFS
Drive D: | 249,02 Gb Total Space | 226,03 Gb Free Space | 90,77% Space Free | Partition Type: NTFS
Drive E: | 426,98 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1,87 Gb Total Space | 1,19 Gb Free Space | 63,74% Space Free | Partition Type: FAT
 
Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FlashFXP\FlashFXP.exe" = C:\Program Files\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{127B684B-A002-44C8-99A7-6CF8F1E26873}" = PunkBuster für Battlefield 1942
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D}" = mkv2vob
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes
"{359ADF3A-F727-40F1-9D8A-6699EE355287}" = Gothic 3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{50D4CB89-AF34-4978-96DC-C3034062E901}" = Battlefield 2: Special Forces
"{5454083B-1308-4485-BF17-1110000B8301}" = Grand Theft Auto IV
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{611ED207-22E5-4543-B9D3-E73096759A4F}" = LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket
"{6833245E-DD86-479A-882A-8360D62C8194}" = NVIDIA PhysX
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}" = Battlefield 1942
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C1D47CC-682C-4673-8CA8-DEE659628599}" = LEGO MINDSTORMS NXT Migration Package
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F0C4457-8E64-491B-8D7B-991504365D1E}" = QuickSet
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{91F34319-08DE-457a-99C0-0BCDFAC145B9}" = CuteFTP 8 Professional
"{975E4CAE-D408-48DA-9346-65D7DB72B7DE}" = Hama Cromo Pad
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A13E07E1-A423-44FB-9DEE-B24C75C1BAF2}" = WIDCOMM Bluetooth Software 6.0.1.3100
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B73B4A99-4173-4747-BBEC-0F05E966F9D2}" = Battlefield 1942: Secret Weapons of WWII
"{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}" = LEGO MINDSTORMS NXT Software v2.0
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}" = Battlefield 1942: The Road To Rome
"{D30E4145-9120-4497-AD35-F78482C3CF88}" = LEGO MINDSTORMS NXT Driver
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"HTPE3" = HyperTerminal Private Edition v6.3
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"LOGO!Soft Comfort V6.1" = LOGO!Soft Comfort V6.1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TomTom HOME" = TomTom HOME 2.7.3.1894
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 1.0.3
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1829377223-3649973229-498654646-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 14.02.2011 13:37:25 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 13:37:27 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 13:55:14 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 13:55:14 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 14:17:37 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 14:17:37 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 14:40:58 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 14:40:58 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 14:51:58 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 14.02.2011 14:51:58 | Computer Name = Daniel-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ OSession Events ]
Error - 24.10.2010 14:18:11 | Computer Name = Daniel-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6425.1000, Microsoft Office Version: 12.0.6425.1000. This session lasted 123
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 14.02.2011 14:53:13 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.02.2011 14:53:13 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.02.2011 14:53:13 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.02.2011 14:53:13 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.02.2011 14:55:09 | Computer Name = Daniel-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.02.2011 14:55:09 | Computer Name = Daniel-PC | Source = PNRPSvc | ID = 102
Description = 
 
Error - 14.02.2011 14:55:09 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.02.2011 14:55:09 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
Error - 14.02.2011 14:55:09 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler
 beendet:   %%-2140993535
 
Error - 14.02.2011 14:55:09 | Computer Name = Daniel-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name
 Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet 
wurde:   %%-2140993535
 
 
< End of report >
         

Antwort

Themen zu Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)
antivir, browser, conhost.exe, entfernen, explorer, externe festplatte, festplatte, firefox, gomeo, host.exe, internet, internet explorer, malware, microsoft, monstermarketplace.com, neu, nicht vorhanden, problem, prozess, prozesse, seiten, server, sich automatisch, system, system32, task-manager, trojaner, trojaner?, virus, virus?, warnmeldungen, win32.palevo, windows, windows-firewall



Ähnliche Themen: Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)


  1. Windows 8.1 + Firefox 38.0.1: Request an Malware-gelistete Seite bei Aufruf von beliebiger Website
    Log-Analyse und Auswertung - 31.05.2015 (3)
  2. Firefox - Falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 03.11.2012 (1)
  3. Falsche Verlinkung bei Google oder ICQ-Suchergebnissen
    Plagegeister aller Art und deren Bekämpfung - 06.07.2012 (41)
  4. Falsche Verlinkung bei Google-Suchergebnisse
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (20)
  5. Firefox Google - falsche Weiterleitung
    Plagegeister aller Art und deren Bekämpfung - 09.06.2012 (8)
  6. Falsche Verlinkung durch Google
    Log-Analyse und Auswertung - 19.06.2011 (36)
  7. Umleitung auf ask, gomeo etc bei Firefox und andere Probleme
    Plagegeister aller Art und deren Bekämpfung - 12.04.2011 (23)
  8. Bad request 400 - Firefox und IE Probleme - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 17.02.2011 (1)
  9. ie & firefox öffnen falsche seiten
    Log-Analyse und Auswertung - 02.02.2011 (18)
  10. Firefox öffnet falsche Fenster
    Plagegeister aller Art und deren Bekämpfung - 14.12.2010 (25)
  11. Tidserv Request 2 > svchost.exe, firefox.exe
    Plagegeister aller Art und deren Bekämpfung - 28.06.2010 (16)
  12. Firefox öffnet falsche links
    Log-Analyse und Auswertung - 26.06.2009 (1)
  13. falsche Verlinkung
    Plagegeister aller Art und deren Bekämpfung - 09.05.2009 (19)
  14. Firefox öffnet falsche Seiten
    Log-Analyse und Auswertung - 12.03.2009 (0)
  15. falsche Verlinkung google
    Log-Analyse und Auswertung - 16.11.2008 (0)
  16. Falsche Verlinkung auf Ordner "NetworkService"
    Alles rund um Windows - 09.11.2006 (1)
  17. nochmals falsche verlinkung und ich komm nicht weiter
    Plagegeister aller Art und deren Bekämpfung - 10.08.2006 (2)

Zum Thema Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) - Hallo zusammen! Ich bin neu in diesem Forum und hoffe, dass ich alle Formalitäten beachte. Zu meinem Problem: Seit kurzem kann ich mit Firefox so gut wie keine Seiten mehr - Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.)...
Archiv
Du betrachtest: Bad Request 400 Firefox/ Falsche Verlinkung IE (Gomeo usw.) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.