Trojaner-Board - Unbekannte Fehlerquelle , Virus

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Unbekannte Fehlerquelle , Virus (https://www.trojaner-board.de/100190-unbekannte-fehlerquelle-virus.html)

Unbekannte Fehlerquelle , Virus

Hallo ,

Ich habe folgendes Problem : Meine Browser spielen oft verrückt und Chrome den ich am meisten nutze funktioniert manchmal garnicht mehr. Im Moment funktioniert er überhaupt nicht mehr (icq geht immer)da hab ich Google um rate gefragt und alles ausprobiert nichts hat geholfen auch habe ich alles nach Malware durchsucht 2-3 Sachen wurden gefunden und escan gibt noch folgende Probleme :

Objekt "Backdoor (IRCBot) Trojans Spyware/Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "AntiSpyware Pro XP Corrupted Adware/Spyware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "XP AntiMalware Spyware/Adware" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.
Objekt "Orifice2K.plugin Trojan" im Dateisystem gefunden! Maßnahme ergriffen: Keine Maßnahme ergriffen.

Habe auch einen Hijackthis Bericht :

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:53:09, on 10.06.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ICQ7.5\ICQ.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\David\Desktop\HiJackThis204.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=www.youtube.de
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\David\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Startup: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Broken Internet access because of LSP provider '%programfiles%\fritz!dsl\\sarah.dll' missing
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Cloud Antivirus Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) Extreme Tuning Utility (XTUService) - Intel Corporation - C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

--
End of file - 13334 bytes

Bitte bitte ich brauche Hilfe , Ich würde mich riesieg über welche freuen ich weiß nicht mehr weiter :(

Danke, dann ergänz ich das mal hier :

Defogger :
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:39 on 11/06/2011 (David)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

OTL.txt:OTL Logfile:

Code:

OTL logfile created on: 11.06.2011 11:42:28 - Run 1

OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\David\Desktop

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,99 Gb Total Physical Memory | 4,26 Gb Available Physical Memory | 71,20% Memory free

11,98 Gb Paging File | 10,21 Gb Available in Paging File | 85,26% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,05 Gb Total Space | 30,38 Gb Free Space | 20,38% Space Free | Partition Type: NTFS

Drive D: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive R: | 1862,92 Gb Total Space | 1497,69 Gb Free Space | 80,39% Space Free | Partition Type: NTFS

 

Computer Name: DAVE | User Name: David | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.06.11 11:36:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

PRC - [2011.05.29 12:16:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe

PRC - [2011.05.16 14:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011.05.13 11:11:03 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011.03.21 20:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

PRC - [2011.02.24 15:36:15 | 000,423,232 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe

PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2010.12.16 19:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe

PRC - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

PRC - [2010.09.10 17:39:50 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe

PRC - [2010.02.19 16:15:52 | 000,022,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe

 

 
 ========== Modules (SafeList) ==========

 

MOD - [2011.06.11 11:36:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - [2009.07.28 17:10:48 | 000,088,888 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE -- (IGDCTRL)

SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2011.06.03 10:58:50 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.05.29 12:16:53 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)

SRV - [2011.05.16 14:58:36 | 002,151,128 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.01.07 20:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2010.12.16 19:19:34 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)

SRV - [2010.11.11 15:39:34 | 000,128,928 | ---- | M] (Futuremark Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe -- (Futuremark SystemInfo Service)

SRV - [2010.09.16 15:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.02.19 16:15:52 | 000,022,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe -- (XTUService) Intel(R)

SRV - [2010.02.19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2011.04.29 12:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)

DRV:64bit: - [2011.02.18 17:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2010.12.16 19:12:18 | 000,128,584 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProt.sys -- (PSINProt)

DRV:64bit: - [2010.12.16 19:12:11 | 000,121,928 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINProc.sys -- (PSINProc)

DRV:64bit: - [2010.12.16 19:12:04 | 000,150,088 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\PSINKNC.sys -- (PSINKNC)

DRV:64bit: - [2010.12.16 19:11:56 | 000,114,760 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PSINFile.sys -- (PSINFile)

DRV:64bit: - [2010.12.16 19:11:49 | 000,158,280 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSINAflt.sys -- (PSINAflt)

DRV:64bit: - [2010.11.12 01:10:49 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2010.07.12 20:36:10 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)

DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2010.04.07 16:04:00 | 000,290,008 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y62x64.sys -- (e1yexpress) Intel(R)

DRV:64bit: - [2010.01.20 12:27:20 | 000,036,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\intelsmb.sys -- (smbusp) Intel(R)

DRV:64bit: - [2009.11.01 20:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2008.06.17 10:22:24 | 000,040,464 | ---- | M] (H+H Software GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vcd10bus.sys -- (vcd10bus)

DRV - [2011.06.10 14:12:40 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)

DRV - [2010.02.03 12:42:02 | 000,030,384 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBios.sys -- (IOCBIOS)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F B8 7A D1 59 48 CB 01  [binary data]

IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www.youtube.de

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"

FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.09.10 17:40:21 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.12.08 22:21:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.22 00:24:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.22 00:24:13 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\components [2011.05.14 17:20:32 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 10\plugins [2011.05.22 00:24:12 | 000,000,000 | ---D | M]

 

[2011.03.31 20:16:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Extensions

[2011.01.30 14:50:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Extensions-BackupByFirefoxPortable

[2011.05.10 14:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions

[2011.04.20 22:15:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2011.05.10 14:18:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.02.12 22:31:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.05.10 14:18:12 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com

[2011.03.04 17:22:31 | 000,001,131 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i0l7udn7.default\searchplugins\conduit.xml

[2011.05.14 19:54:44 | 000,000,950 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i0l7udn7.default\searchplugins\icqplugin-1.xml

[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i0l7udn7.default\searchplugins\icqplugin.xml

File not found (No name found) -- 

[2010.12.08 22:21:24 | 000,000,000 | ---D | M] (Adobe Contribute Toolbar) -- C:\PROGRAM FILES (X86)\ADOBE\ADOBE CONTRIBUTE CS5\PLUGINS\FIREFOXPLUGIN\{01A8CA0A-4C96-465B-A49B-65C46FAD54F9}

[2011.03.05 11:31:13 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES (X86)\MOZILLA FIREFOX 4.0 BETA 10\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\DAVID\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\I0L7UDN7.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()

O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)

O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

O4 - HKLM..\Run: [PSUNMain] C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)

O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)

O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk = C:\Users\David\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()

O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk =  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153

O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\\sarah.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\\sarah.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\\sarah.dll ()

O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\\sarah.dll ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\FRITZ!DSL\\sarah.dll ()

O12 - Plugin for: .spop - C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Reg Error: Key error.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.11 01:09:29 | 000,000,047 | -H-- | M] () - D:\autorun.inf -- [ UDF ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (lsdelete) -  File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

 

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.06.11 11:36:35 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

[2011.06.10 19:51:58 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\David\Desktop\HiJackThis204.exe

[2011.06.10 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe

[2011.06.10 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe

[2011.06.10 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe

[2011.06.10 19:33:15 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome

[2011.06.10 18:36:11 | 000,000,000 | ---D | C] -- C:\totalcmd

[2011.06.10 18:36:11 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\GHISLER

[2011.06.10 17:25:17 | 000,034,048 | ---- | C] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe

[2011.06.10 17:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MicroWorld

[2011.06.10 17:25:11 | 000,000,000 | ---D | C] -- C:\ProgramData\MicroWorld

[2011.06.10 17:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\ClearProg

[2011.06.10 17:21:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ClearProg

[2011.06.10 14:12:41 | 000,049,752 | ---- | C] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011.06.10 13:56:00 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys

[2011.06.10 13:55:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\Lavasoft

[2011.06.10 13:55:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft

[2011.06.10 13:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft

[2011.06.10 13:39:36 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO

[2011.05.24 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{334294B6-8746-4037-B8C3-E8CB5734FC8D}

[2011.05.24 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1C3614C5-40F9-4314-A6D6-271855DCF459}

[2011.05.22 00:26:48 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\DDMSettings

[2011.05.22 00:23:58 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\DivX

[2011.05.22 00:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programme\DivX Plus

[2011.05.22 00:23:42 | 000,000,000 | ---D | C] -- C:\Programme\DivX

[2011.05.22 00:23:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DivX Shared

[2011.05.22 00:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX

[2011.05.22 00:16:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX

[2011.05.14 17:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Safari

[2011.05.14 15:20:52 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed

[1 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.06.11 11:38:24 | 000,000,000 | ---- | M] () -- C:\Users\David\defogger_reenable

[2011.06.11 11:38:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.06.11 11:37:13 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.06.11 11:37:13 | 000,017,136 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.06.11 11:36:42 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe

[2011.06.11 11:35:53 | 000,050,477 | ---- | M] () -- C:\Users\David\Desktop\Defogger.exe

[2011.06.11 11:29:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.06.11 11:28:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.06.11 11:28:47 | 527,818,751 | -HS- | M] () -- C:\hiberfil.sys

[2011.06.11 00:27:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498949666-4130971900-2577889908-1000UA.job

[2011.06.11 00:06:15 | 000,228,778 | ---- | M] () -- C:\Users\David\Documents\pinfect.zip

[2011.06.10 21:27:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2498949666-4130971900-2577889908-1000Core.job

[2011.06.10 19:52:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\David\Desktop\HiJackThis204.exe

[2011.06.10 19:34:32 | 000,000,028 | ---- | M] () -- C:\Windows\Lic.xxx

[2011.06.10 19:33:19 | 000,002,312 | ---- | M] () -- C:\Users\David\Desktop\Google Chrome.lnk

[2011.06.10 18:36:12 | 000,000,632 | ---- | M] () -- C:\Users\David\Desktop\Total Commander.lnk

[2011.06.10 17:25:16 | 000,034,048 | ---- | M] (MicroWorld Technologies Inc.) -- C:\Windows\SysWow64\eEmpty.exe

[2011.06.10 17:21:33 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\ClearProg.lnk

[2011.06.10 14:12:40 | 000,049,752 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys

[2011.06.10 14:12:34 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe

[2011.06.10 13:56:01 | 000,001,020 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.06.10 13:47:36 | 099,334,664 | ---- | M] () -- C:\Users\David\Desktop\mwav.exe

[2011.06.09 22:34:09 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2011.06.09 22:34:09 | 000,696,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2011.06.09 22:34:09 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2011.06.09 22:34:09 | 000,147,428 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2011.06.09 22:34:09 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2011.05.30 13:56:42 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr

[2011.05.30 13:56:42 | 000,280,768 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2011.05.30 13:43:29 | 000,215,128 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0

[2011.05.29 12:16:53 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2011.05.14 19:52:39 | 000,000,600 | ---- | M] () -- C:\Users\David\AppData\Roaming\winscp.rnd

[2011.05.14 14:32:18 | 000,004,826 | ---- | M] () -- C:\Users\David\Documents\cc_20110514_143212.reg

[1 C:\Users\David\*.tmp files -> C:\Users\David\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2011.06.11 11:38:24 | 000,000,000 | ---- | C] () -- C:\Users\David\defogger_reenable

[2011.06.11 11:35:53 | 000,050,477 | ---- | C] () -- C:\Users\David\Desktop\Defogger.exe

[2011.06.10 19:33:19 | 000,002,312 | ---- | C] () -- C:\Users\David\Desktop\Google Chrome.lnk

[2011.06.10 19:21:38 | 000,228,778 | ---- | C] () -- C:\Users\David\Documents\pinfect.zip

[2011.06.10 18:36:12 | 000,000,632 | ---- | C] () -- C:\Users\David\Desktop\Total Commander.lnk

[2011.06.10 18:36:11 | 000,000,545 | ---- | C] () -- C:\Windows\UC.PIF

[2011.06.10 18:36:11 | 000,000,545 | ---- | C] () -- C:\Windows\RAR.PIF

[2011.06.10 18:36:11 | 000,000,545 | ---- | C] () -- C:\Windows\PKZIP.PIF

[2011.06.10 18:36:11 | 000,000,545 | ---- | C] () -- C:\Windows\PKUNZIP.PIF

[2011.06.10 18:36:11 | 000,000,545 | ---- | C] () -- C:\Windows\NOCLOSE.PIF

[2011.06.10 18:36:11 | 000,000,545 | ---- | C] () -- C:\Windows\LHA.PIF

[2011.06.10 18:36:11 | 000,000,545 | ---- | C] () -- C:\Windows\ARJ.PIF

[2011.06.10 17:25:29 | 000,000,028 | ---- | C] () -- C:\Windows\Lic.xxx

[2011.06.10 17:21:33 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\ClearProg.lnk

[2011.06.10 17:03:34 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe

[2011.06.10 13:56:01 | 000,001,020 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.06.10 13:47:36 | 099,334,664 | ---- | C] () -- C:\Users\David\Desktop\mwav.exe

[2011.05.14 17:12:13 | 000,002,503 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Safari.lnk

[2011.05.14 14:32:16 | 000,004,826 | ---- | C] () -- C:\Users\David\Documents\cc_20110514_143212.reg

[2011.05.10 14:21:52 | 000,000,000 | ---- | C] () -- C:\Users\David\AppData\Local\{547DFA4E-F24F-4340-B3DE-7B55F1E517DA}

[2011.02.20 16:12:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011.02.10 19:29:13 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011.02.10 19:29:13 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.02.10 19:29:13 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011.02.10 19:29:13 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.02.10 19:29:13 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2010.12.09 16:29:57 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010.11.13 18:59:32 | 000,000,600 | ---- | C] () -- C:\Users\David\AppData\Roaming\winscp.rnd

[2010.10.11 13:55:43 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe

[2010.10.11 13:43:16 | 000,280,768 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe

[2010.10.11 13:43:15 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

[2010.10.11 13:43:14 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe

[2010.09.05 21:52:37 | 000,099,932 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat

[2010.08.30 21:04:58 | 001,588,294 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT

[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat

[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

 
 ========== LOP Check ==========

 

[2011.02.12 22:31:28 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\DVDVideoSoftIEHelpers

[2010.08.30 18:07:29 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Engelmann Media

[2010.12.08 22:05:52 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Foxit Software

[2011.06.07 06:20:00 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\FRITZ!

[2011.06.10 18:36:11 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GHISLER

[2011.03.07 13:13:10 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\GroovesharkDesktop.7F9BF17D6D9CB2159C78A6A6AB076EA0B1E0497C.1

[2010.12.14 20:17:15 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\gtk-2.0

[2011.01.25 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HTC

[2011.01.25 18:32:01 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2011.06.11 11:41:05 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICQ

[2011.02.01 19:22:36 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\ICQ-Tools.de

[2010.08.30 17:28:12 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\InterTrust

[2010.09.06 06:19:55 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\MobMapUpdater

[2011.02.01 19:22:37 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OCS

[2010.10.24 19:04:20 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\OpenOffice.org

[2011.02.01 19:22:39 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Opera

[2011.01.25 18:34:40 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Outlook

[2010.12.09 17:10:34 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\PACE Anti-Piracy

[2010.08.30 18:12:36 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Panda Security

[2010.09.14 04:34:30 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Philipp Winterberg

[2010.12.09 17:12:03 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

[2010.12.27 18:03:08 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\TS3Client

[2010.12.08 21:53:55 | 000,000,000 | --SD | M] -- C:\Users\David\AppData\Roaming\Virtual CD v10

[2010.10.21 22:39:53 | 000,000,000 | ---D | M] -- C:\Users\David\AppData\Roaming\Wi-Fi Sync

[2011.06.11 11:28:57 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.02.10 19:36:40 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN

[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2010.08.30 17:17:01 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2010.08.30 17:22:59 | 000,000,000 | ---D | M] -- C:\Intel

[2010.12.02 16:20:32 | 000,000,000 | R--D | M] -- C:\MSOCache

[2010.09.05 18:48:37 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.05.22 00:23:42 | 000,000,000 | R--D | M] -- C:\Programme

[2011.06.10 17:21:31 | 000,000,000 | ---D | M] -- C:\Program Files (x86)

[2011.06.10 17:25:11 | 000,000,000 | ---D | M] -- C:\ProgramData

[2010.08.30 17:17:01 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.02.10 19:40:52 | 000,000,000 | ---D | M] -- C:\Qoobox

[2010.08.30 17:17:01 | 000,000,000 | ---D | M] -- C:\Recovery

[2011.01.25 18:55:48 | 000,000,000 | ---D | M] -- C:\ruu_log

[2011.06.11 11:43:16 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2010.08.30 18:57:40 | 000,000,000 | ---D | M] -- C:\TempEI4

[2011.06.10 18:36:16 | 000,000,000 | ---D | M] -- C:\totalcmd

[2010.08.30 17:18:25 | 000,000,000 | R--D | M] -- C:\Users

[2010.09.01 04:28:44 | 000,000,000 | ---D | M] -- C:\VLC

[2011.06.10 19:35:32 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: EXPLORER.EXE  >

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\SysWOW64\explorer.exe

[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe

[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe

[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe

[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe

[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe

[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe

[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\ERDNT\cache86\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\explorer.exe

[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe

[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\SoftwareDistribution\Download\00236e2e422dab929dcda56260d05350\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe

[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe

[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe

[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\ERDNT\cache64\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\SysNative\winlogon.exe

[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SoftwareDistribution\Download\0cfc8dbf763c806fb82e646c7352a6fc\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 1088 bytes -> C:\Users\David\AppData\Local\G8dHZFWb:bzoSicG2hszlPqL5DTm
 

< End of report >

--- --- ---

extras.txt:OTL Logfile:

Code:

OTL Extras logfile created on: 11.06.2011 11:42:28 - Run 1

OTL by OldTimer - Version 3.2.23.0     Folder = C:\Users\David\Desktop

64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

5,99 Gb Total Physical Memory | 4,26 Gb Available Physical Memory | 71,20% Memory free

11,98 Gb Paging File | 10,21 Gb Available in Paging File | 85,26% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 149,05 Gb Total Space | 30,38 Gb Free Space | 20,38% Space Free | Partition Type: NTFS

Drive D: | 7,73 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Drive R: | 1862,92 Gb Total Space | 1497,69 Gb Free Space | 80,39% Space Free | Partition Type: NTFS

 

Computer Name: DAVE | User Name: David | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.exe [@ = exefile] -- Reg Error: Key error. File not found

.html [@ = htmlfile] -- Reg Error: Key error. File not found

 
 ========== Shell Spawning ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %* File not found

cmdfile [open] -- "%1" %* File not found

comfile [open] -- "%1" %* File not found

exefile [open] -- "%1" %* File not found

helpfile [open] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)

InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)

InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)

piffile [open] -- "%1" %* File not found

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1" File not found

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found

scrfile [open] -- "%1" /S File not found

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found

Directory [AddToPlaylistVLC] -- "C:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [explore] -- Reg Error: Value error.

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 
 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"DisableNotifications" = 0

"EnableFirewall" = 1

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour

"{16DDB3D1-5C27-4599-9C63-E583287191CC}" = iTunes

"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant

"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64

"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)

"{26A24AE4-039D-4CA4-87B4-2F86416022FF}" = Java(TM) 6 Update 22 (64-bit)

"{27BAA191-CEB0-4F17-95FA-B44DD128375E}" = MobileMe Control Panel

"{2D5D9603-22CF-4B99-83F6-0CD20330F62E}" = FRITZ!DSL64

"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022

"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64

"{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}" = Panda Cloud Antivirus

"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64

"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended

"{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support

"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010

"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010

"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010

"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010

"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010

"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010

"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010

"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010

"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010

"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010

"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010

"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010

"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010

"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010

"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010

"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010

"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010

"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010

"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64

"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64

"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007F-0407-1000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 64-Bit

"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 266.58

"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.1.13.1

"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application

"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64

"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector

"{D285FC5F-3021-32E9-9C59-24CA325BDC5C}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729

"{D5558268-0050-4B95-AD5E-426960E1EFE1}" = Intel(R) Network Connections 15.3.68.0

"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319

"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile

"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit

"Adobe Flash Player Plugin 64" = Adobe Flash Player 10 Plugin 64-bit

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Office14.PROPLUS" = Microsoft Office Professional Plus 2010

"PROSetDX" = Intel(R) Network Connections 15.3.68.0

"SMBus" = Intel(R) SMBus

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{024521CF-C07E-4F8E-8481-0D75695E03AF}" = PxMergeModule

"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help

"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86

"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser

"{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}" = Adobe Creative Suite 5 Master Collection

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24

"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2

"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86

"{680325D9-CF2A-494C-B1F5-46FBD2B8948A}" = Intel(R) Desktop Control Center

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari

"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer

"{6DB7AD00-F781-11DF-9EEF-001279CD8240}" = Google Earth

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74656168-CF28-40BD-9D87-700B07BAF9B6}" = HTC Sync

"{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}" = ICQ7.5

"{7F3AD00A-1819-4B15-BB7D-08B3586336D7}" = 3DMark06

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B433B7D6-0A97-4ED4-BE64-863A0B3A0776}_is1" = YouFreeTV Version 0.02

"{B556929F-79D5-E843-27D4-60B1586C4773}" = Grooveshark

"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX

"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86

"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1

"{EEA080A7-4331-4593-A071-D0862A8178B9}" = ASUS nVidia Driver

"{F027C8E3-6DBD-492A-9959-7B36B1DE0D65}" = Ad-Aware

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.65

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"CCleaner" = CCleaner

"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help

"ClearProg" = ClearProg 1.6.0 Final

"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player

"DivX Setup.divx.com" = DivX-Setup

"Foxit Reader" = Foxit Reader

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7

"Free Video Flip and Rotate_is1" = Free Video Flip and Rotate version 1.8.10

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324

"GeoGebra" = GeoGebra

"GroovesharkDesktop.7F9BF17D6D9CB2159C78A6A6AB076EA0B1E0497C.1" = Grooveshark

"HyperSnap 6" = HyperSnap 6

"JDownloader" = JDownloader

"KLiteCodecPack_is1" = K-Lite Codec Pack 6.0.4 (Basic)

"MobMap_is1" = MobMap 4.04

"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)

"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver

"OpenAL" = OpenAL

"Panda Cloud Antivirus" = Panda Cloud Antivirus

"Plants vs. Zombies(TM)" = Plants vs. Zombies(TM) (remove only)

"PunkBusterSvc" = PunkBuster Services

"RarZilla Free Unrar" = RarZilla Free Unrar

"RealPlayer 12.0" = RealPlayer

"ST5UNST #1" = Kaminfeuer Titanium Edition II

"Steam App 10180" = Call of Duty: Modern Warfare 2

"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer

"Steam App 240" = Counter-Strike: Source

"Steam App 43110" = Metro 2033

"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2

"TeamSpeak 3 Client" = TeamSpeak 3 Client

"TeamViewer 6" = TeamViewer 6

"Totalcmd" = Total Commander (Remove or Repair)

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VLC media player 1.1.4

"WinLiveSuite" = Windows Live Essentials

"winscp3_is1" = WinSCP 4.2.9

"World of Warcraft" = World of Warcraft

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Google Chrome" = Google Chrome

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 19.04.2011 09:04:30 | Computer Name = Dave | Source = SideBySide | ID = 16842832

Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\David\Downloads\SoftonicDownloader_fuer_free-powerpoint-templates.exe".

 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche

 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.

In

 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest.

Komponente

 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest.

 

Error - 20.04.2011 06:50:45 | Computer Name = Dave | Source = Bonjour Service | ID = 100

Description = ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)

 

Error - 20.04.2011 06:50:45 | Computer Name = Dave | Source = Bonjour Service | ID = 100

Description = ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)

 

Error - 20.04.2011 06:50:45 | Computer Name = Dave | Source = Bonjour Service | ID = 100

Description = ERROR: accept: 10022 (Ein ungültiges Argument wurde angegeben.)

 

Error - 14.05.2011 10:11:05 | Computer Name = Dave | Source = Application Hang | ID = 1002

Description = Programm WinSCP.exe, Version 4.2.9.938 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1bd4    Startzeit:

 01cc1240ab81a59e    Endzeit: 0    Anwendungspfad: C:\Program Files (x86)\WinSCP\WinSCP.exe
 

Berichts-ID:

 ff8f057f-7e33-11e0-9c27-001cc0f3ab45  

 

Error - 14.05.2011 10:56:39 | Computer Name = Dave | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 2.0.0.4051 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 19c4    Startzeit:

 01cc1246cd4d2bde    Endzeit: 21    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox

 4.0 Beta 10\firefox.exe    Berichts-ID: 5dc4cc62-7e3a-11e0-9c27-001cc0f3ab45  

 

Error - 21.05.2011 18:28:55 | Computer Name = Dave | Source = Application Hang | ID = 1002

Description = Programm chrome.exe, Version 0.0.0.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 18c4    Startzeit:

 01cc1805fc761c89    Endzeit: 5    Anwendungspfad: C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
 

Berichts-ID:

 b504a921-83f9-11e0-833c-001cc0f3ab45  

 

Error - 21.05.2011 19:28:32 | Computer Name = Dave | Source = Application Error | ID = 1000

Description = Name der fehlerhaften Anwendung: DivX Plus Player.exe, Version: 10.2.1.20,

 Zeitstempel: 0x4cdc8b7a  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,

 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05f97e02  ID des fehlerhaften

 Prozesses: 0x275c  Startzeit der fehlerhaften Anwendung: 0x01cc180ec9f6d2cd  Pfad der

 fehlerhaften Anwendung: C:\Program Files (x86)\DivX\DivX Plus Player\DivX Plus 

Player.exe  Pfad des fehlerhaften Moduls: unknown  Berichtskennung: 0a3fa5cf-8402-11e0-833c-001cc0f3ab45

 

Error - 24.05.2011 12:01:57 | Computer Name = Dave | Source = Application Hang | ID = 1002

Description = Programm chrome.exe, Version 0.0.0.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 12f8    Startzeit:

 01cc1a02ffb0bbfb    Endzeit: 7    Anwendungspfad: C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
 

Berichts-ID:

 25556f20-861f-11e0-8c5d-001cc0f3ab45  

 

Error - 24.05.2011 12:05:37 | Computer Name = Dave | Source = Application Hang | ID = 1002

Description = Programm chrome.exe, Version 0.0.0.0 kann nicht mehr unter Windows

 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,

 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 123c    Startzeit:

 01cc1a2c2af9df2b    Endzeit: 3    Anwendungspfad: C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
 

Berichts-ID:

 a88fbb77-861f-11e0-8c5d-001cc0f3ab45  

 

[ System Events ]

Error - 16.03.2011 11:16:51 | Computer Name = Dave | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 23.03.2011 15:40:31 | Computer Name = Dave | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

 

Error - 23.03.2011 15:40:31 | Computer Name = Dave | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

 

Error - 23.03.2011 15:40:32 | Computer Name = Dave | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

 

Error - 23.03.2011 15:40:32 | Computer Name = Dave | Source = Disk | ID = 262155

Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

 

Error - 28.03.2011 01:16:31 | Computer Name = Dave | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 Steam Client Service erreicht.

 

Error - 28.03.2011 01:16:31 | Computer Name = Dave | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers

 nicht gestartet:   %%1053

 

Error - 10.04.2011 06:09:57 | Computer Name = Dave | Source = Service Control Manager | ID = 7009

Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst

 SearchAnonymizer erreicht.

 

Error - 10.04.2011 06:09:57 | Computer Name = Dave | Source = Service Control Manager | ID = 7000

Description = Der Dienst "SearchAnonymizer" wurde aufgrund folgenden Fehlers nicht

 gestartet:   %%1053

 

Error - 15.04.2011 13:20:01 | Computer Name = Dave | Source = Disk | ID = 262151

Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.

 

 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=www.youtube.de

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"

FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"

FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="

[2011.04.20 22:15:31 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

[2011.05.10 14:18:13 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2011.02.12 22:31:28 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2011.05.10 14:18:12 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010.09.11 01:09:29 | 000,000,047 | -H-- | M] () - D:\autorun.inf -- [ UDF ]

[2011.06.10 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\runouce.exe

[2011.06.10 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe

[2011.06.10 19:35:32 | 000,000,000 | ---D | C] -- C:\Windows\logo_1.exe

[2011.05.24 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{334294B6-8746-4037-B8C3-E8CB5734FC8D}

[2011.05.24 16:23:14 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Local\{1C3614C5-40F9-4314-A6D6-271855DCF459}

[2011.01.25 18:55:48 | 000,000,000 | ---D | M] -- C:\ruu_log

[2010.08.30 18:57:40 | 000,000,000 | ---D | M] -- C:\TempEI4

@Alternate Data Stream - 1088 bytes -> C:\Users\David\AppData\Local\G8dHZFWb:bzoSicG2hszlPqL5DTm

:Commands

[purity]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Danke , so hier der Log :

========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "DVDVideoSoftTB Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" removed from keyword.URL
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\David\AppData\Roaming\mozilla\Firefox\Profiles\i0l7udn7.default\extensions\engine@conduit.com folder moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File move failed. D:\autorun.inf scheduled to be moved on reboot.
C:\Windows\SysWow64\runouce.exe folder moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\logo_1.exe folder moved successfully.
C:\Users\David\AppData\Local\{334294B6-8746-4037-B8C3-E8CB5734FC8D} folder moved successfully.
C:\Users\David\AppData\Local\{1C3614C5-40F9-4314-A6D6-271855DCF459} folder moved successfully.
C:\ruu_log folder moved successfully.
C:\TempEI4 folder moved successfully.
ADS C:\Users\David\AppData\Local\G8dHZFWb:bzoSicG2hszlPqL5DTm deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06112011_190032

Files\Folders moved on Reboot...
File move failed. D:\autorun.inf scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

2011/06/11 19:55:17.0098 17332 TDSS rootkit removing tool 2.5.4.0 Jun 7 2011 17:31:48
2011/06/11 19:55:19.0108 17332 ================================================================================
2011/06/11 19:55:19.0108 17332 SystemInfo:
2011/06/11 19:55:19.0108 17332
2011/06/11 19:55:19.0108 17332 OS Version: 6.1.7600 ServicePack: 0.0
2011/06/11 19:55:19.0108 17332 Product type: Workstation
2011/06/11 19:55:19.0108 17332 ComputerName: DAVE
2011/06/11 19:55:19.0108 17332 UserName: David
2011/06/11 19:55:19.0108 17332 Windows directory: C:\Windows
2011/06/11 19:55:19.0108 17332 System windows directory: C:\Windows
2011/06/11 19:55:19.0108 17332 Running under WOW64
2011/06/11 19:55:19.0108 17332 Processor architecture: Intel x64
2011/06/11 19:55:19.0108 17332 Number of processors: 8
2011/06/11 19:55:19.0108 17332 Page size: 0x1000
2011/06/11 19:55:19.0108 17332 Boot type: Normal boot
2011/06/11 19:55:19.0108 17332 ================================================================================
2011/06/11 19:55:19.0878 17332 Initialize success
2011/06/11 19:56:09.0138 13096 ================================================================================
2011/06/11 19:56:09.0138 13096 Scan started
2011/06/11 19:56:09.0138 13096 Mode: Manual;
2011/06/11 19:56:09.0138 13096 ================================================================================
2011/06/11 19:56:10.0248 13096 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/06/11 19:56:10.0288 13096 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/06/11 19:56:10.0318 13096 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/06/11 19:56:10.0338 13096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/06/11 19:56:10.0378 13096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/06/11 19:56:10.0388 13096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/06/11 19:56:10.0428 13096 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/06/11 19:56:10.0448 13096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/06/11 19:56:10.0458 13096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/06/11 19:56:10.0468 13096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/06/11 19:56:10.0478 13096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/06/11 19:56:10.0498 13096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/06/11 19:56:10.0528 13096 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/06/11 19:56:10.0558 13096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/06/11 19:56:10.0578 13096 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/06/11 19:56:10.0598 13096 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/06/11 19:56:10.0648 13096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/06/11 19:56:10.0668 13096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/06/11 19:56:10.0708 13096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/11 19:56:10.0738 13096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/06/11 19:56:10.0808 13096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/06/11 19:56:10.0848 13096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/06/11 19:56:10.0888 13096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/06/11 19:56:10.0928 13096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/06/11 19:56:10.0978 13096 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/11 19:56:11.0018 13096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/06/11 19:56:11.0028 13096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/06/11 19:56:11.0058 13096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/06/11 19:56:11.0068 13096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/06/11 19:56:11.0088 13096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/06/11 19:56:11.0098 13096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/06/11 19:56:11.0118 13096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/06/11 19:56:11.0138 13096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/11 19:56:11.0178 13096 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/11 19:56:11.0218 13096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/06/11 19:56:11.0248 13096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/06/11 19:56:11.0268 13096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/06/11 19:56:11.0288 13096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/06/11 19:56:11.0308 13096 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/06/11 19:56:11.0328 13096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/06/11 19:56:11.0358 13096 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/06/11 19:56:11.0378 13096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/06/11 19:56:11.0418 13096 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
2011/06/11 19:56:11.0458 13096 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/06/11 19:56:11.0478 13096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/06/11 19:56:11.0498 13096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/06/11 19:56:11.0548 13096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/06/11 19:56:11.0588 13096 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/11 19:56:11.0648 13096 e1yexpress (1f20aeaad1be0121647257235b788224) C:\Windows\system32\DRIVERS\e1y62x64.sys
2011/06/11 19:56:11.0728 13096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/06/11 19:56:11.0858 13096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/06/11 19:56:11.0878 13096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/06/11 19:56:11.0938 13096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/06/11 19:56:11.0968 13096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/06/11 19:56:11.0988 13096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/11 19:56:12.0018 13096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/06/11 19:56:12.0028 13096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/06/11 19:56:12.0038 13096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/11 19:56:12.0068 13096 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/06/11 19:56:12.0098 13096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/06/11 19:56:12.0118 13096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/11 19:56:12.0168 13096 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
2011/06/11 19:56:12.0318 13096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/06/11 19:56:12.0378 13096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/06/11 19:56:12.0448 13096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/06/11 19:56:12.0488 13096 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/06/11 19:56:12.0528 13096 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/11 19:56:12.0548 13096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/06/11 19:56:12.0558 13096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/06/11 19:56:12.0578 13096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/06/11 19:56:12.0628 13096 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/11 19:56:12.0678 13096 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/06/11 19:56:12.0748 13096 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
2011/06/11 19:56:12.0828 13096 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
2011/06/11 19:56:12.0898 13096 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/06/11 19:56:12.0928 13096 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/06/11 19:56:12.0988 13096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/11 19:56:13.0018 13096 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/06/11 19:56:13.0078 13096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/06/11 19:56:13.0148 13096 IntcAzAudAddService (4a725cdde1a0c3d1b1eaca0d9d0d95d0) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/11 19:56:13.0158 13096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/06/11 19:56:13.0188 13096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/11 19:56:13.0278 13096 IOCBIOS (d6ef3558d9a7e4024cf1cfb12d56e81d) C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys
2011/06/11 19:56:13.0288 13096 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/11 19:56:13.0318 13096 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/06/11 19:56:13.0328 13096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/06/11 19:56:13.0378 13096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/06/11 19:56:13.0398 13096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/06/11 19:56:13.0418 13096 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/11 19:56:13.0438 13096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/11 19:56:13.0458 13096 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/11 19:56:13.0478 13096 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/11 19:56:13.0498 13096 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
2011/06/11 19:56:13.0518 13096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/06/11 19:56:13.0618 13096 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
2011/06/11 19:56:13.0668 13096 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/06/11 19:56:13.0718 13096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/11 19:56:13.0758 13096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/06/11 19:56:13.0768 13096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/06/11 19:56:13.0788 13096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/06/11 19:56:13.0798 13096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/06/11 19:56:13.0828 13096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/06/11 19:56:13.0838 13096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/06/11 19:56:13.0858 13096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/06/11 19:56:13.0898 13096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/06/11 19:56:13.0928 13096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/11 19:56:13.0948 13096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/11 19:56:13.0978 13096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/11 19:56:13.0988 13096 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/06/11 19:56:14.0008 13096 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/06/11 19:56:14.0038 13096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/11 19:56:14.0048 13096 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/06/11 19:56:14.0068 13096 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/11 19:56:14.0088 13096 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/11 19:56:14.0108 13096 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/11 19:56:14.0138 13096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/06/11 19:56:14.0158 13096 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/06/11 19:56:14.0188 13096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/06/11 19:56:14.0198 13096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/06/11 19:56:14.0208 13096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/06/11 19:56:14.0248 13096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/11 19:56:14.0248 13096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/11 19:56:14.0268 13096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/06/11 19:56:14.0298 13096 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/06/11 19:56:14.0308 13096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/11 19:56:14.0328 13096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/06/11 19:56:14.0338 13096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/06/11 19:56:14.0368 13096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/06/11 19:56:14.0418 13096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/11 19:56:14.0448 13096 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/06/11 19:56:14.0468 13096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/06/11 19:56:14.0488 13096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/11 19:56:14.0498 13096 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/11 19:56:14.0518 13096 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/11 19:56:14.0528 13096 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/06/11 19:56:14.0548 13096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/11 19:56:14.0568 13096 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/11 19:56:14.0618 13096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/06/11 19:56:14.0638 13096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/06/11 19:56:14.0648 13096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/11 19:56:14.0688 13096 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/06/11 19:56:14.0748 13096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/06/11 19:56:14.0788 13096 NVHDA (857fb74754ebff94ee3ad40788740916) C:\Windows\system32\drivers\nvhda64v.sys
2011/06/11 19:56:15.0078 13096 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/06/11 19:56:15.0208 13096 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/06/11 19:56:15.0238 13096 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/06/11 19:56:15.0258 13096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/06/11 19:56:15.0278 13096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/11 19:56:15.0358 13096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/06/11 19:56:15.0378 13096 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/06/11 19:56:15.0418 13096 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/06/11 19:56:15.0438 13096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/06/11 19:56:15.0458 13096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/06/11 19:56:15.0478 13096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/06/11 19:56:15.0508 13096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/06/11 19:56:15.0598 13096 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/11 19:56:15.0618 13096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/06/11 19:56:15.0668 13096 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/11 19:56:15.0708 13096 PSINAflt (118603a97cd639d25f4448dd25273173) C:\Windows\system32\DRIVERS\PSINAflt.sys
2011/06/11 19:56:15.0748 13096 PSINFile (bf625c0afaf796c80e3b75be2284fde8) C:\Windows\system32\DRIVERS\PSINFile.sys
2011/06/11 19:56:15.0778 13096 PSINKNC (18487175ba65c66acc6f94354f0552de) C:\Windows\system32\DRIVERS\psinknc.sys
2011/06/11 19:56:15.0808 13096 PSINProc (44f40ccaca74dcb1915398712fad8342) C:\Windows\system32\DRIVERS\PSINProc.sys
2011/06/11 19:56:15.0838 13096 PSINProt (38474fbd900a9e3199438fb372db8e36) C:\Windows\system32\DRIVERS\PSINProt.sys
2011/06/11 19:56:15.0918 13096 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/06/11 19:56:15.0968 13096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/06/11 19:56:15.0998 13096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/06/11 19:56:16.0028 13096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/11 19:56:16.0038 13096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/11 19:56:16.0078 13096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/06/11 19:56:16.0098 13096 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/11 19:56:16.0108 13096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/11 19:56:16.0128 13096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/11 19:56:16.0158 13096 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/11 19:56:16.0178 13096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/06/11 19:56:16.0198 13096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/11 19:56:16.0208 13096 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
2011/06/11 19:56:16.0228 13096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/11 19:56:16.0248 13096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/06/11 19:56:16.0268 13096 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/06/11 19:56:16.0288 13096 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/06/11 19:56:16.0338 13096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/11 19:56:16.0368 13096 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys
2011/06/11 19:56:16.0388 13096 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/06/11 19:56:16.0418 13096 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/06/11 19:56:16.0458 13096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/11 19:56:16.0488 13096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/06/11 19:56:16.0498 13096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/06/11 19:56:16.0508 13096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/06/11 19:56:16.0538 13096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/06/11 19:56:16.0548 13096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/06/11 19:56:16.0558 13096 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/06/11 19:56:16.0568 13096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/06/11 19:56:16.0598 13096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/06/11 19:56:16.0608 13096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/06/11 19:56:16.0638 13096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/06/11 19:56:16.0668 13096 smbusp (3b47f81c3c3b4742221a5391ef8d499d) C:\Windows\system32\DRIVERS\intelsmb.sys
2011/06/11 19:56:16.0698 13096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/06/11 19:56:16.0738 13096 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
2011/06/11 19:56:16.0778 13096 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/11 19:56:16.0828 13096 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/11 19:56:16.0878 13096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/06/11 19:56:16.0908 13096 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys
2011/06/11 19:56:16.0928 13096 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys
2011/06/11 19:56:16.0948 13096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/11 19:56:17.0038 13096 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
2011/06/11 19:56:17.0088 13096 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/11 19:56:17.0118 13096 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/11 19:56:17.0148 13096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/06/11 19:56:17.0158 13096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/06/11 19:56:17.0178 13096 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/11 19:56:17.0208 13096 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/11 19:56:17.0248 13096 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/11 19:56:17.0268 13096 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/11 19:56:17.0278 13096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/06/11 19:56:17.0318 13096 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/11 19:56:17.0348 13096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/06/11 19:56:17.0368 13096 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/11 19:56:17.0378 13096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/06/11 19:56:17.0418 13096 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
2011/06/11 19:56:17.0438 13096 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/11 19:56:17.0458 13096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/06/11 19:56:17.0478 13096 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/11 19:56:17.0498 13096 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/11 19:56:17.0508 13096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/06/11 19:56:17.0528 13096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/11 19:56:17.0548 13096 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/11 19:56:17.0568 13096 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/11 19:56:17.0618 13096 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/06/11 19:56:17.0668 13096 vcd10bus (f0faf3fb9b138f8cafb65ecffe9f4ab6) C:\Windows\system32\DRIVERS\vcd10bus.sys
2011/06/11 19:56:17.0698 13096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/06/11 19:56:17.0718 13096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/11 19:56:17.0728 13096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/06/11 19:56:17.0758 13096 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/06/11 19:56:17.0768 13096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/06/11 19:56:17.0788 13096 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys
2011/06/11 19:56:17.0798 13096 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys
2011/06/11 19:56:17.0818 13096 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/06/11 19:56:17.0838 13096 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/06/11 19:56:17.0858 13096 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/06/11 19:56:17.0888 13096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/06/11 19:56:17.0908 13096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/06/11 19:56:17.0918 13096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/06/11 19:56:17.0958 13096 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 19:56:17.0968 13096 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/11 19:56:17.0988 13096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/06/11 19:56:18.0008 13096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/11 19:56:18.0048 13096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/06/11 19:56:18.0058 13096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/06/11 19:56:18.0118 13096 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/06/11 19:56:18.0158 13096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/06/11 19:56:18.0188 13096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/11 19:56:18.0208 13096 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/06/11 19:56:18.0248 13096 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/11 19:56:18.0458 13096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/06/11 19:56:18.0478 13096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
2011/06/11 19:56:18.0478 13096 ================================================================================
2011/06/11 19:56:18.0478 13096 Scan finished
2011/06/11 19:56:18.0478 13096 ================================================================================
2011/06/11 19:56:18.0488 16960 Detected object count: 0
2011/06/11 19:56:18.0488 16960 Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Vielen Dank Arne , dass du dir hier die Zeit nimmst mir bei meinem Problem zu helfen dafür bin ich dir wirklich dankbar :)

Hier der Log Bericht von Combofix :

Combofix Logfile:

Code:

ComboFix 11-06-11.01 - David 11.06.2011  21:42:06.2.8 - x64

Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.6132.4364 [GMT 2:00]

ausgeführt von:: c:\users\David\Desktop\cofi.exe

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-05-11 bis 2011-06-11  ))))))))))))))))))))))))))))))

.

.

2011-06-11 19:46 . 2011-06-11 19:46        --------        d-----w-        c:\users\Public\AppData\Local\temp

2011-06-11 19:46 . 2011-06-11 19:46        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-06-11 17:00 . 2011-06-11 17:00        --------        d-----w-        C:\_OTL

2011-06-10 16:36 . 2011-06-10 16:36        --------        d-----w-        C:\totalcmd

2011-06-10 16:36 . 2011-06-10 16:36        --------        d-----w-        c:\users\David\AppData\Roaming\GHISLER

2011-06-10 16:36 . 2010-12-17 05:56        545        ----a-w-        c:\windows\UC.PIF

2011-06-10 16:36 . 2010-12-17 05:56        545        ----a-w-        c:\windows\RAR.PIF

2011-06-10 16:36 . 2010-12-17 05:56        545        ----a-w-        c:\windows\PKZIP.PIF

2011-06-10 16:36 . 2010-12-17 05:56        545        ----a-w-        c:\windows\PKUNZIP.PIF

2011-06-10 16:36 . 2010-12-17 05:56        545        ----a-w-        c:\windows\NOCLOSE.PIF

2011-06-10 16:36 . 2010-12-17 05:56        545        ----a-w-        c:\windows\LHA.PIF

2011-06-10 16:36 . 2010-12-17 05:56        545        ----a-w-        c:\windows\ARJ.PIF

2011-06-10 15:25 . 2011-06-10 15:25        632064        ----a-w-        c:\windows\SysWow64\msvcr80.dll

2011-06-10 15:25 . 2011-06-10 15:25        554240        ----a-w-        c:\windows\SysWow64\msvcp80.dll

2011-06-10 15:25 . 2011-06-10 15:25        34048        ----a-w-        c:\windows\SysWow64\eEmpty.exe

2011-06-10 15:25 . 2011-06-10 15:25        --------        d-----w-        c:\program files (x86)\Common Files\MicroWorld

2011-06-10 15:25 . 2011-06-10 15:25        --------        d-----w-        c:\programdata\MicroWorld

2011-06-10 15:21 . 2011-06-10 15:21        --------        d-----w-        c:\program files (x86)\ClearProg

2011-06-10 15:03 . 2011-06-10 12:12        16432        ----a-w-        c:\windows\system32\lsdelete.exe

2011-06-10 12:12 . 2011-06-10 12:12        49752        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys

2011-06-10 11:56 . 2011-04-29 10:12        69376        ----a-w-        c:\windows\system32\drivers\Lbd.sys

2011-06-10 11:55 . 2011-06-10 11:55        --------        d-----w-        c:\program files (x86)\Lavasoft

2011-06-10 11:55 . 2011-06-10 11:55        --------        d-----w-        c:\programdata\Lavasoft

2011-06-10 11:39 . 2011-06-10 11:39        --------        d-----w-        c:\windows\system32\IO

2011-05-21 22:26 . 2011-05-21 22:26        --------        d-----w-        c:\users\David\AppData\Local\DDMSettings

2011-05-21 22:23 . 2011-05-21 23:28        --------        d-----w-        c:\users\David\AppData\Roaming\DivX

2011-05-21 22:23 . 2011-05-21 22:23        --------        d-----w-        c:\program files\DivX

2011-05-21 22:23 . 2011-05-21 22:23        --------        d-----w-        c:\program files (x86)\Common Files\DivX Shared

2011-05-21 22:17 . 2011-05-21 22:24        --------        d-----w-        c:\program files (x86)\DivX

2011-05-21 22:16 . 2011-05-21 22:24        --------        d-----w-        c:\programdata\DivX

2011-05-14 15:12 . 2011-05-14 15:12        --------        d-----w-        c:\program files (x86)\Safari

2011-05-14 13:20 . 2011-05-14 13:20        --------        d-----w-        c:\windows\system32\Macromed

2011-05-14 13:09 . 2011-06-10 17:26        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-30 11:56 . 2010-10-11 18:12        280768        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr

2011-05-30 11:56 . 2010-10-11 11:43        280768        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe

2011-05-30 11:43 . 2010-10-11 11:43        215128        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0

2011-05-29 10:16 . 2010-10-11 11:43        75136        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe

2011-04-06 14:26 . 2011-04-06 14:26        96544        ----a-w-        c:\windows\system32\dnssd.dll

2011-04-06 14:26 . 2011-04-06 14:26        69408        ----a-w-        c:\windows\system32\jdns_sd.dll

2011-04-06 14:26 . 2011-04-06 14:26        237856        ----a-w-        c:\windows\system32\dnssdX.dll

2011-04-06 14:26 . 2011-04-06 14:26        119584        ----a-w-        c:\windows\system32\dns-sd.exe

2011-04-06 14:20 . 2011-04-06 14:20        91424        ----a-w-        c:\windows\SysWow64\dnssd.dll

2011-04-06 14:20 . 2011-04-06 14:20        75040        ----a-w-        c:\windows\SysWow64\jdns_sd.dll

2011-04-06 14:20 . 2011-04-06 14:20        197920        ----a-w-        c:\windows\SysWow64\dnssdX.dll

2011-04-06 14:20 . 2011-04-06 14:20        107808        ----a-w-        c:\windows\SysWow64\dns-sd.exe

2011-03-26 18:55 . 2011-03-26 18:55        53760        ----a-w-        c:\windows\system32\wow3232.dll

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-02-10_17.36.42   )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-03-14 07:10 . 2011-01-18 19:44        29696              c:\windows\SysWOW64\VB5StKit.dll

+ 2011-03-14 07:10 . 2011-01-18 19:44        99866              c:\windows\SysWOW64\VB5DE.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        57960              c:\windows\SysWOW64\OpenCL.dll

- 2010-12-20 15:32 . 2010-10-22 06:23        57960              c:\windows\SysWOW64\OpenCL.dll

+ 2011-03-14 07:10 . 2011-01-18 19:44        34816              c:\windows\SysWOW64\MCIDE.dll

+ 2010-11-12 00:44 . 2010-11-12 00:44        94208              c:\windows\SysWOW64\dpl100.dll

- 2010-12-02 20:41 . 2011-02-10 17:36        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-12-02 20:41 . 2011-06-11 17:02        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2011-06-11 17:02        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2011-02-10 17:36        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:54 . 2011-06-11 17:02        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-02-10 17:36        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-02-10 17:36        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-11 17:02        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-08-30 15:26 . 2011-06-11 17:04        43524              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2011-06-11 17:04        30426              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2010-08-30 15:20 . 2011-06-11 17:04        10498              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2498949666-4130971900-2577889908-1000_UserData.bin

- 2010-12-20 15:32 . 2010-10-22 06:23        67176              c:\windows\system32\OpenCL.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        67176              c:\windows\system32\OpenCL.dll

- 2010-12-20 15:32 . 2010-09-07 20:09        29288              c:\windows\system32\nvhdap64.dll

+ 2011-03-17 12:36 . 2010-11-11 23:10        29288              c:\windows\system32\nvhdap64.dll

+ 2011-06-10 11:56 . 2011-04-29 10:12        69376              c:\windows\system32\DRVSTORE\lbd_483F0BF7A3AD4ED71EB7FC6065CFD6B9C37DEB69\Lbd.sys

+ 2009-07-14 05:30 . 2011-04-03 17:59        86016              c:\windows\system32\DriverStore\infpub.dat

- 2009-07-14 05:30 . 2011-02-01 14:47        86016              c:\windows\system32\DriverStore\infpub.dat

+ 2011-02-18 15:36 . 2011-02-18 15:36        51712              c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c169b6211f782a21\usbaapl64.sys

+ 2011-03-17 12:36 . 2010-11-11 23:10        29288              c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_1a8ed05a8ff84461\nvhdap64.dll

+ 2011-03-17 12:36 . 2010-11-11 23:10        70760              c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_1a8ed05a8ff84461\nvapo64v.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        67176              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\OpenCL64.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        57960              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\OpenCL.dll

- 2010-09-28 14:44 . 2010-09-28 14:44        51712              c:\windows\system32\drivers\usbaapl64.sys

+ 2011-02-18 15:36 . 2011-02-18 15:36        51712              c:\windows\system32\drivers\usbaapl64.sys

+ 2010-12-08 20:17 . 2010-07-12 18:36        55856              c:\windows\system32\drivers\PxHlpa64.sys

+ 2010-08-30 21:12 . 2011-06-11 12:43        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-30 21:12 . 2011-02-05 12:16        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-30 21:12 . 2011-02-05 12:16        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-08-30 21:12 . 2011-06-11 12:43        32768              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2011-02-05 12:16        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2011-06-11 12:43        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-14 07:10 . 2011-01-18 19:44        72704              c:\windows\ST5UNST.EXE

- 2010-08-30 15:25 . 2011-02-10 17:37        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-30 15:25 . 2011-06-11 17:02        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:46 . 2011-02-20 18:18        73256              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-03-30 15:40 . 2011-06-11 17:03        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat

+ 2011-03-30 15:40 . 2011-06-11 17:03        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat

+ 2011-03-30 15:40 . 2011-06-11 17:03        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat

+ 2010-08-30 15:25 . 2011-06-11 17:03        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2010-08-30 15:25 . 2011-02-10 17:37        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-08-30 15:25 . 2011-06-11 17:02        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-08-30 15:25 . 2011-02-10 17:37        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-08-30 15:25 . 2011-06-11 17:03        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-08-30 15:25 . 2011-02-10 17:38        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-08-30 15:25 . 2011-06-11 17:03        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-08-30 15:25 . 2011-02-10 17:38        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-03-07 11:13 . 2011-03-07 11:13        23040              c:\windows\Installer\75095b.msi

+ 2011-06-01 19:33 . 2011-06-01 19:33        25088              c:\windows\Installer\139cd5a.msi

- 2010-12-20 15:35 . 2010-12-20 15:35        10134              c:\windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}\ARPPRODUCTICON.exe

+ 2011-03-17 12:37 . 2011-03-17 12:37        10134              c:\windows\Installer\{DA97BDF9-BC72-46FD-8E76-427F2BB951EE}\ARPPRODUCTICON.exe

+ 2011-05-15 11:42 . 2011-05-15 11:42        89440              c:\windows\Installer\{95140000-007F-0407-1000-0000000FF1CE}\OLCIcon.exe

+ 2011-06-11 17:02 . 2011-06-11 17:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-02-10 17:35 . 2011-02-10 17:35        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-02-10 17:35 . 2011-02-10 17:35        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-06-11 17:02 . 2011-06-11 17:02        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2011-06-10 17:26 . 2011-06-10 17:26        240288              c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe

+ 2011-06-10 17:26 . 2011-06-10 17:26        321184              c:\windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.dll

+ 2011-04-15 11:01 . 2011-04-15 11:01        235168              c:\windows\SysWOW64\Macromed\Flash\FlashUtil10o_Plugin.exe

+ 2011-03-05 09:31 . 2011-02-02 20:40        157472              c:\windows\SysWOW64\javaws.exe

- 2011-01-27 17:46 . 2010-11-12 17:53        157472              c:\windows\SysWOW64\javaws.exe

- 2011-01-27 17:46 . 2010-11-12 17:53        145184              c:\windows\SysWOW64\javaw.exe

+ 2011-03-05 09:31 . 2011-02-02 20:40        145184              c:\windows\SysWOW64\javaw.exe

- 2011-01-27 17:46 . 2010-11-12 17:53        145184              c:\windows\SysWOW64\java.exe

+ 2011-03-05 09:31 . 2011-02-02 20:40        145184              c:\windows\SysWOW64\java.exe

+ 2010-02-19 19:27 . 2010-02-19 19:27        843776              c:\windows\SysWOW64\divx_xx16.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27        839680              c:\windows\SysWOW64\divx_xx11.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27        856064              c:\windows\SysWOW64\divx_xx0c.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27        847872              c:\windows\SysWOW64\divx_xx0a.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27        856064              c:\windows\SysWOW64\divx_xx07.dll

+ 2010-02-19 19:27 . 2010-02-19 19:27        720384              c:\windows\SysWOW64\DivX.dll

+ 2010-08-30 18:11 . 2011-02-02 20:40        472808              c:\windows\SysWOW64\deployJava1.dll

- 2010-08-30 18:11 . 2010-11-12 17:53        472808              c:\windows\SysWOW64\deployJava1.dll

+ 2010-09-01 02:09 . 2011-06-06 16:09        269080              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin

+ 2009-07-14 02:36 . 2011-06-09 20:34        651450              c:\windows\system32\perfh009.dat

- 2009-07-14 02:36 . 2011-02-10 14:50        651450              c:\windows\system32\perfh009.dat

- 2009-07-14 17:58 . 2011-02-10 14:50        696132              c:\windows\system32\perfh007.dat

+ 2009-07-14 17:58 . 2011-06-09 20:34        696132              c:\windows\system32\perfh007.dat

- 2009-07-14 02:36 . 2011-02-10 14:50        120382              c:\windows\system32\perfc009.dat

+ 2009-07-14 02:36 . 2011-06-09 20:34        120382              c:\windows\system32\perfc009.dat

- 2009-07-14 17:58 . 2011-02-10 14:50        147428              c:\windows\system32\perfc007.dat

+ 2009-07-14 17:58 . 2011-06-09 20:34        147428              c:\windows\system32\perfc007.dat

+ 2011-01-07 19:49 . 2011-01-07 19:49        117864              c:\windows\system32\nvmctray.dll

+ 2011-05-14 13:20 . 2011-05-14 13:20        261584              c:\windows\system32\Macromed\Flash\FlashUtil64_10_3_162_Plugin.exe

+ 2011-05-14 13:21 . 2011-05-14 13:21        261584              c:\windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.exe

+ 2011-05-14 13:21 . 2011-05-14 13:21        349136              c:\windows\system32\Macromed\Flash\FlashUtil64_10_3_162_ActiveX.dll

+ 2011-01-07 19:50 . 2011-01-07 19:50        795752              c:\windows\system32\easyUpdatusAPIU64.dll

- 2009-07-14 05:30 . 2011-02-01 14:47        143360              c:\windows\system32\DriverStore\infstrng.dat

+ 2009-07-14 05:30 . 2011-04-03 17:59        143360              c:\windows\system32\DriverStore\infstrng.dat

- 2009-07-14 05:30 . 2011-02-01 14:47        143360              c:\windows\system32\DriverStore\infstor.dat

+ 2009-07-14 05:30 . 2011-03-17 12:37        143360              c:\windows\system32\DriverStore\infstor.dat

+ 2011-03-17 12:36 . 2010-11-11 23:10        155752              c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_1a8ed05a8ff84461\nvhda64v.sys

+ 2011-03-17 12:36 . 2010-11-11 23:10        129640              c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_1a8ed05a8ff84461\nvhda64.sys

+ 2011-03-17 12:36 . 2011-01-08 03:27        197224              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvidia-smi.exe

+ 2011-03-17 12:36 . 2011-01-08 03:27        281380              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvdrsdb.bin

+ 2011-03-17 12:36 . 2011-01-08 03:27        191080              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\dbInstaller.exe

+ 2011-03-17 12:36 . 2010-11-11 23:10        155752              c:\windows\system32\drivers\nvhda64v.sys

- 2010-12-20 15:32 . 2010-09-07 20:08        155752              c:\windows\system32\drivers\nvhda64v.sys

- 2009-07-14 05:12 . 2010-12-21 18:35        245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:12 . 2011-06-11 12:43        245760              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 05:01 . 2011-06-11 17:01        531824              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2011-02-10 17:34        531824              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2011-03-05 09:31 . 2011-03-05 09:31        183808              c:\windows\Installer\85f79.msi

+ 2011-03-08 19:28 . 2011-03-08 19:28        405504              c:\windows\Installer\2e80505.msp

+ 2011-02-20 14:10 . 2011-02-20 14:10        371272              c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe

+ 2011-05-14 15:12 . 2011-05-14 15:12        897024              c:\windows\Installer\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}\SafariIco.exe

+ 2011-03-08 23:31 . 2011-03-08 23:31        339968              c:\windows\Installer\{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}\Shortcuts_ProductN_A17DF807A25C4F9396D48EA53C96348F.exe

- 2011-02-02 17:10 . 2011-02-02 17:10        339968              c:\windows\Installer\{50431EE1-C1CC-4AE7-BDE3-B60536E7BA92}\Shortcuts_ProductN_A17DF807A25C4F9396D48EA53C96348F.exe

+ 2011-04-19 19:42 . 2011-04-19 19:42        380928              c:\windows\Installer\{16DDB3D1-5C27-4599-9C63-E583287191CC}\iTunesIco.exe

+ 2011-03-17 12:36 . 2011-01-08 03:27        5653096              c:\windows\SysWOW64\nvwgf2um.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        2895976              c:\windows\SysWOW64\nvcuvid.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        2251368              c:\windows\SysWOW64\nvcuvenc.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        4941928              c:\windows\SysWOW64\nvcuda.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        1965672              c:\windows\SysWOW64\nvapi.dll

+ 2011-03-14 07:10 . 2011-01-18 19:44        1355776              c:\windows\SysWOW64\MSVBVM50.dll

+ 2010-08-30 16:09 . 2011-04-15 11:01        6053536              c:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll

+ 2011-02-18 15:36 . 2011-02-18 15:36        4184352              c:\windows\system32\usbaaplrc.dll

- 2010-09-28 14:44 . 2010-09-28 14:44        4184352              c:\windows\system32\usbaaplrc.dll

+ 2009-07-14 02:34 . 2011-06-11 18:57        9699328              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

- 2009-07-14 02:34 . 2011-02-05 12:30        9699328              c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2010-12-20 15:32 . 2011-01-08 03:27        7729256              c:\windows\system32\nvwgf2umx.dll

+ 2011-01-07 19:49 . 2011-01-07 19:49        1005160              c:\windows\system32\nvvsvc.exe

+ 2011-01-07 19:49 . 2011-01-07 19:49        2558568              c:\windows\system32\nvsvcr.dll

+ 2011-01-07 19:49 . 2011-01-07 19:49        3156072              c:\windows\system32\nvsvc64.dll

+ 2011-03-17 12:36 . 2010-12-02 09:12        1359976              c:\windows\system32\nvgenco64hda.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        1359976              c:\windows\system32\nvgenco642040.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        1614440              c:\windows\system32\nvdispco642090.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        3112040              c:\windows\system32\nvcuvid.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        2479720              c:\windows\system32\nvcuvenc.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        6604904              c:\windows\system32\nvcuda.dll

+ 2011-01-07 19:50 . 2011-01-07 19:50        6143080              c:\windows\system32\nvcpl.dll

+ 2010-12-20 15:32 . 2011-01-08 03:27        2200680              c:\windows\system32\nvapi64.dll

+ 2011-05-14 13:20 . 2011-05-14 13:20        8451072              c:\windows\system32\Macromed\Flash\NPSWF64_10_3_162.dll

+ 2011-02-18 15:36 . 2011-02-18 15:36        4184352              c:\windows\system32\DriverStore\FileRepository\usbaapl64.inf_amd64_neutral_c169b6211f782a21\usbaaplrc.dll

+ 2011-03-17 12:36 . 2010-12-02 09:12        1359976              c:\windows\system32\DriverStore\FileRepository\nvhda.inf_amd64_neutral_1a8ed05a8ff84461\nvgenco64.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        7729256              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvwgf2umx.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        5653096              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvwgf2um.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        1359976              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvgenco64.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        1614440              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvdispco64.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        2895976              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvcuvid32.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        3112040              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvcuvid.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        2479720              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvcuvenc64.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        2251368              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvcuvenc.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        4941928              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvcuda32.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        6604904              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvcuda.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        2200680              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvapi64.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        1965672              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvapi.dll

+ 2011-03-14 07:10 . 2011-01-18 19:44        8549376              c:\windows\Kaminfeuer Titanium Edition II.scr

+ 2011-02-20 14:11 . 2011-02-20 14:11        2881536              c:\windows\Installer\b42fd7.msi

+ 2011-04-13 13:39 . 2011-04-13 13:39        3527168              c:\windows\Installer\a53b1b.msi

+ 2010-03-08 17:59 . 2010-03-08 17:59        1619968              c:\windows\Installer\2e866d1.msi

+ 2011-04-19 19:31 . 2011-04-19 19:31        2528256              c:\windows\Installer\189d61e.msi

+ 2011-03-17 12:36 . 2011-01-08 03:27        15047272              c:\windows\SysWOW64\nvoglv32.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        10078312              c:\windows\SysWOW64\nvd3dum.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        13011560              c:\windows\SysWOW64\nvcompiler.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        20471912              c:\windows\system32\nvoglv64.dll

+ 2010-12-20 15:32 . 2011-01-08 03:27        12859496              c:\windows\system32\nvd3dumx.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        18580072              c:\windows\system32\nvcompiler.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        20471912              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvoglv64.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        15047272              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvoglv32.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        12961640              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvlddmkm.sys

+ 2011-03-17 12:36 . 2011-01-08 03:27        12859496              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvd3dumx.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        10078312              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvd3dum.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        56396024              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\NvCplSetupInt.exe

+ 2011-03-17 12:36 . 2011-01-08 03:27        13011560              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvcompiler32.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        18580072              c:\windows\system32\DriverStore\FileRepository\nv_disp.inf_amd64_neutral_7901346b3649171a\nvcompiler.dll

+ 2011-03-17 12:36 . 2011-01-08 03:27        12961640              c:\windows\system32\drivers\nvlddmkm.sys

+ 2010-09-04 23:36 . 2011-06-11 17:01        11991874              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2498949666-4130971900-2577889908-1000-8192.dat

+ 2011-02-20 14:10 . 2011-02-20 14:10        18307072              c:\windows\Installer\b42fd0.msi

+ 2011-03-21 18:25 . 2011-03-21 18:25        17975296              c:\windows\Installer\9eb60b.msi

+ 2011-03-05 10:18 . 2011-03-05 10:18        10654208              c:\windows\Installer\39516e.msi

+ 2011-04-29 10:12 . 2011-04-29 10:12        13471744              c:\windows\Installer\284965.msi

+ 2011-04-19 19:40 . 2011-04-19 19:40        40141312              c:\windows\Installer\189dff8.msi

+ 2011-04-19 19:31 . 2011-04-19 19:31        17837568              c:\windows\Installer\189d5e7.msi

.

-- Snapshot auf jetziges Datum zurückgesetzt --

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2010-11-18 1242448]

"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 908160]

"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-05-01 124216]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-02-24 423232]

"TkBellExe"="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" [2010-09-10 202256]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-08 47904]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]

"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2010-10-28 294912]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-14 421160]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

.

c:\users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

FRITZ!DSL Startcenter.lnk - c:\users\David\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe [2010-12-5 80896]

OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2010-3-29 245120]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-17 1105208]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer8"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-05-16 2151128]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 51456888]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 vcd10bus;Virtual CD v10 Bus Enumerator;c:\windows\system32\DRIVERS\vcd10bus.sys [x]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]

S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 88888]

S2 IOCBIOS;IOCBIOS;c:\programdata\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys [2010-02-03 30384]

S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2010-12-16 140608]

S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-09-16 80896]

S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]

S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]

S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]

S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-07 378984]

S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]

S2 XTUService;Intel(R) Extreme Tuning Utility;c:\program files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe [2010-02-19 22280]

S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - 27716906

*Deregistered* - 27716906

.

Inhalt des "geplante Tasks" Ordners

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 16:23]

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 16:23]

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498949666-4130971900-2577889908-1000Core.job

- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-25 15:13]

.

2011-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2498949666-4130971900-2577889908-1000UA.job

- c:\users\David\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-25 15:13]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Malware Icon]

@="{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}"

[HKEY_CLASSES_ROOT\CLSID\{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6}]

2010-12-16 17:17        473408        ----a-w-        c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Panda Suspect Icon]

@="{9AE343CB-BA45-4618-AF6A-0230EE6FC793}"

[HKEY_CLASSES_ROOT\CLSID\{9AE343CB-BA45-4618-AF6A-0230EE6FC793}]

2010-12-16 17:17        473408        ----a-w-        c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]

"Skytel"="Skytel.exe" [2008-07-24 1833504]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://google.de/

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: Free YouTube to Mp3 Converter - c:\users\David\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe

LSP: %ProgramFiles%\FRITZ!DSL\\sarah.dll

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i0l7udn7.default\

FF - prefs.js: browser.search.defaulturl - 

FF - prefs.js: browser.search.selectedEngine - 

FF - prefs.js: browser.startup.homepage - 

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2498949666-4130971900-2577889908-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

@Allowed: (Read) (RestrictedCode)

"??"=hex:4b,ec,51,49,8d,26,74,1c,56,25,fa,73,f3,2e,93,77,48,6a,82,97,c1,19,a2,

   bd,cc,d3,62,a4,3d,3c,cf,2b,0b,80,82,c2,db,fb,01,68,0a,27,83,e4,73,a9,12,d4,\

"??"=hex:41,e0,42,8c,cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b

.

[HKEY_USERS\S-1-5-21-2498949666-4130971900-2577889908-1000\Software\SecuROM\License information*]

"datasecu"=hex:74,58,26,60,2c,22,27,6a,ea,a6,f8,c1,86,43,7e,83,ee,c1,f2,2e,6c,

   0e,7b,89,09,4d,cb,d9,c5,aa,ac,93,b6,a0,4d,ec,8c,4f,bc,a7,69,0f,c7,98,13,ab,\

"rkeysecu"=hex:7e,4e,f1,3f,67,ad,cf,fc,6d,24,0f,8a,14,76,7c,5d

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-06-11  21:47:51

ComboFix-quarantined-files.txt  2011-06-11 19:47

ComboFix2.txt  2011-02-10 17:40

.

Vor Suchlauf: 15 Verzeichnis(se), 32.302.821.376 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 32.180.686.848 Bytes frei

.

- - End Of File - - E4836C2041D54B4A04B5667DC0C930E6

--- --- ---

Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur wenige Sekunden.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Intel Corporation
BIOS Manufacturer: Intel Corp.
System Manufacturer:
System Product Name:
Logical Drives Mask: 0x0002000c

Kernel Drivers (total 156):
0x0301B000 \SystemRoot\system32\ntoskrnl.exe
0x035F8000 \SystemRoot\system32\hal.dll
0x00BD3000 \SystemRoot\system32\kdcom.dll
0x00C3B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C7F000 \SystemRoot\system32\PSHED.dll
0x00C93000 \SystemRoot\system32\CLFS.SYS
0x00CF1000 \SystemRoot\system32\CI.dll
0x00ED5000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F79000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F88000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00FDF000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00FE8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00E00000 \SystemRoot\system32\DRIVERS\pci.sys
0x00E33000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00E40000 \SystemRoot\System32\drivers\partmgr.sys
0x00E55000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00E6A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00EC6000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00DB1000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00DC1000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FF2000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00C2A000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x010A2000 \SystemRoot\system32\drivers\fltmgr.sys
0x010EE000 \SystemRoot\system32\drivers\fileinfo.sys
0x01102000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01117000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01243000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01124000 \SystemRoot\System32\Drivers\msrpc.sys
0x013E6000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01182000 \SystemRoot\System32\Drivers\cng.sys
0x01200000 \SystemRoot\System32\drivers\pcw.sys
0x01211000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01451000 \SystemRoot\system32\drivers\ndis.sys
0x01543000 \SystemRoot\system32\drivers\NETIO.SYS
0x015A3000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x01400000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015CE000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x01000000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015DE000 \SystemRoot\System32\Drivers\spldr.sys
0x0104C000 \SystemRoot\System32\drivers\rdyboost.sys
0x015E6000 \SystemRoot\System32\Drivers\mup.sys
0x0121B000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0187D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x018B7000 \SystemRoot\system32\DRIVERS\disk.sys
0x018CD000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01933000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0195D000 \SystemRoot\System32\Drivers\Null.SYS
0x01966000 \SystemRoot\System32\Drivers\Beep.SYS
0x0196D000 \SystemRoot\System32\drivers\vga.sys
0x0197B000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x019A0000 \SystemRoot\System32\drivers\watchdog.sys
0x019B0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x019B9000 \SystemRoot\system32\drivers\rdpencdd.sys
0x019C2000 \SystemRoot\system32\drivers\rdprefmp.sys
0x019CB000 \SystemRoot\System32\Drivers\Msfs.SYS
0x019D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01800000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0181E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CD5000 \SystemRoot\system32\drivers\afd.sys
0x02D5F000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02DA4000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x02DAF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02DB8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02C00000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02C1B000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C2F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C80000 \SystemRoot\system32\DRIVERS\psinknc.sys
0x02CA9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02CB5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02CC0000 \SystemRoot\System32\drivers\discache.sys
0x040F3000 \SystemRoot\system32\drivers\csc.sys
0x04176000 \SystemRoot\System32\Drivers\dfsc.sys
0x04194000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x041A5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x041CB000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0FE15000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x10A70000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x10A72000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x10B66000 \SystemRoot\System32\drivers\dxgmms1.sys
0x10BAC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x04000000 \SystemRoot\system32\DRIVERS\e1y62x64.sys
0x10BD0000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x0404A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x10BDD000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x040A0000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x10BEE000 \SystemRoot\system32\DRIVERS\intelsmb.sys
0x0FE00000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x10BF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x040DE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041E1000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0182B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02DED000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x044BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x044EA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04505000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04526000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04540000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x0454B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0455A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04569000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0456B000 \SystemRoot\system32\DRIVERS\ks.sys
0x045AE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04400000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0445A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0446F000 \SystemRoot\system32\drivers\nvhda64v.sys
0x045C0000 \SystemRoot\system32\drivers\portcls.sys
0x04498000 \SystemRoot\system32\drivers\drmk.sys
0x0FE0D000 \SystemRoot\system32\drivers\ksthunk.sys
0x05250000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x00070000 \SystemRoot\System32\win32k.sys
0x053BA000 \SystemRoot\System32\drivers\Dxapi.sys
0x053C6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x053D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x053ED000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x053F6000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x02AC7000 \SystemRoot\system32\DRIVERS\udfs.sys
0x02B1B000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x02B28000 \SystemRoot\system32\DRIVERS\monitor.sys
0x02B36000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x02B53000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x02B61000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02B6F000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x02B7B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x02B84000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x006D0000 \SystemRoot\System32\cdd.dll
0x008D0000 \SystemRoot\System32\ATMFD.DLL
0x02B97000 \SystemRoot\system32\drivers\luafv.sys
0x02BBA000 \SystemRoot\system32\DRIVERS\PSINAflt.sys
0x02A00000 \SystemRoot\system32\DRIVERS\PSINProt.sys
0x02A23000 \SystemRoot\system32\DRIVERS\PSINFile.sys
0x02A42000 \SystemRoot\system32\DRIVERS\PSINProc.sys
0x02A63000 \SystemRoot\system32\drivers\WudfPf.sys
0x02A84000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02A99000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x056AB000 \SystemRoot\system32\drivers\HTTP.sys
0x05773000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05791000 \SystemRoot\System32\drivers\mpsdrv.sys
0x057A9000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0564D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05670000 \??\C:\ProgramData\Intel\Extreme Tuning Utility\IOCbios\64bit\IOCBIOS.sys
0x05EEF000 \SystemRoot\system32\drivers\peauth.sys
0x05F95000 \SystemRoot\System32\Drivers\secdrv.SYS
0x05FA0000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x05FCD000 \SystemRoot\System32\drivers\tcpipreg.sys
0x05E00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x064E8000 \SystemRoot\System32\DRIVERS\srv.sys
0x06400000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0642B000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x76FD0000 \Windows\System32\ntdll.dll
0x47AC0000 \Windows\System32\smss.exe
0xFF2F0000 \Windows\System32\apisetschema.dll

Processes (total 76):
0 System Idle Process
4 System
444 C:\Windows\System32\smss.exe
608 csrss.exe
684 C:\Windows\System32\wininit.exe
704 csrss.exe
740 C:\Windows\System32\services.exe
760 C:\Windows\System32\lsass.exe
768 C:\Windows\System32\lsm.exe
872 C:\Windows\System32\svchost.exe
948 C:\Windows\System32\winlogon.exe
976 C:\Windows\System32\nvvsvc.exe
1016 C:\Windows\System32\svchost.exe
616 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\svchost.exe
1000 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1284 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1296 C:\Windows\System32\nvvsvc.exe
1360 C:\Windows\System32\svchost.exe
1612 C:\Windows\System32\spoolsv.exe
1640 C:\Windows\System32\svchost.exe
1720 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1784 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1852 C:\Windows\System32\taskhost.exe
1932 C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
1348 C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
1860 C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
1708 C:\Windows\SysWOW64\PnkBstrA.exe
2068 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2100 C:\Windows\System32\svchost.exe
2168 C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
2212 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2544 C:\Windows\explorer.exe
2660 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2904 C:\Windows\System32\dwm.exe
2232 WmiPrvSE.exe
3992 C:\Windows\System32\svchost.exe
1092 C:\Windows\System32\svchost.exe
3896 C:\Windows\System32\SearchIndexer.exe
3324 C:\Windows\RAVCpl64.exe
4092 C:\Program Files\Windows Sidebar\sidebar.exe
4208 C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
4420 C:\Program Files\FRITZ!DSL\FwebProt.exe
4796 C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
4816 C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
4896 C:\Windows\System32\svchost.exe
3548 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3144 C:\Program Files (x86)\iTunes\iTunesHelper.exe
1528 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2848 C:\Program Files\Windows Media Player\wmpnetwk.exe
5204 C:\Program Files\iPod\bin\iPodService.exe
5748 dllhost.exe
6292 C:\Windows\System32\svchost.exe
6696 C:\Program Files (x86)\Common Files\Intel\Intel Extreme Tuning Utility\PerfTuneService.exe
12616 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
6316 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
764 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
15064 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
6792 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
11232 C:\Windows\SysWOW64\rundll32.exe
6712 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
7448 C:\Program Files (x86)\ICQ7.5\ICQ.exe
11900 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
11032 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
11056 C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod\7.6.0.0_0\plugin\ClickClean.exe
11140 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
7564 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
9636 C:\Windows\System32\audiodg.exe
11640 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
12512 C:\Users\David\AppData\Local\Google\Chrome\Application\chrome.exe
17768 C:\Windows\System32\SearchProtocolHost.exe
11836 C:\Windows\System32\SearchFilterHost.exe
19236 C:\Users\David\Desktop\MBRCheck.exe
18908 C:\Windows\System32\conhost.exe
10752 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)
\\.\R: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive1 Model Number: SAMSUNGHD161GJ, Rev: 1AC01118
PhysicalDrive0 Model Number: WDCWD20EADS-00R6B0, Rev: 01.00A01

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
1863 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6840

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.06.2011 14:56:05
mbam-log-2011-06-12 (14-56-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|R:\|)
Durchsuchte Objekte: 391141
Laufzeit: 1 Stunde(n), 1 Minute(n), 17 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/12/2011 at 03:42 PM

Application Version : 4.53.1000

Core Rules Database Version : 7254
Trace Rules Database Version: 5066

Scan type : Complete Scan
Total Scan Time : 01:52:03

Memory items scanned : 678
Memory threats detected : 0
Registry items scanned : 15358
Registry threats detected : 0
File items scanned : 232182
File threats detected : 4

Adware.Tracking Cookie
C:\Users\David\AppData\Roaming\Microsoft\Windows\Cookies\david@tracking.quisma[2].txt
s0.2mdn.net [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F3LQJTWE ]
www.adservercentral.info [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F3LQJTWE ]
www.naiadsystems.com [ C:\Users\David\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F3LQJTWE ]

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6526
# api_version=3.0.2
# EOSSerial=0a7ebd6150e30d4087bd07a08c3e366d
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-12 03:57:58
# local_time=2011-06-12 05:57:58 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1538 16774142 20 3 8266363 136439327 0 0
# compatibility_mode=5893 16776573 100 94 16501205 60295508 0 0
# compatibility_mode=8192 67108863 100 0 534 534 0 0
# scanned=234519
# found=2
# cleaned=0
# scan_time=4446
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\396b96f9-2042ed7e multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\David\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\412e85be-72eeab9e multiple threats (unable to clean) 00000000000000000000000000000000 I

Browser spinnen jedoch immer noch gestern nachdem ich mbr check gemacht ging alles. Heute Morgen aber wieder nicht mehr .

Nur Cookies und Überreste. Kann weg.
Rechner jetzt wieder im Lot?

Nein Chrome funktioniert immer noch nicht und die anderen Browser sind lahm und spinnen . Ich bin am verzweifeln hab schon sämtliches probiert :( .
Aber danke Arne :)