Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Virtumonde.prx kann nicht entfernt werden (https://www.trojaner-board.de/101963-virtumonde-prx-entfernt.html)

Anubiss 02.08.2011 20:34
Virtumonde.prx kann nicht entfernt werden
 
Hallo,

nachdem heute mit meinem Computer einige Probleme aufgetreten sind (Hänger im Internet, Programme werden nicht geöffnet, Fährt ohne Aufforderung herunter) habe ich einen Systemscan mit AntiVir und Spybot durchgeführt.
Beide zusammen fanden circa 4 Trojaner die ich durch druck auf den löschen/reparieren Button versuchte zu entfernen. Das lief anscheinend auch ganz gut bis ich mit Spybot einen zweiten Suchdurchlauf startete und dabei die besagte Virtumonde.prx datei angezeigt wurde während AntiVir meldete das alles sauber sei. Nach mehreren erfolglosen Versuchen mit Spybot den Trojaner zu entfernen und langer Suche im Internet wollte ich hier nun mal nach Hilfe suchen.

System: Windows Vista SP2

Nachdem beide Programme ihre Funde gemeldet hatten und ich mir die Beschreibung des Virtumonde Trojaners angesehen hatte entschied ich mich dazu die Internetverbindung meines PCs zu kappen (WLan) um Besuche weiterer von Virtumonde eingeladener Programme zu verhindern.

Hoffe sehr ihr könnt mir weiterhelfen, danke schonmal im Vorraus!

Update: Nach einem weiteren Spybotdurchlauf sind angeblich keine "Spione" mehr gefunden worden??? Allerdings hab ich nichts gemacht??

Beiliegend die Hijack und Malewarebyte Logfiles:

Swisstreasure 02.08.2011 23:59
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Schritt 2

Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
    Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Anubiss 03.08.2011 21:36
Hi,

erst einmal danke für die Antwort und sorry das ich mich erst so spät wieder melde.

Zu Schritt 1:

Habe Combofix als Admin ausgeführt AVira etc. deaktiviert auf die exe geklickt dann kam nach kurzer Programmlauf Bluescreen + Fehlermeldung + Neustart.
Beim zweiten Versuch dasselbe nochmal, nachdem Neustart
erfolgte die Meldung das Rundll 32 nicht mehr mehr funktioniert.
Den dritten Versuch habe ich nach einer halbstündigen Wartezeit abgebrochen.
Aber dann: das vierte Mal hat anscheinend geklappt, allerdings mit etlichen Meldungen das PEV.cfxxe , GSAR.cfxxe , SED.cfxxe und viele andere nicht mehr funktionieren. (keinen Schimmer ob das Normal ist, das Programm löscht ja was)
Also hier das Logfile: (nicht als Anhang^^)

Combofix Logfile:
Code:
ComboFix 11-08-03.01 - *** 03.08.2011  11:09:37.1.2 - x64
Microsoft® Windows Vista™ Home Basic  6.0.6002.2.1252.49.1031.18.4094.2770 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}\chrome.manifest
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}\chrome\content\_cfg.js
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}\chrome\content\overlay.xul
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}\install.rdf
c:\users\Max\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Max\AppData\Roaming\Local
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\La.Bete.Die.Bestie.German.1975..avi.ddr
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\La.Bete.Die.Bestie.German.1975..avi.ddp
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx.ddp
c:\users\Max\AppData\Roaming\srvblck2.tmp
c:\users\Max\AppData\Roaming\Sun\cetw.txt
c:\users\Max\AppData\Roaming\Sun\cwnmw.dll
c:\users\Max\AppData\Roaming\Sun\cwnmw_shrd
c:\users\Max\AppData\Roaming\Sun\mvwpqn
c:\users\Max\AppData\Roaming\Sun\mxd1.txt
c:\users\Max\AppData\Roaming\Voyl
c:\users\Max\AppData\Roaming\Voyl\heawt.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-07-03 bis 2011-08-03  ))))))))))))))))))))))))))))))
.
.
2011-08-02 18:36 . 2011-08-02 18:36        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes
2011-08-02 18:36 . 2011-07-06 17:52        41272        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-02 18:36 . 2011-08-02 18:36        --------        d-----w-        c:\programdata\Malwarebytes
2011-08-02 18:36 . 2011-07-06 17:52        25912        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-08-02 18:36 . 2011-08-02 18:47        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-02 17:53 . 2011-08-02 17:53        388096        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-02 17:53 . 2011-08-02 17:53        --------        d-----w-        c:\program files (x86)\Trend Micro
2011-08-02 11:58 . 2011-08-02 11:58        0        ---ha-w-        c:\users\***\AppData\Local\BIT38BA.tmp
2011-08-02 09:43 . 2011-08-02 09:43        --------        d-----w-        c:\users\***\AppData\Roaming\Yxwe
2011-08-02 09:43 . 2011-08-02 09:43        266752        ----a-w-        c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\cyno.exe
2011-08-02 09:35 . 2011-08-02 09:35        0        ----a-w-        c:\users\***\AppData\Local\Tvefuse.bin
2011-08-02 08:23 . 2011-07-13 04:53        8578896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{95AC577B-E186-4B91-BE2D-8CBE8B04301D}\mpengine.dll
2011-08-01 11:12 . 2011-08-01 11:12        --------        d-----w-        c:\program files (x86)\Common Files\InstallShield
2011-07-31 11:15 . 2011-07-31 11:15        --------        d-----w-        c:\users\***\AppData\Roaming\Jens Lorek
2011-07-30 10:07 . 2011-07-30 10:07        24540        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110730_120739.reg
2011-07-30 09:23 . 2011-07-30 09:23        254528        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-30 09:23 . 2011-07-30 09:23        --------        d-----w-        c:\program files (x86)\DAEMON Tools Lite
2011-07-28 13:15 . 2011-07-28 13:33        --------        d-----w-        C:\Temp
2011-07-28 13:13 . 2011-07-28 13:13        --------        d-----w-        c:\users\***\AppData\Local\Samsung
2011-07-28 13:12 . 2011-06-07 09:13        4659712        ----a-w-        c:\windows\SysWow64\Redemption.dll
2011-07-28 13:11 . 2011-07-28 13:11        --------        d-----w-        c:\program files (x86)\Samsung
2011-07-28 12:53 . 2009-09-10 02:07        3815424        ----a-w-        c:\windows\system32\UIRibbon.dll
2011-07-28 12:53 . 2009-09-10 02:06        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2011-07-28 12:53 . 2009-09-10 02:05        103424        ----a-w-        c:\windows\system32\UIAnimation.dll
2011-07-28 12:53 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\SysWow64\UIRibbon.dll
2011-07-28 12:53 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\SysWow64\UIRibbonRes.dll
2011-07-28 12:53 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\SysWow64\UIAnimation.dll
2011-07-28 11:21 . 2011-07-28 11:21        96704        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110728_132145.reg
2011-07-28 11:21 . 2011-07-28 11:21        170464        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110728_132132.reg
2011-07-28 10:31 . 2011-07-28 10:31        95878        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110728_123153.reg
2011-07-28 10:31 . 2011-07-28 10:31        171398        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110728_123136.reg
2011-07-28 10:22 . 2011-07-28 10:22        --------        d-----w-        c:\users\***\AppData\Local\Downloaded Installations
2011-07-28 10:22 . 2011-06-28 05:32        81122288        ----a-w-        c:\users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
2011-07-28 09:48 . 2010-07-20 10:38        13800        ----a-w-        c:\windows\system32\drivers\ssadwhnt.sys
2011-07-28 09:48 . 2010-07-20 10:38        13800        ----a-w-        c:\windows\system32\drivers\ssadwh.sys
2011-07-28 09:48 . 2010-07-20 10:38        16872        ----a-w-        c:\windows\system32\drivers\ssadmdfl.sys
2011-07-28 09:48 . 2010-07-20 10:38        159208        ----a-w-        c:\windows\system32\drivers\ssadmdm.sys
2011-07-28 09:48 . 2010-07-20 10:38        13288        ----a-w-        c:\windows\system32\drivers\ssadcmnt.sys
2011-07-28 09:48 . 2010-07-20 10:38        13288        ----a-w-        c:\windows\system32\drivers\ssadcm.sys
2011-07-28 09:48 . 2010-07-20 10:38        125416        ----a-w-        c:\windows\system32\drivers\ssadbus.sys
2011-07-28 09:44 . 2010-04-27 02:25        19016        ----a-w-        c:\windows\system32\drivers\sscdmdfl.sys
2011-07-28 09:44 . 2010-04-27 02:25        172104        ----a-w-        c:\windows\system32\drivers\sscdmdm.sys
2011-07-28 09:44 . 2010-04-27 02:25        15944        ----a-w-        c:\windows\system32\drivers\sscdwhnt.sys
2011-07-28 09:44 . 2010-04-27 02:25        15944        ----a-w-        c:\windows\system32\drivers\sscdwh.sys
2011-07-28 09:44 . 2010-04-27 02:25        15432        ----a-w-        c:\windows\system32\drivers\sscdcmnt.sys
2011-07-28 09:44 . 2010-04-27 02:25        15432        ----a-w-        c:\windows\system32\drivers\sscdcm.sys
2011-07-28 09:44 . 2010-04-27 02:25        136264        ----a-w-        c:\windows\system32\drivers\sscdbus.sys
2011-07-28 09:41 . 2010-09-06 07:11        20480        ----a-w-        c:\windows\SysWow64\FsExService64.Exe
2011-07-28 09:41 . 2010-09-06 07:11        16392        ----a-w-        c:\windows\SysWow64\drivers\TFsExDisk.Sys
2011-07-28 09:41 . 2010-09-06 07:11        16392        ----a-w-        c:\windows\system32\drivers\TFsExDisk.sys
2011-07-28 09:40 . 2011-07-28 11:24        --------        d-----w-        c:\program files (x86)\PC Connectivity Solution
2011-07-28 09:38 . 2011-07-28 13:10        --------        d-----w-        c:\users\***\AppData\Roaming\Samsung
2011-07-28 09:38 . 2011-07-28 09:38        --------        d-----w-        c:\program files (x86)\MarkAny
2011-07-28 09:38 . 2011-07-28 13:11        --------        d-----w-        c:\programdata\Samsung
2011-07-28 09:36 . 2011-07-28 11:22        --------        d-----w-        c:\program files (x86)\Common Files\Samsung
2011-07-23 18:58 . 2010-11-16 19:24        750440        ------w-        c:\windows\system32\HPDiscoPM5512.dll
2011-07-23 18:56 . 2011-07-23 18:59        --------        d-----w-        c:\program files (x86)\HP
2011-07-23 18:55 . 2011-07-23 18:55        --------        d-----w-        c:\programdata\HP
2011-07-23 18:55 . 2011-07-23 18:55        --------        d-----w-        c:\program files\HP
2011-07-23 15:37 . 2011-07-23 19:23        --------        d-----w-        c:\users\***\AppData\Local\HP
2011-07-06 10:37 . 2011-07-06 10:37        --------        d-----w-        c:\users\***\AppData\Roaming\PunkBuster
2011-07-06 10:36 . 2011-07-06 10:36        --------        d-----w-        c:\program files (x86)\Ubisoft
2011-07-05 14:14 . 2011-07-05 14:14        2338        ----a-w-        c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110705_161440.reg
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 09:19 . 2011-08-03 09:19        0        ---ha-w-        c:\users\***\AppData\Local\BITBB14.tmp
2011-06-30 14:38 . 2010-12-29 16:01        88288        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-06-30 14:38 . 2010-12-29 16:01        123784        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-06-16 14:10 . 2011-05-18 13:49        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 09:13 . 2011-06-07 09:13        90112        ----a-w-        c:\windows\MAMCityDownload.ocx
2011-06-07 09:13 . 2011-06-07 09:13        325552        ----a-w-        c:\windows\MASetupCaller.dll
2011-06-07 09:13 . 2011-06-07 09:13        30568        ----a-w-        c:\windows\MusiccityDownload.exe
2011-06-07 09:13 . 2011-06-07 09:13        143360        ----a-w-        c:\windows\SysWow64\3DAudio.ax
2011-06-05 13:27 . 2011-06-05 13:27        8192        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe
2011-06-05 13:27 . 2011-06-05 13:27        6144        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe
2011-06-05 13:27 . 2011-06-05 13:27        11264        ----a-r-        c:\users\***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe
2011-05-24 17:14 . 2010-12-30 10:32        270720        ------w-        c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2011-06-24 16:22        734048        ----a-w-        c:\program files (x86)\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-05-01 3071384]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"Nfitoba"="c:\users\***\AppData\Local\cpiadp.dll" [2009-04-11 118784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2006-12-27 1454080]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 dgdersvc;Device Error Recovery Service;c:\windows\SysWOW64\dgdersvc.exe [2010-09-06 95568]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-06 20552]
S3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 18:09]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = fritz.box
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-lpc - c:\users\***\AppData\Roaming\Sun\cwnmw.dll
Wow6432Node-HKCU-Run-{5AD12481-385F-4256-8C58-A65E449AE26C} - c:\users\***\AppData\Roaming\Voyl\heawt.exe
Wow6432Node-HKU-Default-Run-{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3} - c:\windows\system32\sshnas21.dll
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2288271247-2219755011-2153533808-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,a5,c0,4d,8e,e4,0c,78,cf,a7,35,7e,98,29,e0,01,1c,b6,53,47,7f,
  dd,bf,14,18,b5,5a,d1,ee,18,f2,66,ad,bb,90,33,c4,6a,f5,75,29,fb,0b,9c,f9,7a,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\Syswow64\ping.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-08-03  11:22:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-08-03 09:22
.
Vor Suchlauf: 9 Verzeichnis(se), 46.142.373.888 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 45.997.735.936 Bytes frei
.
- - End Of File - - AB6ED1D9E491666E0DE7ABB1456A53B9
--- --- ---

Anubiss 03.08.2011 21:39
Hätte zwischendrin doch noch mal ne Frage, GMER scannt ja laut gesetzten Hacken nur die C Partition, allerdings fand ich heute einen Ordner in dem sich Virtumonde anscheinend festgesetzt hat auf meiner E Partition. Habe ich jetzt was falsch gemacht?


So, Schritt 2 lief Problemlos. Hier das Logfile:



GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-03 12:31:55
Windows 6.0.6002 Service Pack 2
Running: q3nogjyo.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                    771343423
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                    285507792
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                    1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                     
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                  0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                  0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0x23 0xDF 0x99 0xA8 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) 
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                      0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                      0
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0x23 0xDF 0x99 0xA8 ...

---- EOF - GMER 1.0.15 ----
--- --- ---

Swisstreasure 04.08.2011 00:38
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Anubiss 04.08.2011 10:31
Hi

hier OTL.txtOTL Logfile:
Code:
OTL logfile created on: 04.08.2011 11:09:05 - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Max\Desktop
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,17% Memory free
8,17 Gb Paging File | 6,74 Gb Available in Paging File | 82,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 41,19 Gb Free Space | 27,62% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 76,58 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 17,08 Gb Free Space | 11,46% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive I: | 246,75 Mb Total Space | 232,85 Mb Free Space | 94,36% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
PRC - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011.06.24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.05.01 12:00:48 | 003,071,384 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2008.01.21 04:47:38 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006.12.28 01:00:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.30 16:38:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 16:38:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.12.30 19:05:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.09.30 16:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.22 15:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.02.09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.01.21 04:45:19 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010.09.06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 13:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.06 19:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
 
[2010.12.30 20:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions
[2011.01.01 15:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.05 22:38:26 | 000,002,094 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\searchplugins\ecosia.xml
[2011.07.22 22:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.30 19:47:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011.07.22 22:51:30 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011.07.22 22:51:31 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
File not found (No name found) -- C:\USERS\MAX\APPDATA\LOCAL\{50B97509-FFDD-4C46-979A-72A488292BA3}
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MAX\APPDATA\ROAMING\5016
() (No name found) -- C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJRC5BED.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011.06.24 13:26:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.06 19:49:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 19:49:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.06 19:49:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:49:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 19:49:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:49:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.03 11:17:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Nfitoba] C:\Users\Max\AppData\Local\cpiadp.dll (Axalto)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.04 11:07:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2011.08.03 12:19:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.03 11:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.08.03 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\temp
[2011.08.03 11:08:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.03 11:08:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.03 11:08:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.03 11:08:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.03 11:07:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.03 10:48:22 | 004,163,269 | R--- | C] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe
[2011.08.02 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.08.02 20:36:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.02 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.02 20:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.02 20:36:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.02 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.02 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.02 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.08.02 11:43:27 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Yxwe
[2011.08.01 14:23:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\gothic3
[2011.08.01 14:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2011.08.01 13:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
[2011.08.01 13:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.07.31 13:15:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.07.30 11:23:52 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.30 11:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.07.30 11:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.07.28 15:15:27 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.28 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Samsung
[2011.07.28 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.07.28 15:12:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011.07.28 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.07.28 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Samsung
[2011.07.28 12:22:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2011.07.28 11:48:13 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2011.07.28 11:48:13 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2011.07.28 11:48:13 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2011.07.28 11:44:04 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011.07.28 11:44:04 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011.07.28 11:44:04 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011.07.28 11:41:37 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2011.07.28 11:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011.07.28 11:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.28 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2011.07.23 20:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.07.23 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.07.23 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.07.23 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.07.23 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HP
[2011.07.23 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\PunkBuster
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011.07.22 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[2011.07.08 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2011.07.06 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Ubisoft Game Launcher
[2011.07.06 12:37:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.07.06 12:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.12.30 12:50:14 | 000,118,784 | ---- | C] (Axalto) -- C:\Users\Max\AppData\Local\cpiadp.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.04 11:11:46 | 001,733,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.04 11:11:46 | 000,736,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.04 11:11:46 | 000,686,604 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.04 11:11:46 | 000,172,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.04 11:11:46 | 000,140,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.04 11:07:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.04 11:07:02 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.04 11:07:02 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.04 11:06:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2011.08.03 23:47:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.03 23:24:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.03 11:17:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.08.03 10:54:52 | 490,543,131 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.03 10:39:56 | 000,302,592 | ---- | M] () -- C:\Users\Max\Desktop\q3nogjyo.exe
[2011.08.03 10:38:38 | 004,163,269 | R--- | M] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe
[2011.08.02 21:01:36 | 000,002,555 | ---- | M] () -- C:\Users\Max\Desktop\HiJackThis.lnk
[2011.08.02 20:36:07 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.02 14:57:20 | 000,000,321 | ---- | M] () -- C:\Windows\wininit.ini
[2011.08.02 13:58:12 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 13:55:14 | 000,250,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.02 13:42:59 | 000,000,732 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2011.08.02 11:35:17 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\Tvefuse.bin
[2011.08.02 11:35:15 | 000,000,120 | ---- | M] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.07.31 19:29:22 | 000,074,240 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.28 15:12:29 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.28 13:29:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 13:22:25 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.07.25 23:14:40 | 000,001,356 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2011.07.23 20:58:50 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.03 11:08:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.03 11:08:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.03 11:08:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.03 11:08:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.03 11:08:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.03 10:51:48 | 490,543,131 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.03 10:48:35 | 000,302,592 | ---- | C] () -- C:\Users\Max\Desktop\q3nogjyo.exe
[2011.08.02 20:36:07 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.02 19:53:36 | 000,002,555 | ---- | C] () -- C:\Users\Max\Desktop\HiJackThis.lnk
[2011.08.02 13:57:56 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 12:24:53 | 000,000,321 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.02 11:35:17 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\Tvefuse.bin
[2011.08.02 11:35:15 | 000,000,120 | ---- | C] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.07.28 15:12:29 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.28 15:05:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.07.28 15:04:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.07.28 13:29:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 11:38:18 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.07.23 20:59:23 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.07.23 20:58:50 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:25 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.06 12:37:12 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 12:37:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.01 19:09:37 | 000,000,091 | ---- | C] () -- C:\Users\Max\AppData\Local\fusioncache.dat
[2011.03.16 21:00:01 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 15:16:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.30 19:51:01 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.12.30 19:49:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.30 18:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 16:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.30 12:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.12.30 12:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.12.30 12:49:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.12.29 19:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.12.29 18:55:58 | 000,000,552 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d8caps.dat
[2010.12.29 18:55:00 | 000,001,356 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.12.29 18:53:24 | 000,074,240 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.29 17:01:01 | 001,762,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 14:14:00 | 000,000,732 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.17 16:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.31 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\25006
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\5016
[2010.12.30 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2011.07.30 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ
[2011.07.31 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\kock
[2011.07.06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.07.28 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.08 14:29:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2010.12.31 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TubeBox
[2011.07.23 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xmldm
[2011.08.02 11:43:50 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Yxwe
[2011.08.03 23:47:50 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.03 12:19:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.30 16:49:48 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.30 14:52:07 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.29 15:01:44 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 05:01:21 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.23 20:55:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.02 20:36:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.02 20:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.03 11:22:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.08.04 11:10:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.28 15:33:09 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.30 17:07:15 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.03 11:22:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---

Anubiss 04.08.2011 10:37
und hier das Extra:OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 04.08.2011 11:09:06 - Run 1
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Max\Desktop
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,17% Memory free
8,17 Gb Paging File | 6,74 Gb Available in Paging File | 82,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 41,19 Gb Free Space | 27,62% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 76,58 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 17,08 Gb Free Space | 11,46% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive I: | 246,75 Mb Total Space | 232,85 Mb Free Space | 94,36% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = E1 0B B4 13 DC 5B C8 01  [binary data]
"VistaSp2" = 33 E9 A1 60 20 A8 CB 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AE1C3E14-B06D-466C-AFD5-36431EF9B7E5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02009E8B-B3BD-45A9-9161-35E31056D9CC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{02A452BF-424B-46A4-A368-7CF17D6CB733}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{08465F25-4D37-41DD-9C0D-1710D1159425}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\acbsp.exe |
"{0C0323D0-0FB3-4355-9982-66B44AB93131}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\acbmp.exe |
"{0E656DFA-7FF3-4712-8399-D75E591D7EEB}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{11991ADC-B91D-4EED-B4BB-C9A8BB8D086E}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{15C612A3-9528-4A06-B96F-FA3EA519EA00}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{19B87050-4FF7-4EF2-9871-9679468C0B73}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe |
"{1AD16D2F-36CD-4B33-ABF4-C7692C24DF9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{1EBAA546-8C25-40CA-A656-900CE43DC418}" = protocol=6 | dir=in | app=e:\spiele\call of duty 4\iw3mp.exe |
"{1F14BED8-4BB1-44B2-8798-E42006B379A4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1F1CE1A5-82A0-46E0-8F14-CEEC09069AA9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{2923420D-EA11-4C92-A2E7-D7411867606F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2D1BC2E3-CF3E-4404-9436-54960FFF96CF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{3DA659AE-1E28-4D11-A1CF-990C17D1071F}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{3FBD2297-8324-4DE0-ACFB-02EEC841F770}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{411F757C-7E25-490A-9177-84867E0F42EF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{448A5067-A5C7-4911-BDB3-F226C504A804}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\assassinscreedbrotherhood.exe |
"{452BFB4D-9762-4420-8E4D-9DB1FC936F7F}" = protocol=6 | dir=in | app=d:\mass effect 2\masseffect2launcher.exe |
"{46FCB70D-F516-40F5-88F0-E8BA96D45EEC}" = protocol=6 | dir=in | app=d:\dragon age\daoriginslauncher.exe |
"{4C2E175F-6C6F-4704-8F6A-93D1479179E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe |
"{4CD2980B-92D0-4870-AFC5-C583C876E67C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{4E3C3441-DEC0-49D7-A3A7-691E0DE0E858}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{501B9B63-E214-4EDD-915E-4C27C74C007E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{568FD40C-FCC0-43F1-AF45-7CFE12F46819}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{60888C25-1B70-42C3-9517-47E78035CA57}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe |
"{671F1B4A-C281-4CD5-92B0-EDC661EE3832}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{6A9FB3B7-914D-42DB-8BA7-A0D0A4548F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{6FF54558-8A62-404F-9339-25AE63E935C5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{70CEB372-6D8B-4A15-9855-C5A74E08291A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{71578473-28AB-4F38-B619-3BD252D99D1B}" = protocol=6 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe |
"{76C5AA80-F39E-4505-8DA1-9AF4D131D355}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7BE2817C-D580-4284-B146-FD36CA8147E6}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe |
"{83A549C1-A811-4DC7-9369-8367F389A02B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8E63F69D-DFD4-4E96-8B97-928B6340B83E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{90F77F55-A927-4974-A595-3A1543622299}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{91F90BE3-E1D4-4839-BB77-EC689EE84A06}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"{949B8B59-5674-4DEA-8A25-24448D6561FC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{95A074D2-C4D5-4177-8B29-E7BEA5664F73}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{95A61992-60E4-4294-8B8A-5443395A41A9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{9F864F54-4A17-421F-8B63-9BFD08E3ED60}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\acbsp.exe |
"{A31C1EE2-A868-4E16-BADB-437067629D2F}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe |
"{A4B25B97-CF42-423B-AAAC-81BE56B19E3F}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daupdatersvc.service.exe |
"{AA9E7578-2164-42DE-8A62-F8D1BF67493B}" = protocol=17 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe |
"{ADABAD31-E8C7-4730-9540-0BF4AA54B206}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{AF3B51FE-CF06-4381-BC40-4EC9362D571C}" = protocol=17 | dir=in | app=e:\spiele\call of duty 4\iw3mp.exe |
"{AFD8CFE3-F083-41EB-8189-794CA95C38E2}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{BF55D5A3-2DA2-479B-84AF-511C3FAF77CF}" = protocol=17 | dir=in | app=d:\mass effect 2\masseffect2launcher.exe |
"{C5D7B851-D33C-49D5-B61F-2C89060085E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{CCD07AA1-2CAD-472C-8E60-88F891353624}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\acbmp.exe |
"{CF700603-5D49-4F95-8408-E0CC0C5595A0}" = protocol=17 | dir=in | app=d:\dragon age\daoriginslauncher.exe |
"{D318D829-DF98-4107-B190-5F9016E8A323}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe |
"{D3A5C712-1614-4FDE-9764-92FE183A0D00}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe |
"{D52A1B56-1747-4F83-90AC-1FA119E727EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe |
"{D57E28CA-36BD-4F49-9D30-F1B97EDA080F}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daupdatersvc.service.exe |
"{D695ED2A-AAAB-4E00-857D-5C9D817BDFD5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D70FD49B-C2F3-422A-9F55-D371FCF12AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe |
"{EAE05A52-2035-46A3-8F27-CB4094710FFB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EF2C83AB-F1C6-4C69-A729-164E61F946EF}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{F9FF7112-6089-43E3-9D7E-AD892E759382}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\uplaybrowser.exe |
"{FAC199D3-FBC4-4C24-9AD2-568FA61F49D7}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe |
"{FC8E3844-3501-430D-BC69-D16777FD305B}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\uplaybrowser.exe |
"TCP Query User{289EEED0-7B56-46CF-A691-719590CCFCBE}D:\dawn of war soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=d:\dawn of war soulstorm\soulstorm.exe |
"TCP Query User{3EF1F42A-8B11-4FFC-8E1D-82E94532DFAD}D:\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\der herr der ringe online\lotroclient.exe |
"TCP Query User{79A52499-3487-4A23-94AD-0FDAEA077CBE}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe |
"TCP Query User{92C0E751-7196-417B-A88A-135AB1CC614E}E:\spiele\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\spiele\dawn of war - dark crusade\darkcrusade.exe |
"TCP Query User{93465E5D-3264-49EB-86A6-8CFC17D63968}D:\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\crysis 2\bin32\crysis2.exe |
"TCP Query User{95C74926-6CED-419B-AD83-82B9EC869BBF}D:\dawn of war + wa\w40kwa.exe" = protocol=6 | dir=in | app=d:\dawn of war + wa\w40kwa.exe |
"TCP Query User{A8B68537-777E-4FE6-8A66-B7D8D46CD632}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
"TCP Query User{B0A5FB4A-ABC7-47F2-BC61-1379A146EF1D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"TCP Query User{CA77532B-B6A3-46C2-9BFD-E14ECF351137}D:\dawn of war + wa\w40k.exe" = protocol=6 | dir=in | app=d:\dawn of war + wa\w40k.exe |
"TCP Query User{D631732F-910A-4861-B912-613724E9C0D3}D:\dead space\dead space.exe" = protocol=6 | dir=in | app=d:\dead space\dead space.exe |
"TCP Query User{F5170D53-F380-4C83-A495-4057992E7378}C:\users\max\appdata\roaming\voyl\heawt.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\voyl\heawt.exe |
"TCP Query User{F8B750DA-7EA9-4D6C-B864-9E74443DDC36}G:\fscommand\updater.exe" = protocol=6 | dir=in | app=g:\fscommand\updater.exe |
"UDP Query User{05417A5E-560A-4912-8E59-6DF9A3F27971}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe |
"UDP Query User{2EE32100-AC02-42C0-A377-1ADAB16FB342}C:\users\max\appdata\roaming\voyl\heawt.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\voyl\heawt.exe |
"UDP Query User{3EC18F2F-F4D9-4771-9AEC-FE24E586620A}D:\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\der herr der ringe online\lotroclient.exe |
"UDP Query User{47D90081-5A12-4926-AE9F-C5757F6F2EC3}D:\dawn of war soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=d:\dawn of war soulstorm\soulstorm.exe |
"UDP Query User{51457E37-40B4-401B-8DE8-5000180C75E6}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe |
"UDP Query User{60BAF272-01D2-4346-8076-A16E65E5CCAB}E:\spiele\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\spiele\dawn of war - dark crusade\darkcrusade.exe |
"UDP Query User{665A20F1-C0B8-4D54-8442-B656CB52F651}D:\dawn of war + wa\w40k.exe" = protocol=17 | dir=in | app=d:\dawn of war + wa\w40k.exe |
"UDP Query User{87584803-2D7E-45F1-8685-292B0D66719D}D:\dawn of war + wa\w40kwa.exe" = protocol=17 | dir=in | app=d:\dawn of war + wa\w40kwa.exe |
"UDP Query User{DC92E7E4-ED94-4E22-98AD-D2C0F2954B61}D:\dead space\dead space.exe" = protocol=17 | dir=in | app=d:\dead space\dead space.exe |
"UDP Query User{E4EB4A79-ECA3-42FB-9275-C5BE3F6863FD}D:\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\crysis 2\bin32\crysis2.exe |
"UDP Query User{E7FF04D0-E4D2-4B49-BD5C-E0601488FC95}G:\fscommand\updater.exe" = protocol=17 | dir=in | app=g:\fscommand\updater.exe |
"UDP Query User{FB8D872F-129F-4AC3-892F-25F087E5BDB2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2C4FFF38-9FA5-C451-E79D-FAB3848C7F5A}" = ccc-utility64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F4884F1-488D-4738-8F71-65A378BB484C}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EA6138FF-7608-1195-6E32-F8A7F00CDB89}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{15C82F5E-6EA9-44FE-A0FC-B6D08A684037}" = TubeBox!
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20FC1593-0BA0-4334-8786-E634FC011B69}_is1" = Underhell version 1.5
"{3EA20BCC-983E-E2FB-7655-F701160703AF}" = Catalyst Control Center HydraVision Full
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4DDF49C7-E23B-28E4-D899-DE1950411061}" = Catalyst Control Center Graphics Light
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61814DD5-D192-7D9F-4070-08058E94C765}" = Catalyst Control Center Core Implementation
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Hercules Classic Silver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8B251F4A-0B78-2045-B802-CDB67F594E53}" = Catalyst Control Center Graphics Previews Vista
"{8F808D5F-7635-EE62-F2B4-42D72D74443C}" = Catalyst Control Center Graphics Previews Common
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B11D111C-ADA8-B61D-940D-BB85A7B9F9F8}" = Catalyst Control Center InstallProxy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC4C00F4-3043-BA09-C401-A4728663ECCE}" = ccc-core-static
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C27B2B08-B5BD-A210-73AF-83A740ECC32F}" = Catalyst Control Center Graphics Full New
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6AA63A6-3248-2D28-3BAA-AA9C6B8D84BE}" = CCC Help English
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D1FD3035-DD6F-4A17-BC30-784E97EFBC68}" = Gothic III - Forsaken Gods
"{DFF10B77-36EB-4B73-AA8B-2B98E74EC3C7}" = YouTube Downloader Toolbar v4.5
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F18EF558-2BCE-99DE-4021-46726B061BD2}" = Catalyst Control Center Graphics Full Existing
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Halo 2" = Halo 2 for Windows Vista
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"PunkBusterSvc" = PunkBuster Services
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 215" = Source SDK Base 2006
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"VLC media player" = VLC media player 1.1.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.08.2011 05:12:43 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung sed.cfxxe, Version 0.0.0.0, Zeitstempel 0x420c7c1c,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x7546a57d,  Prozess-ID 0x10e4, Anwendungsstartzeit 01cc51bd807f18c3.
 
Error - 03.08.2011 05:12:49 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung swreg.cfxxe, Version 3.0.0.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x7546a57d,  Prozess-ID 0x8cc, Anwendungsstartzeit 01cc51bd845eeb03.
 
Error - 03.08.2011 05:13:00 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung swreg.cfxxe, Version 3.0.0.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x7546a57d,  Prozess-ID 0x898, Anwendungsstartzeit 01cc51bd8a6ca387.
 
Error - 03.08.2011 05:16:52 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GoogleUpdate.exe, Version 1.2.183.21, Zeitstempel
 0x4b95e661, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7591a57d,  Prozess-ID 0x9c, Anwendungsstartzeit
 01cc51be134df05d.
 
Error - 03.08.2011 05:17:07 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.08.2011 05:17:22 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung swxcacls.cfxxe, Version 1.0.1.1, Zeitstempel
 0x2a425e19, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7591a57d,  Prozess-ID 0xd4, Anwendungsstartzeit
 01cc51be27007deb.
 
Error - 03.08.2011 05:21:17 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung swreg.cfxxe, Version 3.0.0.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x7591a57d,  Prozess-ID 0x4c8, Anwendungsstartzeit 01cc51beb3341a48.
 
Error - 03.08.2011 06:20:49 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 03.08.2011 16:48:52 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 04.08.2011 05:08:35 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 31.03.2011 08:49:58 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.03.2011 um 16:57:27 unerwartet heruntergefahren.
 
Error - 01.04.2011 09:09:04 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2011 um 20:23:49 unerwartet heruntergefahren.
 
Error - 03.04.2011 03:54:24 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.04.2011 um 00:14:33 unerwartet heruntergefahren.
 
Error - 04.04.2011 14:53:24 | Computer Name = Max-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 05.04.2011 10:54:19 | Computer Name = Max-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{6B85F01E-F46E-4925-A70D-8C9BEFCA1ACD} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 05.04.2011 10:54:19 | Computer Name = Max-PC | Source = netbt | ID = 4321
Description = Der Name "MAX-PC        :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 0.0.0.0  registriert werden. Der Computer mit IP-Adresse ***********
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 08.04.2011 09:08:24 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.04.2011 um 21:03:58 unerwartet heruntergefahren.
 
Error - 12.04.2011 08:37:08 | Computer Name = Max-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 12.04.2011 13:31:07 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7034
Description =
 
Error - 14.04.2011 13:35:34 | Computer Name = Max-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
 
< End of report >
--- --- ---

Swisstreasure 04.08.2011 12:52
Schritt 1

WICHTIG! Hier im Script den Bereich *** mit dem richtigen Pfad ergänzen.
Code:
:OTL
PRC - [2011.06.24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
O4 - HKCU..\Run: [Nfitoba] C:\Users\Max\AppData\Local\cpiadp.dll (Axalto)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
:Files
C:\Users\Max\AppData\Roaming\Yxwe
C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\cyno.exe
C:\users\***\AppData\Local\Tvefuse.bin
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Anubiss 04.08.2011 21:56
Also, hier das OTL:

All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nfitoba deleted successfully.
C:\Users\Max\AppData\Local\cpiadp.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== FILES ==========
C:\Users\Max\AppData\Roaming\Yxwe folder moved successfully.
C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\cyno.exe moved successfully.
C:\users\Max\AppData\Local\Tvefuse.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 188512 bytes
->Temporary Internet Files folder emptied: 1225938 bytes
->FireFox cache emptied: 43349135 bytes
->Flash cache emptied: 3521 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7192 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08042011_194132

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Anubiss 04.08.2011 21:58
Das mit dem Ausführen bei schritt 2 hat nict geklappt (auch ohne ")
Habe aber eine log datei manuell in em Programm gefunden:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=97119e5bfe109c49aee85724196cba93
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-04 08:45:28
# local_time=2011-08-04 10:45:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 173672 173672 0 0
# compatibility_mode=1797 16775165 100 94 1391967 49018108 1384614 0
# compatibility_mode=5892 16776573 100 56 207875 150005347 0 0
# compatibility_mode=8192 67108863 100 0 193 193 0 0
# scanned=278137
# found=8
# cleaned=0
# scan_time=9441
C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Max\AppData\Roaming\Sun\cwnmw.dll.vir probably a variant of Win32/PSW.Agent.JEFGNTY trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08042011_194132\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08042011_194132\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08042011_194132\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08042011_194132\C_Users\Max\AppData\Local\cpiadp.dll a variant of Win32/Kryptik.RBG trojan (unable to clean) 00000000000000000000000000000000 I
E:\Spiele\Dungeon Siege 2\ds2_dvd.iso probably a variant of Win32/Agent.MTSNIQX trojan (unable to clean) 00000000000000000000000000000000 I
E:\Spiele\Dungeon Siege 2\updates\Trainer\asx-ds2\asx-ds2.exe probably a variant of Win32/Agent.MTSNIQX trojan (unable to clean) 00000000000000000000000000000000 I

Swisstreasure 05.08.2011 00:33
Noch Probleme?

Ich bin bis am Sonntag abwesend. Melde mich dann aber gleich wieder.

Anubiss 06.08.2011 15:08
Also erstmal vielen Dank! Virtumonde schient jetzt weg zu sein
Habe aber immer noch Probleme: Nachdem ich heute kurz wieder im Internet war hat meine Computer plötzlich per Boxen angefangen irgendetwas von ner Las Vegas Hotline zu erzählen. War kein Popup oder sowas lief auch weiter nachdem aller Internetseiten zu waren, erst das abklemmen der Verbindung beendete den Spuk. Habe jetzt noch mal einen Scan mit malwarebytes gemacht da wird angezeigt das noch 6 Untermieter da sind. Kann man die einfach gefahrlos mit dem Programm niedermachen? Kannst du mir da auch noch weiterhelfen?

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7358

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

06.08.2011 15:57:32
mbam-log-2011-08-06 (15-57-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170001
Laufzeit: 3 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\Windows\temp\kvsqsb\setup.exe (Spyware.Passwords.XGen) -> 1772 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Spyware.Passwords.XGen) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nfitoba (Trojan.Agent.U) -> Value: Nfitoba -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\temp\kvsqsb\setup.exe (Spyware.Passwords.XGen) -> No action taken.
c:\program files (x86)\youtube downloader toolbar\IE\4.5\youtubedownloadertoolbarie.dll (PUP.Dealio.TB) -> No action taken.

Swisstreasure 07.08.2011 13:29
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Anubiss 07.08.2011 15:20
Eine Extra Datei wurde vom Programm nicht erstellt (?):
OTL Logfile:
Code:
OTL logfile created on: 07.08.2011 16:01:52 - Run 2
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Max\Desktop\Security
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,42% Memory free
8,17 Gb Paging File | 6,71 Gb Available in Paging File | 82,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 34,93 Gb Free Space | 23,43% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 77,19 Gb Free Space | 25,73% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 16,96 Gb Free Space | 11,39% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive I: | 246,75 Mb Total Space | 246,73 Mb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) -- C:\Windows\temp\kvsqsb\setup.exe
PRC - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
PRC - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.05.01 12:00:48 | 003,071,384 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2009.04.11 08:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2008.01.21 04:47:38 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006.12.28 01:00:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) [Auto | Start_Pending] -- C:\Windows\TEMP\kvsqsb\setup.exe -- (AMService)
SRV - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.30 16:38:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 16:38:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.12.30 19:05:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.09.30 16:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.22 15:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.02.09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.01.21 04:45:19 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010.09.06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 13:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.06 19:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
 
[2010.12.30 20:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions
[2011.01.01 15:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.05 22:38:26 | 000,002,094 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\searchplugins\ecosia.xml
[2011.07.22 22:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.30 19:47:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011.07.22 22:51:31 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MAX\APPDATA\ROAMING\5016
() (No name found) -- C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJRC5BED.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011.06.24 13:26:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.06 19:49:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 19:49:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.06 19:49:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:49:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 19:49:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:49:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Nfitoba]  File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.05 14:57:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.08.05 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.08.05 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Security
[2011.08.04 20:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.08.04 19:41:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.03 12:19:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.03 11:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.08.03 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\temp
[2011.08.03 11:08:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.03 11:08:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.03 11:08:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.03 11:08:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.03 11:07:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.02 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.08.02 20:36:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.02 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.02 20:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.02 20:36:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.02 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.02 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.02 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.07.31 13:15:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.07.30 11:23:52 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.30 11:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.07.30 11:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.07.28 15:15:27 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.28 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Samsung
[2011.07.28 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.07.28 15:12:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011.07.28 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.07.28 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Samsung
[2011.07.28 12:22:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2011.07.28 11:48:13 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2011.07.28 11:48:13 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2011.07.28 11:48:13 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2011.07.28 11:44:04 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011.07.28 11:44:04 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011.07.28 11:44:04 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011.07.28 11:41:37 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2011.07.28 11:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011.07.28 11:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.28 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2011.07.23 20:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.07.23 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.07.23 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.07.23 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.07.23 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HP
[2011.07.23 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\PunkBuster
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2011.07.22 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[1 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.07 16:04:40 | 001,733,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.07 16:04:40 | 000,736,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.07 16:04:40 | 000,686,604 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.07 16:04:40 | 000,172,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.07 16:04:40 | 000,140,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.07 15:59:44 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.07 15:59:41 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 15:59:41 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 15:59:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.07 14:43:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.07 14:24:11 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 20:00:23 | 491,235,291 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.05 11:16:36 | 000,074,240 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.02 14:57:20 | 000,000,321 | ---- | M] () -- C:\Windows\wininit.ini
[2011.08.02 13:58:12 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 13:55:14 | 000,250,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.02 13:42:59 | 000,000,732 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2011.08.02 11:35:15 | 000,000,120 | ---- | M] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.28 15:12:29 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.28 13:29:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 13:22:25 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.07.25 23:14:40 | 000,001,356 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2011.07.23 20:58:50 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[1 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.05 20:00:23 | 491,235,291 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.03 11:08:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.03 11:08:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.03 11:08:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.03 11:08:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.03 11:08:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.02 13:57:56 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 12:24:53 | 000,000,321 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.02 11:35:15 | 000,000,120 | ---- | C] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.07.28 15:12:29 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.28 15:05:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.07.28 15:04:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.07.28 13:29:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 11:38:18 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.07.23 20:59:23 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.07.23 20:58:50 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:25 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.06 12:37:12 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 12:37:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.01 19:09:37 | 000,000,091 | ---- | C] () -- C:\Users\Max\AppData\Local\fusioncache.dat
[2011.03.16 21:00:01 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 15:16:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.30 19:51:01 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.12.30 19:49:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.30 18:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 16:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.30 12:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.12.30 12:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.12.30 12:49:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.12.29 19:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.12.29 18:55:58 | 000,000,552 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d8caps.dat
[2010.12.29 18:55:00 | 000,001,356 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.12.29 18:53:24 | 000,074,240 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.29 17:01:01 | 001,762,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 14:14:00 | 000,000,732 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.31 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\25006
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\5016
[2010.12.30 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2011.07.30 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ
[2011.07.31 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\kock
[2011.07.06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.07.28 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.08 14:29:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2010.12.31 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TubeBox
[2011.07.23 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xmldm
[2011.08.07 14:43:51 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.03 12:19:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.30 16:49:48 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.30 14:52:07 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.29 15:01:44 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 05:01:21 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.23 20:55:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.05 14:24:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.02 20:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.03 11:22:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.08.07 16:03:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.28 15:33:09 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.30 17:07:15 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.05 20:00:23 | 000,000,000 | ---D | M] -- C:\Windows
[2011.08.04 19:41:32 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---

Swisstreasure 07.08.2011 17:39
Schritt 1
Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKCU..\Run: [Nfitoba]  File not found
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

BitDefender QuickScan
  • Unterstützte Betriebssysteme: Alle
  • Im IE wird ein ActiveX-Addon installiert und im Firefox ein Addon (was jweils erlaubt werden muss).
  • Klicke auf "Scan starten".
  • Klicke auf "Log öffnen".
  • Das Logfile öffnet sich in Deinem Editor.
  • Poste mir den Inhalt hier in den Thread.
  • Achte darauf IPs und persönlichen Daten unkenntlich zu machen.
  • Deinstallation:
    IE => Extras => Uninstall BitDefender Online Scanner.
    Firefox => Extras => Addons => BitDefender QuickScan deinstallieren.

Anubiss 07.08.2011 19:32
Okay, hier das OTL:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nfitoba deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 405198 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 7003332 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46616 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08072011_201934

Files\Folders moved on Reboot...
File\Folder C:\Users\Max\AppData\Local\Temp\~DF22D3.tmp not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF3FEA.tmp not found!
C:\Windows\temp\kvsqsb\setup.exe moved successfully.

Registry entries deleted on Reboot...

Anubiss 07.08.2011 19:36
Und hier das Bitdefender File:

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Überprüfungsdatum: Sun Aug 07 20:27:53 2011
Computer ID: A8F31D43

C:\Windows\temp\kvsqsb\setup.exe - zugriff nicht möglich
--> Vorgang setup.exe (1820)


Keine Infizierungen gefunden.
-----------------------------



Prozesse
--------
AntiVir Desktop 2604 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
AntiVir Desktop 1860 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
AntiVir Desktop 1588 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
AVM AVMWlanService 1888 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
AVM FRITZ!WLAN 2592 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
Betriebssystem Microsoft® Windows® 3924 C:\Windows\SysWOW64\PING.EXE
Device Error Recovery SDK 1952 C:\Windows\SysWOW64\dgdersvc.exe
DivX Download Manager Service 2956 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
DivX Update 3016 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Firefox 4052 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 3300 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Kies TrayAgent 2076 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR 2324 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Microsoft Office 2003 2368 C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Pando Media Booster 1200 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PnkBstrA.exe 2044 C:\Windows\SysWOW64\PnkBstrA.exe


Netzwerkaktivität
-----------------
Vorgang setup.exe (1820) verbunden mit Anschluss 3000 --> **.***.***.***
Vorgang plugin-container.exe (3300) verbunden mit Anschluss 80 (HTTP) --> **.**.***.**
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> **.***.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***

Vorgang PMB.exe (1200) kontrolliert die Anschlüsse: 443 (HTTP over SSL), 563 (NNTP over SSL), 56735


Autoruns und kritische Dateien
------------------------------
AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
AVM FRITZ!WLAN C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
Betriebssystem Microsoft® Windows® c:\windows\system32\browseui.dll
Betriebssystem Microsoft® Windows® C:\Windows\system32\ssText3d.scr
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
DivX Download Manager Service C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
DivX Update C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Kies C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
Kies TrayAgent C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Pando Media Booster C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verifiziert) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
(verifiziert) Betriebssystem Microsoft® Windows® c:\windows\system32\userinit.exe
(verifiziert) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe


Browser Plugins
---------------
AcroIEHelper Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
DivX OVS Helper Plug-in C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
DivX Web Player c:\program files (x86)\divx\divx plus web player\npdivx32.dll
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
ICQ C:\Program Files (x86)\ICQ7.2\ICQ.exe
Microsoft Office 2003 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
nppdf32.DEU C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Widgi Toolbar c:\program files (x86)\youtube downloader toolbar\ie\4.5\youtubedownloadertoolbarie.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\mswsock.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\napinsp.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll
(verifiziert) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verifiziert) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Überprüfen
----------
MD5: 3912f8e7a48a1446e054d1e79da355bc C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: 6159c95aa16e8b2a01b7a001b8c134c3 C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll
MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll
MD5: 99fc44836c9faa66d3dd7f6264c2996b C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll
MD5: e1805cf3f4739be2311a50966ebe0ce7 C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll
MD5: 5d6d771cd7478365926dfe609824b060 C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll
MD5: 24af31feed98a2ba8f0649045c05c3bc C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll
MD5: 1ca8605d69c9d53c837bd6ab57c9294b C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll
MD5: 6510790b36f61d75948e9e001b6775ab C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll
MD5: ea8d2dcbadb11928df166a5683d7b524 C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll
MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll
MD5: 3a0638167d746bcbe06494945943ad30 C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll
MD5: 100caaf3542fb51feca9c09db1cb940d C:\Program Files (x86)\Avira\AntiVir Desktop\aevdf.dll
MD5: c55ee924474044ca64b473b356e9d080 C:\Program Files (x86)\Avira\AntiVir Desktop\avesvc.dll
MD5: 77cf51df00905f2312f41d181056cdcd C:\Program Files (x86)\Avira\AntiVir Desktop\avesvcr.dll
MD5: 4c3eed40c3f2a9fc9956b0511d431304 C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll
MD5: 5ee5c132d47ba6f331099bff1d1db539 C:\Program Files (x86)\Avira\AntiVir Desktop\AVGIO.DLL
MD5: 61941d4566c3b09f377e0e1a97bd0d9a C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
MD5: 72d90e56563165984224493069c69ed4 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
MD5: 5252bb49a0b35e1127d3771e21c7af6d C:\Program Files (x86)\Avira\AntiVir Desktop\AVPREF.DLL
MD5: f7263b4e58e0346178cad70eac7f35e6 c:\program files (x86)\avira\antivir desktop\ccgen.dll
MD5: 99fadefb3e0cfe592c4cdaccdbae12e5 c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
MD5: 86e162677d131e5fa32fb2bff60cfd05 c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
MD5: 4b3a4639dd281b709162a2120b3daefc c:\program files (x86)\avira\antivir desktop\ccguard.dll
MD5: c0245ed1f48397d41632cab0afa842ce c:\program files (x86)\avira\antivir desktop\cclic.dll
MD5: d17e73d08d3f9bf86778ca32bafea292 c:\program files (x86)\avira\antivir desktop\cclicrc.dll
MD5: 05be6a994e936dc58ee3940e0bb46e70 c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
MD5: 98d551a16398529f181570a001843231 c:\program files (x86)\avira\antivir desktop\ccmsg.dll
MD5: d201762816e297d0eed3b7cf00d64c93 c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
MD5: bd655a8ecaf694c48684b89c745f52fa c:\program files (x86)\avira\antivir desktop\ccupdate.dll
MD5: 6bb82348cc5c8d0ac51090f2bf7e0a92 c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
MD5: a0ef10de0d455e33adffc39948660899 c:\program files (x86)\avira\antivir desktop\ccupdw.dll
MD5: 0014339814c89abf148f49976146941c c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
MD5: 3defa178843b7d2cd67f63c1e2119857 c:\program files (x86)\avira\antivir desktop\ccwgrdrc.dll
MD5: d41a02871f992a2c47b84a95c2a78b40 c:\program files (x86)\avira\antivir desktop\ccwgrdw.dll
MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll
MD5: d710a6d072bfb305ec0a92b9c79b7a32 C:\Program Files (x86)\Avira\AntiVir Desktop\guardmsg.dll
MD5: b54557b71a82e1f9bc914991328cef16 C:\Program Files (x86)\Avira\AntiVir Desktop\onlcfg.dll
MD5: befda36cc978316a4b31495364b7e786 C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
MD5: c27d46b06d340293670450fce9dfb166 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
MD5: 11f5a7193b32e6d7d8efe0c17271916c C:\Program Files (x86)\Avira\AntiVir Desktop\schedr.dll
MD5: 86fa1ecde6424cf93befd20ba4f2bc55 C:\Program Files (x86)\Avira\AntiVir Desktop\webcat.dll
MD5: 8d61c508ea68f9b032d21cc48adfaa8d C:\Program Files (x86)\avmwlanstick\avmsysnet.dll
MD5: 99d317ac2ba35b63a50aaafee4c760ed C:\Program Files (x86)\avmwlanstick\avmwlapi.dll
MD5: aaa66f4d2b2a0382926f306c5a99440a C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
MD5: 9bd46c1d2f33a890b7226edf543f18aa C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 251c11444f614de5fa47ecf7275e7bf1 C:\Program Files (x86)\Common Files\Microsoft Shared\office11\mso.dll
MD5: 8caf5c1748401032efabb3d52e27c1be C:\Program Files (x86)\Common Files\Microsoft Shared\office11\riched20.dll
MD5: 89175c7a2984459c0f0b0778f85a2251 C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\1031\MSGR3EN.DLL
MD5: 971ffaf1206d101f2b7875698124ccbf C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\mslid.dll
MD5: 4ad532426cea90f59b5364f7be5f2a86 C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSSP3GE.DLL
MD5: f29a80f607703ca1fc5d25993cc7feda C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL
MD5: 5252198cf3f45114c6ca27bad1635da0 C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1031\STINTL.DLL
MD5: deaa0f5ff041981e34ca79257ba44414 C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FNAME.DLL
MD5: b5003cb6d91829e33997d7056a534872 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: f4d62a129aaee4a619fce0c03b15e94c C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
MD5: 57d8c4ed26dfd7ef0e2cb196fb8bfb54 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
MD5: 4b988e3393789572cdb143ddac3a2fc0 C:\Program Files (x86)\DivX\DivX Plus Web Player\DivXDownloadManager.dll
MD5: abb7a668b5d11bff77dd00cc2b6c8db0 c:\program files (x86)\divx\divx plus web player\npdivx32.dll
MD5: a58e05767687e1e636d160ecea9bc8ed C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MD5: 6031368292d5e8909fb088b31e183ec8 C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: 83ebccc27098b1d1f20f72e10d6bf309 C:\Program Files (x86)\ICQ7.2\ICQ.exe
MD5: 63397ff71c1bc450e3d07782dd0c2e0d C:\Program Files (x86)\Microsoft Office\OFFICE11\msostyle.dll
MD5: 1eea7dd2f1ea6efef380b99a90228d2f C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
MD5: b957b30090889aa4f887277916f76fe7 C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 6c9cd3ecba6732661c8bbe37a877a2bd C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: cc5b1a70daa7a04fe15e6d7c54b55d02 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: ff4040da11ae0d13a0a7778e6022e728 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: 96397535f6e4ca499dd659ce76c50746 C:\Program Files (x86)\Mozilla Firefox\MOZCPP19.dll
MD5: 411f23aaf331da8b9f0cfd1cada4b8b5 C:\Program Files (x86)\Mozilla Firefox\MOZCRT19.dll
MD5: 1919d815996470088d20a59e992a9695 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: fcd1d9ccc7096dc2210d3096fbdf92cc C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: c1bf9c9244996aa0607766199d226183 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: f030ff40b6afb777b9992525800de3ea C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 6689b655ea803be040d95b8ea913249f C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 079155b0a7579652dcc2ec7908d9502a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: fb4fc7ee2e516063e25887c2e170d893 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: 4dfdfb82c4f60beaf88e3c13c01f124a C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 5bff0a2260ab6bf8d9b829d947c5ef6c C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: 4486ad32bb05628967695fca1badd46e C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 8b07628e389e72b83473383914333ad6 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
MD5: 1972e3168b6ba0a968a6a4b86e390b38 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU
MD5: 04af8bc83a89d9b71f7e0bcaf9fdd768 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: cb2e646a69d347eb0437ab50785cf3bb C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 363f20b791469048b0878dbdfd60e41b C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: b6a4cb50c2c0d7821a604c64a5058ed1 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: cd05ba08fd35ec561b82f6d1c905a445 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: 840e1ad2fdeedf482927d4369fb03dac C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 904f19d9b38895bd92b67738d8a1facf C:\Program Files (x86)\Pando Networks\Media Booster\BugSplat.dll
MD5: 244c2be6546609ee0a627b507ed57699 C:\Program Files (x86)\Pando Networks\Media Booster\freebl3.dll
MD5: 0ca99c5acf7d36b6ec8f504a1f11902b C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: 64f8d5047147c54fc5d524e4513ca327 C:\Program Files (x86)\Pando Networks\Media Booster\nspr4.dll
MD5: ac3e2a5b33a035827cb73a6e76d0fe96 C:\Program Files (x86)\Pando Networks\Media Booster\nss3.dll
MD5: 84ea29214303fecbae4fbd249d43c54d C:\Program Files (x86)\Pando Networks\Media Booster\plc4.dll
MD5: dcf946d365991221dfdd5db29c4bfdf7 C:\Program Files (x86)\Pando Networks\Media Booster\plds4.dll
MD5: ad58699da72fff9d87b7cae78964d127 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MD5: 8a07ac5a1ec46972288dbd3dffb00cc4 C:\Program Files (x86)\Pando Networks\Media Booster\smime3.dll
MD5: 5bd6b446e028af843d9f01eea2185000 C:\Program Files (x86)\Pando Networks\Media Booster\softokn3.dll
MD5: 7392461e219cd8384ba07119b17a768c C:\Program Files (x86)\Pando Networks\Media Booster\ssl3.dll
MD5: 8793bea49c0aa4afa7800f3c3b3fefc8 C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
MD5: 0b8834334450ee1371ee824173af6c41 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MD5: a40a9388c4dd9a6d7ffe1b2901612761 C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
MD5: ef44b359e520b5b9528ac0b3de9f7dd5 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MD5: 590c4454a1d36f76da1f636fad139771 c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
MD5: 808ca0e4d7b62e5b3b2d5ac278d3bf8e c:\program files (x86)\youtube downloader toolbar\ie\4.5\youtubedownloadertoolbarie.dll
MD5: ab26aa5f24fa96fec4a7b0c70df5af27 C:\Users\Max\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: fd647ca82acf232dbe5f20345647b948 C:\Windows\AppPatch\AcGenral.DLL
MD5: 5a5dec75f662fbb8e48dd29b2d929473 C:\Windows\AppPatch\AcSpecfc.DLL
MD5: 2ce97833ba80e7c319390c4b071bda00 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
MD5: 2d7617d3143493eb8bd38290e9d2e51a C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
MD5: ed51ca800645080bbfdda92c1b172742 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
MD5: 30a6abfdafc89976c52400665105e805 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
MD5: f61faa6504ef9939867bc4ca5f50f2c0 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
MD5: 63c13a88fb0520a8e2d46fd529680f16 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
MD5: 647c58aa860262ab06c75fec8e3de286 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
MD5: db5ea8b98004ec7e0adba7b4f9033d9f C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1419704737b7f46a48bc854aa2f5597d\System.Runtime.Remoting.ni.dll
MD5: 33101aaeff4e876d07f7ecb3616e68db C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
MD5: 2bc43a2c4b0b3bc7863fede5031a9037 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
MD5: 6ac72593c1244399816bb40f21b41af6 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
MD5: 68f2e9e1ee53b6aa03ab6ec62c43f145 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
MD5: cc16b7c2367f8c4762bf770286b0a0b1 C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
MD5: 632e0ce38fbcadeaae28077f4c9c45d5 C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 1a11a757d613f8a815b8e30025522628 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: 7b1028a754bb63bbfc75b6a94c3f47e5 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 1986443c2f2c0e2a18e908dd241bf84d C:\Windows\Microsoft.NET\Framework\v4.0.30319\culture.dll
MD5: f711c8d93a8e4410c284d177b76c7f2b C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 9383d302f0d95db0802308cf250727f3 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: 56d16a44691c0337dd0ef3f3008a9977 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: ebc6332093aec6a4fbf2c3919d03877a C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe
MD5: 378e22d49bea659ef11e6829ed058fc7 C:\Windows\system32\atiumdag.dll
MD5: a184e7e06d4d9336ad5cb84e1d8dcb92 C:\Windows\system32\atiumdva.dll
MD5: da7478ba9e41b60b3d5da456e253002a C:\Windows\system32\audioeng.dll
MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\BCRYPT.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 3be1651c63954067940e7f473498ad70 C:\Windows\System32\drivers\dgderdrv.sys
MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\dwrite.dll
MD5: a9542ff2e9a82cf100e5729ec79068f0 C:\Windows\system32\FLTLIB.DLL
MD5: dca3fa9f9dd103dc39c24c85ef073db1 C:\Windows\system32\ICMP.DLL
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL
MD5: ba7c3e9dd6b1a632124c8659e8014028 C:\Windows\system32\Perfctrs.dll
MD5: ab530fdd34c67b497a20171d1234cfe9 C:\Windows\system32\RICHED32.DLL
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 36a107e19010259fcac647ea2bf94b37 C:\Windows\system32\ssText3d.scr
MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\t2embed.dll
MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\uxtheme.dll
MD5: f7f4ad3d174cb5ec3c12f04c99478b84 C:\Windows\system32\WindowsCodecs.dll
MD5: 2d1179cdec6b7400105e68f6ac9b4efe C:\Windows\system32\WINSPOOL.DRV
MD5: 367465dd8e2bffe4c5477c86c8217e8c C:\Windows\SysWOW64\dgderapi.dll
MD5: 10b8f89d146d0e20b1284d47bb4ec6c9 C:\Windows\SysWOW64\dgdersvc.exe
MD5: 1bd976dd77b31fe0f25708ad5c1351ae C:\Windows\SysWOW64\DIFXAPI.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\Syswow64\DNSAPI.dll
MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll
MD5: af3db1d3ac2ab52f910b2102447e3564 c:\windows\syswow64\ieframe.dll
MD5: 6419081f0f15cb860458515d1a52d560 C:\Windows\syswow64\iertutil.dll
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\syswow64\IMM32.dll
MD5: 7f4caeac24592fa9f574e1f8cd1d0604 C:\Windows\syswow64\kernel32.dll
MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL
MD5: 21a67095edc11a528f5434d28bb0ef3c C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 56007cfc52167c26e4a3f899b8d29ccd C:\Windows\SysWOW64\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll
MD5: de4cd76c254e143f40e62952788d3be7 C:\Windows\syswow64\OLEAUT32.dll
MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe
MD5: 015e1f472a5633520903353375f7e69d C:\Windows\SysWOW64\PING.EXE
MD5: 3a2bdd76e7d2a5f40a7174793d1ba794 C:\Windows\SysWOW64\PnkBstrA.exe
MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll
MD5: 2ab58991862153a248779174d4e4212b C:\Windows\SysWOW64\schannel.dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\syswow64\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll
MD5: 9188e90d47ba1e68e90c450473fadf5f C:\Windows\syswow64\urlmon.dll
MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll
MD5: 17413ef7d95632d892b4c914cd7e66f9 C:\Windows\syswow64\WININET.dll
MD5: a55e7d0d873b2c97585b3b5926ac6ade C:\Windows\WindowsMobile\rapimgr.dll
MD5: 8bda6db43aa54e8bb5e0794541ddc209 C:\Windows\WindowsMobile\wcescomm.dll
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll
MD5: 914a7156b0c0f10be645a02e13f576b2 D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe


Keine Dateien hochgeladen

Scan beendet - Kommunikation hat 1 Sek. gedauert
übertragene Daten - 0.02 MB gesendet, 0.63 KB empfangen
349 Dateien und Module geprüft - 19 seconds

==============================================================================

Swisstreasure 07.08.2011 20:22
Schritt 1

Fixen mit OTL
Code:
:OTL
PRC - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) -- C:\Windows\temp\kvsqsb\setup.exe
SRV - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) [Auto | Start_Pending] -- C:\Windows\TEMP\kvsqsb\setup.exe -- (AMService)
:files
C:\Windows\temp\kvsqsb
:Commands
[purity]
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread

Anubiss 08.08.2011 08:24
Hier das OTL:

All processes killed
========== OTL ==========
No active process named setup.exe was found!
Service AMService stopped successfully!
Service AMService deleted successfully!
File C:\Windows\TEMP\kvsqsb\setup.exe not found.
========== FILES ==========
C:\Windows\temp\kvsqsb folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 92508 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6890003 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7192 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08082011_091917

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Swisstreasure 08.08.2011 08:31
Wie läuft das System?

Update Malwarebytes sund mache erneut einen Scan, poste das Log.

Anubiss 08.08.2011 15:00
Sieht gut aus, jetzt wird nur noch 1 Datei als Trojan Banker angezeigt
System läuft!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7409

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.08.2011 15:55:54
mbam-log-2011-08-08 (15-55-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170667
Laufzeit: 1 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\youtube downloader toolbar\IE\4.5\youtubedownloadertoolbarie.dll (PUP.Dealio.TB) -> No action taken.

Anubiss 09.08.2011 09:00
Kann ich den Trojaner jetzt einfach mit malwarebytes entfernen?

Swisstreasure 09.08.2011 13:07
Ja entferne alles.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Anubiss 09.08.2011 13:50
So, hier das OTL. Malwarebytes findet nach dem entfernen der Dateien auch nix mehr. Dürfte jetzt clean sein oder?OTL Logfile:
Code:
OTL logfile created on: 09.08.2011 14:38:49 - Run 4
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Max\Desktop\Security
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,60% Memory free
8,17 Gb Paging File | 6,65 Gb Available in Paging File | 81,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 32,19 Gb Free Space | 21,59% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 73,85 Gb Free Space | 24,62% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 16,96 Gb Free Space | 11,39% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive H: | 246,75 Mb Total Space | 246,73 Mb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
PRC - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.01 12:00:48 | 003,071,384 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2008.01.21 04:47:38 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006.12.28 01:00:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.30 16:38:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 16:38:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.12.30 19:05:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.09.30 16:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.22 15:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.02.09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.01.21 04:45:19 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010.09.06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 13:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.06 19:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
 
[2010.12.30 20:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.08.07 20:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions
[2011.01.01 15:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.07 20:26:37 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.01.05 22:38:26 | 000,002,094 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\searchplugins\ecosia.xml
[2011.08.09 14:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.30 19:47:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MAX\APPDATA\ROAMING\5016
() (No name found) -- C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJRC5BED.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011.06.24 13:26:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.06 19:49:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 19:49:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.06 19:49:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:49:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 19:49:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:49:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.07 20:26:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\QuickScan
[2011.08.07 16:55:54 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\World in Conflict
[2011.08.05 14:57:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.08.05 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.08.05 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Security
[2011.08.04 20:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.08.04 19:41:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.03 12:19:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.03 11:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.08.03 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\temp
[2011.08.03 11:08:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.03 11:08:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.03 11:08:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.03 11:08:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.03 11:07:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.02 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.08.02 20:36:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.02 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.02 20:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.02 20:36:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.02 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.02 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.02 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.07.31 13:15:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.07.30 11:23:52 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.30 11:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.07.30 11:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.07.28 15:15:27 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.28 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Samsung
[2011.07.28 15:12:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011.07.28 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.07.28 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Samsung
[2011.07.28 12:22:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2011.07.28 11:48:13 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2011.07.28 11:48:13 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2011.07.28 11:48:13 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2011.07.28 11:44:04 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011.07.28 11:44:04 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011.07.28 11:44:04 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011.07.28 11:41:37 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2011.07.28 11:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011.07.28 11:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.28 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2011.07.23 20:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.07.23 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.07.23 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.07.23 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.07.23 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HP
[2011.07.23 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\PunkBuster
[2011.07.22 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[2 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.09 14:38:25 | 001,733,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.09 14:38:25 | 000,736,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.09 14:38:25 | 000,684,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.09 14:38:25 | 000,172,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.09 14:38:25 | 000,139,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.09 14:31:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.09 14:31:14 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 14:31:14 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 14:31:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.09 14:29:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.09 14:24:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 11:16:36 | 000,074,240 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.02 14:57:20 | 000,000,321 | ---- | M] () -- C:\Windows\wininit.ini
[2011.08.02 13:58:12 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 13:55:14 | 000,250,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.02 13:42:59 | 000,000,732 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2011.08.02 11:35:15 | 000,000,120 | ---- | M] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.08.01 14:21:56 | 000,000,632 | ---- | M] () -- C:\Users\Max\Desktop\Gothic III - Forsaken Gods.lnk
[2011.08.01 13:22:43 | 000,000,559 | ---- | M] () -- C:\Users\Max\Desktop\Gothic III.lnk
[2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.28 13:29:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 13:22:25 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.07.25 23:14:40 | 000,001,356 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2011.07.23 20:58:50 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.03 11:08:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.03 11:08:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.03 11:08:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.03 11:08:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.03 11:08:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.02 13:57:56 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 12:24:53 | 000,000,321 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.02 11:35:15 | 000,000,120 | ---- | C] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.08.01 14:21:56 | 000,000,632 | ---- | C] () -- C:\Users\Max\Desktop\Gothic III - Forsaken Gods.lnk
[2011.08.01 13:22:43 | 000,000,559 | ---- | C] () -- C:\Users\Max\Desktop\Gothic III.lnk
[2011.07.28 15:05:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.07.28 15:04:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.07.28 13:29:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 11:38:18 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.07.23 20:59:23 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.07.23 20:58:50 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:25 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.06 12:37:12 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 12:37:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.01 19:09:37 | 000,000,091 | ---- | C] () -- C:\Users\Max\AppData\Local\fusioncache.dat
[2011.03.16 21:00:01 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 15:16:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.30 19:51:01 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.12.30 19:49:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.30 18:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 16:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.30 12:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.12.30 12:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.12.30 12:49:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.12.29 19:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.12.29 18:55:58 | 000,000,552 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d8caps.dat
[2010.12.29 18:55:00 | 000,001,356 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.12.29 18:53:24 | 000,074,240 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.29 17:01:01 | 001,762,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 14:14:00 | 000,000,732 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.31 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\25006
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\5016
[2010.12.30 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2011.07.30 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ
[2011.07.31 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\kock
[2011.07.06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.08.07 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\QuickScan
[2011.07.28 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.08 14:29:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2010.12.31 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TubeBox
[2011.07.23 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xmldm
[2011.08.09 14:29:57 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.03 12:19:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.30 16:49:48 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.30 14:52:07 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.29 15:01:44 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 05:01:21 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.23 20:55:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.09 14:34:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.02 20:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.03 11:22:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.08.09 14:39:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.28 15:33:09 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.30 17:07:15 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.09 14:33:27 | 000,000,000 | ---D | M] -- C:\Windows
[2011.08.04 19:41:32 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<          >

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20