Trojaner-Board
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   System Repair (https://www.trojaner-board.de/101579-system-repair.html)

Demian Saez 22.07.2011 16:08
Vorab:
Vielen Dank für deine Mühe!

Demian Saez 22.07.2011 17:35
Log von ComboFix:

Code:
ComboFix 11-07-22.02 - Demian 22.07.2011  17:07:22.2.4 - x64
Microsoft Windows 7 Professional  6.1.7601.1.1252.49.1031.18.8190.6180 [GMT 2:00]
ausgeführt von:: c:\users\Demian\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Demian\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\~P1kAlMiG2Kb7Fz
c:\programdata\~P1kAlMiG2Kb7Fzr
c:\programdata\P1kAlMiG2Kb7Fz
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-06-22 bis 2011-07-22  ))))))))))))))))))))))))))))))
.
.
2011-07-22 15:38 . 2011-07-22 15:38        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-07-22 08:09 . 2011-07-20 07:44        8578896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3CFB79BC-FF27-4A3F-A42A-C18D09E23076}\mpengine.dll
2011-07-21 21:59 . 2011-07-21 21:59        --------        d-----w-        c:\program files\Ubisoft
2011-07-10 17:33 . 2011-07-10 17:33        --------        d-----w-        c:\program files (x86)\Apple Software Update
2011-07-09 08:45 . 2011-04-25 05:33        1923968        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-07-09 08:44 . 2011-05-03 05:29        976896        ----a-w-        c:\windows\system32\inetcomm.dll
2011-07-09 08:44 . 2011-05-03 04:30        741376        ----a-w-        c:\windows\SysWow64\inetcomm.dll
2011-06-30 07:56 . 2011-06-30 07:56        --------        d-----w-        c:\program files\ATI Technologies
2011-06-30 07:54 . 2011-06-30 07:54        --------        d-----w-        C:\ATI
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-09 09:36 . 2011-03-27 21:50        2490752        ----a-w-        c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2011-07-06 05:21 . 2011-05-17 07:14        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-06 15:41 . 2011-06-04 23:56        254528        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2011-06-03 05:57 . 2011-07-13 21:38        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2011-06-02 13:05 . 2011-06-02 13:05        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2011-06-02 13:05 . 2011-06-02 13:05        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-02 13:05 . 2011-06-02 13:05        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-02 13:05 . 2011-06-02 13:05        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2011-06-02 13:05 . 2011-06-02 13:05        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2011-06-02 13:05 . 2011-06-02 13:05        1126912        ----a-w-        c:\windows\SysWow64\wininet.dll
2011-06-02 13:05 . 2011-06-02 13:05        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2011-06-02 13:05 . 2011-06-02 13:05        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2011-06-02 13:05 . 2011-06-02 13:05        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2011-06-02 13:05 . 2011-06-02 13:05        85504        ----a-w-        c:\windows\system32\iesetup.dll
2011-06-02 13:05 . 2011-06-02 13:05        76800        ----a-w-        c:\windows\system32\tdc.ocx
2011-06-02 13:05 . 2011-06-02 13:05        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2011-06-02 13:05 . 2011-06-02 13:05        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2011-06-02 13:05 . 2011-06-02 13:05        603648        ----a-w-        c:\windows\system32\vbscript.dll
2011-06-02 13:05 . 2011-06-02 13:05        49664        ----a-w-        c:\windows\system32\imgutil.dll
2011-06-02 13:05 . 2011-06-02 13:05        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2011-06-02 13:05 . 2011-06-02 13:05        448512        ----a-w-        c:\windows\system32\html.iec
2011-06-02 13:05 . 2011-06-02 13:05        420864        ----a-w-        c:\windows\SysWow64\vbscript.dll
2011-06-02 13:05 . 2011-06-02 13:05        367104        ----a-w-        c:\windows\SysWow64\html.iec
2011-06-02 13:05 . 2011-06-02 13:05        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2011-06-02 13:05 . 2011-06-02 13:05        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2011-06-02 13:05 . 2011-06-02 13:05        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2011-06-02 13:05 . 2011-06-02 13:05        222208        ----a-w-        c:\windows\system32\msls31.dll
2011-06-02 13:05 . 2011-06-02 13:05        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2011-06-02 13:05 . 2011-06-02 13:05        165888        ----a-w-        c:\windows\system32\iexpress.exe
2011-06-02 13:05 . 2011-06-02 13:05        160256        ----a-w-        c:\windows\system32\wextract.exe
2011-06-02 13:05 . 2011-06-02 13:05        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2011-06-02 13:05 . 2011-06-02 13:05        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2011-06-02 13:05 . 2011-06-02 13:05        1492992        ----a-w-        c:\windows\system32\inetcpl.cpl
2011-06-02 13:05 . 2011-06-02 13:05        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2011-06-02 13:05 . 2011-06-02 13:05        1427456        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2011-06-02 13:05 . 2011-06-02 13:05        1389056        ----a-w-        c:\windows\system32\wininet.dll
2011-06-02 13:05 . 2011-06-02 13:05        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2011-06-02 13:05 . 2011-06-02 13:05        12288        ----a-w-        c:\windows\system32\mshta.exe
2011-06-02 13:05 . 2011-06-02 13:05        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2011-06-02 13:05 . 2011-06-02 13:05        114176        ----a-w-        c:\windows\system32\admparse.dll
2011-06-02 13:05 . 2011-06-02 13:05        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2011-06-02 13:05 . 2011-06-02 13:05        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2011-05-25 04:26 . 2011-05-25 04:26        9359872        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2011-05-25 03:53 . 2011-05-25 03:53        23336960        ----a-w-        c:\windows\system32\atio6axx.dll
2011-05-25 03:31 . 2011-05-25 03:31        17940992        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2011-05-25 03:07 . 2011-05-25 03:07        151552        ----a-w-        c:\windows\system32\atiapfxx.exe
2011-05-25 03:07 . 2010-08-04 01:54        688128        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2011-05-25 03:06 . 2010-02-03 04:22        811008        ----a-w-        c:\windows\system32\aticfx64.dll
2011-05-25 03:04 . 2011-04-20 02:05        462848        ----a-w-        c:\windows\system32\ATIDEMGX.dll
2011-05-25 03:04 . 2011-05-25 03:04        485376        ----a-w-        c:\windows\system32\atieclxx.exe
2011-05-25 03:03 . 2011-05-25 03:03        204288        ----a-w-        c:\windows\system32\atiesrxx.exe
2011-05-25 03:02 . 2011-05-25 03:02        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2011-05-25 03:02 . 2011-04-20 02:02        423424        ----a-w-        c:\windows\system32\atipdl64.dll
2011-05-25 03:02 . 2011-05-25 03:02        356352        ----a-w-        c:\windows\SysWow64\atipdlxx.dll
2011-05-25 03:02 . 2011-05-25 03:02        278528        ----a-w-        c:\windows\SysWow64\Oemdspif.dll
2011-05-25 03:01 . 2011-05-25 03:01        16384        ----a-w-        c:\windows\system32\atimuixx.dll
2011-05-25 03:01 . 2011-05-25 03:01        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2011-05-25 03:01 . 2011-05-25 03:01        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2011-05-25 03:00 . 2011-05-25 03:00        1113088        ----a-w-        c:\windows\system32\atiumd6v.dll
2011-05-25 02:59 . 2011-05-25 02:59        1828864        ----a-w-        c:\windows\SysWow64\atiumdmv.dll
2011-05-25 02:59 . 2011-04-20 01:40        3810816        ----a-w-        c:\windows\system32\atiumd6a.dll
2011-05-25 02:58 . 2011-01-26 22:49        4219904        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2011-05-25 02:50 . 2010-08-04 01:21        4017152        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2011-05-25 02:49 . 2009-08-14 02:03        5008384        ----a-w-        c:\windows\system32\atidxx64.dll
2011-05-25 02:47 . 2011-05-25 02:47        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2011-05-25 02:47 . 2011-05-25 02:47        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2011-05-25 02:47 . 2011-05-25 02:47        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2011-05-25 02:47 . 2011-05-25 02:47        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2011-05-25 02:47 . 2011-05-25 02:47        8489472        ----a-w-        c:\windows\system32\aticaldd64.dll
2011-05-25 02:43 . 2011-05-25 02:43        6847488        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2011-05-25 02:39 . 2010-08-04 01:28        4330496        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2011-05-25 02:38 . 2011-05-25 02:38        53760        ----a-w-        c:\windows\system32\atimpc64.dll
2011-05-25 02:38 . 2011-05-25 02:38        53760        ----a-w-        c:\windows\system32\amdpcom64.dll
2011-05-25 02:38 . 2011-05-25 02:38        52736        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2011-05-25 02:38 . 2011-05-25 02:38        52736        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2011-05-25 02:33 . 2011-04-20 01:31        5486592        ----a-w-        c:\windows\system32\atiumd64.dll
2011-05-25 02:26 . 2011-04-20 01:23        366592        ----a-w-        c:\windows\system32\atiadlxx.dll
2011-05-25 02:26 . 2011-05-25 02:26        262144        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2011-05-25 02:26 . 2011-05-25 02:26        14848        ----a-w-        c:\windows\system32\atig6pxx.dll
2011-05-25 02:26 . 2011-05-25 02:26        12800        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2011-05-25 02:26 . 2011-05-25 02:26        12800        ----a-w-        c:\windows\system32\atiglpxx.dll
2011-05-25 02:25 . 2011-05-25 02:25        39936        ----a-w-        c:\windows\system32\atig6txx.dll
2011-05-25 02:25 . 2011-05-25 02:25        32768        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2011-05-25 02:25 . 2011-05-25 02:25        309760        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2011-05-25 02:24 . 2010-02-03 03:23        40960        ----a-w-        c:\windows\system32\atiuxp64.dll
2011-05-25 02:24 . 2011-01-26 22:12        31744        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2011-05-25 02:24 . 2011-04-20 01:21        38912        ----a-w-        c:\windows\system32\atiu9p64.dll
2011-05-25 02:24 . 2010-08-04 01:14        29184        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2011-05-25 02:24 . 2011-05-25 02:24        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2011-05-25 02:19 . 2010-02-03 03:23        58880        ----a-w-        c:\windows\system32\coinst.dll
2011-05-24 17:14 . 2011-01-05 12:38        270720        ------w-        c:\windows\system32\MpSigStub.exe
2011-05-10 06:06 . 2011-05-10 06:06        51712        ----a-w-        c:\windows\system32\drivers\usbaapl64.sys
2011-05-10 06:06 . 2011-05-10 06:06        4517664        ----a-w-        c:\windows\system32\usbaaplrc.dll
2011-05-04 23:28 . 2011-05-04 23:28        59904        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2011-05-04 23:27 . 2011-05-04 23:27        51712        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2011-05-04 23:27 . 2011-05-04 23:27        12385280        ----a-w-        c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((  SnapShot@2011-07-22_10.43.46  )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-17 10:04 . 2011-07-22 15:42        44604              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-07-22 15:42        30206              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-07-22 10:16        30206              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-07-22 10:14 . 2011-07-22 10:14        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-07-22 15:41 . 2011-07-22 15:41        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-07-22 10:14 . 2011-07-22 10:14        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-07-22 15:41 . 2011-07-22 15:41        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2011-07-22 09:28        718322              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-07-22 14:57        718322              c:\windows\system32\perfh009.dat
- 2009-07-14 17:58 . 2011-07-22 09:28        763004              c:\windows\system32\perfh007.dat
+ 2009-07-14 17:58 . 2011-07-22 14:57        763004              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2011-07-22 14:57        146344              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-07-22 09:28        146344              c:\windows\system32\perfc009.dat
- 2009-07-14 17:58 . 2011-07-22 09:28        173390              c:\windows\system32\perfc007.dat
+ 2009-07-14 17:58 . 2011-07-22 14:57        173390              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2011-07-22 10:13        288116              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-07-22 15:40        288116              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-15 16:08 . 2011-07-22 15:40        17585188              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1883959509-1100553777-3490487425-1000-12288.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-06-15 15141768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-02-12 19968]
"AsioThk32Reg"="CTASIO.DLL" [2009-06-23 47104]
"AsioReg"="CTASIO.DLL" [2009-06-23 47104]
"StartCCC"="c:\program files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe" [2011-04-19 336384]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [x]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [x]
R3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [x]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [x]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [x]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [x]
R3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [x]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [x]
R3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files (x86)\D-Link\DWA-547 revA\jswpsapi.exe [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI\ATI.ACE\Fuel\Fuel.Service.exe [2011-04-19 365568]
R4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-30 79360]
R4 gupdate1c99b391020cf56;Google Update Service (gupdate1c99b391020cf56);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
R4 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-02 133104]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2010-09-17 430424]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 300(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-02 13:16]
.
2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-02 13:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://de.wikipedia.org/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {{D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - c:\progra~2\SC\\SECRET~1.EXE
TCP: DhcpNameServer = 192.168.2.99
FF - ProfilePath - c:\users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\
FF - prefs.js: browser.startup.homepage - hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1883959509-1100553777-3490487425-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:46,c9,89,2a,23,46,c5,32,89,bb,95,3a,57,3b,95,35,1b,6b,87,bc,31,74,06,
  3a,9f,53,26,eb,60,0c,e0,a2,6b,a6,7a,7b,a7,ea,1d,f1,4c,0e,6a,30,ee,3e,04,57,\
"??"=hex:b5,20,8e,e2,f8,b2,03,45,cb,82,f6,83,11,f6,05,52
.
[HKEY_USERS\S-1-5-21-1883959509-1100553777-3490487425-1000\Software\SecuROM\License information*]
"datasecu"=hex:29,d2,68,ac,c0,5c,81,95,c0,28,10,e9,64,f4,5e,fc,5a,51,ab,8e,bd,
  ad,19,6c,0c,85,9c,28,7a,6a,dc,14,32,bc,b4,46,d1,32,76,c0,09,00,6f,d3,3f,e4,\
"rkeysecu"=hex:ec,0c,61,b4,76,ee,7f,4e,07,5a,1d,14,1d,2a,b9,57
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10h.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-07-22  18:27:50 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-07-22 16:27
ComboFix2.txt  2011-07-22 11:02
ComboFix3.txt  2008-07-29 14:17
.
Vor Suchlauf: 18 Verzeichnis(se), 50.714.353.664 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 50.424.451.072 Bytes frei
.
- - End Of File - - E02308D849C238C361641BA56C71B475


Log von MBAM:

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7230

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.07.2011 18:34:13
mbam-log-2011-07-22 (18-34-13).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 177100
Laufzeit: 2 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Demian\AppData\Roaming\microsoft\internet explorer\quick launch\TS.lnk (Rogue.TotalSecurity) -> Quarantined and deleted successfully.

M-K-D-B 22.07.2011 19:42
Hallo Demian Saez,



Zitat:
Vorab:
Vielen Dank für deine Mühe!
Dafür bin ich ja da. :)
Bedanken kannst du dich am Ende der Bereinigung. Wir sind auf einem guten Weg. :daumenhoc



Ein paar Zwischenfragen:
Wie läuft dein Rechner derzeit?
Gibt es noch Probleme? Wenn ja, welche?




Schritt # 1: Systemscan mit OTL
  • Starte bitte OTL.exe.
  • Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
  • Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellten Fragen und
  • die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

Demian Saez 22.07.2011 20:00
Mein PC läuft einwandfrei, bis auf die Popups die der IE ständig startet - werden vom MBAM geblockt - und periodische Leistungseinbrüche bei hohen Grafikanwendungen (z.B. Eve Online). Beim Booten läd er das CCC (Catalyst
Control Center) nicht. Ich nehm mal an, dass der Virus das infiziert hat.
Ich hab noch nix neuinstalliert, da noch keine Anweisung von dir kam.
Das MS-Essentials hat bei einem vollständigen Scan 10 Fehler gefunden -
musste es vorzeitig abbrechen, weil du mir neue Anweisungen gabst.
Kann es mal über NAcht laufen lassen und ein Log hier posten - natürlich ohne
etwas zu löschen oder zu beseitigen - sofern das geht. Leider macht er sowas
teilweise selbstständig hab ich den Eindruck.

OTL lass ich morgen durchlaufen, ich bekomm gleich BEsuch.
Ich poste es alles morgen hier dann, sobald es durch ist.

M-K-D-B 22.07.2011 20:27
Hallo Demian Saez,



Zitat:
Zitat von Demian Saez (Beitrag 685894)
bis auf die Popups die der IE ständig startet - werden vom MBAM geblockt - und periodische Leistungseinbrüche bei hohen Grafikanwendungen (z.B. Eve Online). Beim Booten läd er das CCC (Catalyst
Control Center) nicht.
Auf deinem Rechner befindet sich wohl noch ein Teil der Malware.


Zitat:
Zitat von Demian Saez (Beitrag 685894)
Das MS-Essentials hat bei einem vollständigen Scan 10 Fehler gefunden -
musste es vorzeitig abbrechen, weil du mir neue Anweisungen gabst.
Kann es mal über NAcht laufen lassen und ein Log hier posten - natürlich ohne
etwas zu löschen oder zu beseitigen - sofern das geht. Leider macht er sowas
teilweise selbstständig hab ich den Eindruck.
Ja, kannst du machen. Poste auch das Logfile des Suchlaufs. Je mehr Informationen wir haben, desto besser.


Zitat:
Zitat von Demian Saez (Beitrag 685894)
OTL lass ich morgen durchlaufen, ich bekomm gleich BEsuch.
Ich poste es alles morgen hier dann, sobald es durch ist.
Ok, verstanden. :)

Demian Saez 23.07.2011 11:38
Moin... ich hab Schädel!!!

OTL ist durch und ergab folgende *.txts. Malwarebytes läuft gerade auch nochmal synchron zu MSSE. MSSE wird einige Stunden dauern. War gestern
zu platt mich daran zu erinnern, es zu starten .\

Code:
OTL Extras logfile created on: 23.07.2011 12:04:47 - Run 2
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Demian\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,63 Gb Available Physical Memory | 70,38% Memory free
16,00 Gb Paging File | 13,50 Gb Available in Paging File | 84,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 46,66 Gb Free Space | 15,65% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 14,80 Gb Free Space | 6,35% Space Free | Partition Type: NTFS
Drive E: | 186,30 Gb Total Space | 61,70 Gb Free Space | 33,12% Space Free | Partition Type: NTFS
 
Computer Name: DEMIAN-PC | User Name: Demian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11538652-E5E4-37F1-86D7-418871E45292}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{197B3774-B7E6-4D50-AD0D-7F99B1E264D2}" = Microsoft SQL Server System CLR Types (x64)
"{1ABF311C-6AA8-B234-196A-6DEE5A43E34A}" = ccc-utility64
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{7782916E-3D46-4F1F-AC4B-3FB9D17049F4}" = Microsoft Antimalware Service DE-DE Language Pack
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{8125F749-B244-4F7B-811E-532165C5F2D5}" = Microsoft SQL Server 2008 RsFx Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{8476A22A-405F-3DCB-96CA-D98C6418C89B}" = Microsoft Visual Studio 2010 Performance Collection Tools - DEU
"{8583E7E3-2237-4981-B957-E28E5E9AB678}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319
"{9F54AEBA-5A74-470E-B6F8-C9E828FF0488}" = Microsoft SQL Server 2008 Native Client
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A5957447-7367-4BC5-BE6E-D8CA8F386B48}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}" = Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
"{AD569236-7D43-BB31-BC99-E51E2DD85328}" = AMD Fuel
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B613A9BB-2B34-4824-A4BE-2427653D59D6}" = iTunes
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{CA0D2F09-F811-48D4-843E-C87696C6A9D9}" = Bonjour
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{CFF9D801-1EC4-B8F5-2CAB-4A1790C95A18}" = ATI Catalyst Install Manager
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E1C1D175-C23E-38F4-9AC1-ABE5167022CF}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F757A09E-71FB-B75D-20B1-B3E27CD8DEA1}" = WMV9/VC-1 Video Playback
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCAB9F73-BF5D-4E3D-92E7-B0F35C568F20}" = Microsoft Security Client DE-DE Language Pack
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"BC15EA930074932BB2C4B4493C9FD4EA95087D1A" = Windows-Treiberpaket - Nokia pccsmcfd  (10/12/2007 6.85.4.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"NVIDIA Drivers" = NVIDIA Drivers
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.3.11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{3CA5E31B-3294-4352-A7D7-A156763779E9}" = NavyFIELD Europa
"{3E4B349F-10B5-4586-9D99-489A90A8B228}" = Sid Meier's Civilization 4 - Warlords
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{4135C790-0387-36D7-9C2A-1B09A5900460}" = Microsoft Visual Studio 2010 Ultimate - DEU
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{6201BACA-81B5-8AB0-3B93-0F76BB6F4389}" = CCC Help English
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{720E93BE-744E-225B-786F-227C2677352F}" = Catalyst Control Center Graphics Previews Common
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v3
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_945" = Adobe Acrobat 9.4.5 - CPSID_83708
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.5 - Deutsch
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"{AFF8C8F4-E4BB-891F-8636-5E71F946C5B6}" = Catalyst Control Center InstallProxy
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB4BB3FD-684F-41BD-B08D-50ED0B2A24DF}" = DWA-547
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam Software
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E975F19C-C852-5DF8-BC76-E88359CB82DF}" = AMD VISION Engine Control Center
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F722E488-A5B5-47ff-AA9B-4DE6CE7914CA}" = Windows 7 Upgrade Advisor
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AtomSync" = AtomSync
"AudioCS" = Creative Audio-Systemsteuerung
"Blitzkrieg" = Blitzkrieg Mod
"Company of Heroes" = Company of Heroes
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"EVE" = EVE Online (remove only)
"EVEMon" = EVEMon
"Hamachi" = Hamachi 1.0.1.5
"Host OpenAL" = Host OpenAL
"InstallShield_{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty(R) - World at War(TM) 1.6 Patch
"InstallShield_{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty(R) - World at War(TM) 1.2 Patch
"InstallShield_{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty(R) - World at War(TM) 1.7 Patch
"InstallShield_{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"InstallShield_{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty(R) - World at War(TM) 1.4 Patch
"InstallShield_{AFAE2B15-89A0-4215-A030-F7B5B478886B}" = Call of Duty(R) - World at War(TM) 1.1 Patch
"InstallShield_{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty(R) - World at War(TM) 1.5 Patch
"InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}" = Call of Duty(R) - World at War(TM)
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"IrfanView" = IrfanView (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Maple 12" = Maple 12
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2010 Ultimate - DEU" = Microsoft Visual Studio 2010 Ultimate - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Mozilla Sunbird (0.9)" = Mozilla Sunbird (0.9)
"Mozilla Thunderbird (3.0)" = Mozilla Thunderbird (3.0)
"Mozilla Thunderbird (5.0)" = Mozilla Thunderbird (5.0)
"OpenAL" = OpenAL
"QtiPlot_is1" = QtiPlot 0.8.9
"Steam App 21970" = R.U.S.E
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Trillian" = Trillian
"Veoh Web Player Beta" = Veoh Web Player
"VLC media player" = VLC media player 1.1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"XviD MPEG4 Video Codec" = XviD MPEG4 Video Codec (remove only)
"Xvid_is1" = Xvid 1.2.1 final uninstall
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

Demian Saez 23.07.2011 11:42
Dieses andere Logfile ist wohl zu groß. Ich splitte es mal auf.

Code:
OTL logfile created on: 23.07.2011 12:04:47 - Run 2
OTL by OldTimer - Version 3.2.26.1    Folder = C:\Users\Demian\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,63 Gb Available Physical Memory | 70,38% Memory free
16,00 Gb Paging File | 13,50 Gb Available in Paging File | 84,42% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,09 Gb Total Space | 46,66 Gb Free Space | 15,65% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 14,80 Gb Free Space | 6,35% Space Free | Partition Type: NTFS
Drive E: | 186,30 Gb Total Space | 61,70 Gb Free Space | 33,12% Space Free | Partition Type: NTFS
 
Computer Name: DEMIAN-PC | User Name: Demian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.21 23:12:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Demian\Downloads\OTL.exe
PRC - [2011.07.06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.06.28 00:00:00 | 002,278,240 | ---- | M] (Cerulean Studios) -- C:\Program Files (x86)\Trillian\trillian.exe
PRC - [2011.06.21 22:08:43 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2009.07.20 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files (x86)\Logitech\SetPoint\x86\SetPoint32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.21 23:12:03 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Demian\Downloads\OTL.exe
MOD - [2011.07.09 10:47:46 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\msvcr80.dll
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
MOD - [2009.07.20 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files (x86)\Logitech\SetPoint\x86\lgscroll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.05.25 05:03:38 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.04.19 22:18:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Disabled | Stopped] -- C:\Program Files\ATI\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.11.11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010.11.11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.05.25 15:58:18 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.30 22:17:40 | 000,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009.09.10 16:47:07 | 000,068,096 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.07.16 18:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 12:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Disabled | Stopped] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008.04.07 10:17:30 | 000,430,592 | ---- | M] (Nokia.) [Disabled | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008.01.29 13:25:30 | 000,920,064 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2008.01.29 13:24:52 | 000,193,024 | ---- | M] () [Disabled | Stopped] -- C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.06 17:41:10 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011.05.25 06:26:56 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.05.25 04:25:42 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.04.01 05:07:54 | 004,184,672 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 300(UVC)
DRV:64bit: - [2011.04.01 05:06:22 | 000,341,856 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.03.30 20:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010.08.12 13:07:50 | 000,350,952 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2010.07.27 08:11:38 | 000,271,712 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2Mon)
DRV:64bit: - [2010.05.07 18:43:30 | 000,030,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LVPr2M64.sys -- (LVPr2M64)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.03.09 12:21:42 | 000,123,408 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010.02.08 15:17:00 | 000,021,832 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009.11.19 17:26:25 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.08.24 23:40:38 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009.08.24 23:40:37 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.23 18:37:04 | 001,483,264 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.23 14:41:18 | 000,294,936 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2009.06.23 14:41:08 | 000,259,608 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2009.06.23 14:40:58 | 001,360,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2009.06.23 14:40:46 | 000,147,480 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009.06.23 14:40:22 | 000,290,328 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009.06.23 14:40:10 | 000,016,920 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009.06.23 14:40:00 | 000,221,208 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009.06.23 14:39:26 | 000,866,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009.06.23 14:39:10 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009.06.23 14:35:48 | 000,141,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX.SYS)
DRV:64bit: - [2009.06.23 14:35:48 | 000,141,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTERFXFX.sys -- (CTERFXFX)
DRV:64bit: - [2009.06.23 14:35:40 | 000,680,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX.SYS)
DRV:64bit: - [2009.06.23 14:35:40 | 000,680,984 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTSBLFX.sys -- (CTSBLFX)
DRV:64bit: - [2009.06.23 14:35:26 | 000,706,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX.SYS)
DRV:64bit: - [2009.06.23 14:35:26 | 000,706,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTAUDFX.sys -- (CTAUDFX)
DRV:64bit: - [2009.06.23 14:35:14 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX.SYS)
DRV:64bit: - [2009.06.23 14:35:14 | 000,158,744 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\COMMONFX.sys -- (COMMONFX)
DRV:64bit: - [2009.06.17 18:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 18:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.05.06 03:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2008.09.26 10:55:00 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2007.09.17 16:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2007.02.13 17:45:20 | 000,123,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007.02.13 17:45:06 | 000,252,728 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007.02.13 17:44:56 | 001,571,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007.02.13 17:44:42 | 000,363,320 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007.02.13 17:44:28 | 000,190,264 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007.02.13 17:43:54 | 000,321,848 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007.02.13 17:43:44 | 000,219,448 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.wikipedia.org/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 0C 26 89 E3 9E CB 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.wikipedia.org/wiki/Wikipedia:Hauptseite"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {cd90bf73-20f6-44ef-993d-bb920303bd2e}:2.7.1.3
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.01 23:31:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.01 23:31:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.21 22:08:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.06.18 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010.12.16 01:09:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Sunbird 0.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Sunbird\plugins [2011.06.18 00:39:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Components: C:\Program Files (x86)\Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0\extensions\\Plugins: C:\Program Files (x86)\Thunderbird\plugins [2011.06.19 14:14:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.07.06 21:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.06.19 14:14:59 | 000,000,000 | ---D | M]
 
[2010.01.12 14:39:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Demian\AppData\Roaming\Mozilla\Extensions
[2010.01.12 14:39:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Demian\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.07.22 00:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\moveplayer@movenetworks.com
[2011.07.22 00:02:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Demian\AppData\Roaming\Mozilla\Sunbird\Profiles\1di5069d.default\extensions
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\Demian\AppData\Roaming\Mozilla\Sunbird\Profiles\1di5069d.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2011.05.17 00:01:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.01.05 19:54:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011.06.21 22:08:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.01.05 19:54:53 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2009.09.21 11:00:44 | 001,447,328 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\NpFv522.dll
[2011.03.30 19:57:21 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.03.30 19:57:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.03.30 19:57:21 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.03.30 19:57:21 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.03.30 19:57:21 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.03.30 19:57:21 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.22 17:41:52 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  File not found
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AsioReg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [AsioThk32Reg] C:\Windows\SysWow64\ctasio.dll (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: SecretCity 3DChat - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab (asusTek_sysctrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.99
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.07.06 12:50:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

Demian Saez 23.07.2011 11:43
Code:
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.22 22:19:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.07.22 22:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.07.22 22:18:59 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.07.22 21:52:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011.07.22 21:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011.07.22 18:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2011.07.22 18:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.07.22 18:36:54 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.22 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Demian\AppData\Roaming\Malwarebytes
[2011.07.22 18:30:22 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.22 18:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.22 18:30:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.22 18:30:18 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.22 18:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.22 18:29:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.07.22 16:58:15 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.07.22 11:32:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.07.22 11:32:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.07.22 11:32:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.07.22 11:20:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.22 11:06:30 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.21 23:59:22 | 000,000,000 | ---D | C] -- C:\Program Files\Ubisoft
[2011.07.13 23:38:26 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011.07.13 23:38:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 23:38:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011.07.13 23:38:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 23:38:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 23:38:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 23:38:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011.07.13 23:38:19 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011.07.13 23:38:18 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011.07.13 23:38:18 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011.07.13 23:38:18 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011.07.13 23:38:18 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011.07.13 23:38:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011.07.13 23:38:18 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011.07.13 23:38:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011.07.13 23:38:18 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011.07.13 23:38:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011.07.13 23:38:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011.07.13 23:38:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011.07.12 11:34:00 | 000,212,840 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011.07.12 11:34:00 | 000,096,104 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011.07.12 11:34:00 | 000,085,864 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011.07.12 11:34:00 | 000,061,288 | ---- | C] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011.07.12 11:20:54 | 000,178,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011.07.12 11:20:54 | 000,083,816 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011.07.12 11:20:54 | 000,073,064 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011.07.12 11:20:54 | 000,050,536 | ---- | C] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011.07.10 19:33:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.07.09 11:37:24 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.07.09 11:37:24 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.07.09 11:37:23 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.07.09 11:37:22 | 002,303,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.07.09 11:37:22 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9.dll
[2011.07.09 11:37:22 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.07.09 11:37:22 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.07.09 11:37:22 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.07.09 10:45:39 | 002,315,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tquery.dll
[2011.07.09 10:45:39 | 002,223,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssrch.dll
[2011.07.09 10:45:38 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tquery.dll
[2011.07.09 10:45:38 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssrch.dll
[2011.07.09 10:45:38 | 000,778,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssvp.dll
[2011.07.09 10:45:38 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssvp.dll
[2011.07.09 10:45:38 | 000,491,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssph.dll
[2011.07.09 10:45:38 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssph.dll
[2011.07.09 10:45:38 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mssphtb.dll
[2011.07.09 10:45:38 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchProtocolHost.exe
[2011.07.09 10:45:38 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mssphtb.dll
[2011.07.09 10:45:38 | 000,113,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SearchFilterHost.exe
[2011.07.09 10:45:38 | 000,075,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msscntrs.dll
[2011.07.09 10:45:37 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msscntrs.dll
[2011.07.09 10:45:33 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvinst.exe
[2011.07.09 10:45:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\devrtl.dll
[2011.07.09 10:45:30 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.06.30 09:56:07 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011.06.30 09:54:21 | 000,000,000 | ---D | C] -- C:\ATI
[2009.06.23 12:49:14 | 000,010,752 | ---- | C] ( ) -- C:\Windows\SysWow64\a3d.dll
[2009.06.23 12:20:00 | 000,010,240 | ---- | C] ( ) -- C:\Windows\SysWow64\killapps.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.23 11:46:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.23 08:40:43 | 000,009,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.23 08:40:43 | 000,009,536 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.22 22:19:25 | 000,001,789 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.22 18:42:47 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.07.22 18:42:27 | 001,828,300 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.07.22 18:42:27 | 000,765,132 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.22 18:42:27 | 000,720,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.22 18:42:27 | 000,174,418 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.22 18:42:27 | 000,147,372 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.22 18:36:50 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.22 18:36:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.22 18:36:25 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2011.07.22 18:36:22 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.22 18:30:22 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.22 17:41:52 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.07.22 17:05:08 | 000,001,286 | ---- | M] () -- C:\CF-Submit.htm
[2011.07.22 16:49:39 | 000,001,439 | ---- | M] () -- C:\Users\Demian\Desktop\ComboFix - Verknüpfung.lnk
[2011.07.21 23:15:10 | 000,000,020 | ---- | M] () -- C:\Users\Demian\defogger_reenable
[2011.07.14 10:39:05 | 082,274,152 | -H-- | M] () -- C:\Users\Demian\Desktop\ISK_3.0_Lite_Incursion.pdf
[2011.07.14 10:18:33 | 000,308,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.12 11:34:00 | 000,212,840 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssdX.dll
[2011.07.12 11:34:00 | 000,096,104 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dns-sd.exe
[2011.07.12 11:34:00 | 000,085,864 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\dnssd.dll
[2011.07.12 11:34:00 | 000,061,288 | ---- | M] (Apple Inc.) -- C:\Windows\SysNative\jdns_sd.dll
[2011.07.12 11:20:54 | 000,178,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssdX.dll
[2011.07.12 11:20:54 | 000,083,816 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dns-sd.exe
[2011.07.12 11:20:54 | 000,073,064 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\dnssd.dll
[2011.07.12 11:20:54 | 000,050,536 | ---- | M] (Apple Inc.) -- C:\Windows\SysWow64\jdns_sd.dll
[2011.07.09 11:10:00 | 001,821,122 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.06 07:21:21 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.07.02 21:39:23 | 025,402,635 | ---- | M] () -- C:\Users\Demian\ownloads
[2011.07.02 21:23:43 | 000,013,149 | ---- | M] () -- C:\Demian
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.22 22:19:25 | 000,001,789 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.07.22 18:42:15 | 000,001,903 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.07.22 18:30:22 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.22 17:05:08 | 000,001,286 | ---- | C] () -- C:\CF-Submit.htm
[2011.07.22 16:49:39 | 000,001,439 | ---- | C] () -- C:\Users\Demian\Desktop\ComboFix - Verknüpfung.lnk
[2011.07.22 11:32:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.22 11:32:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.22 11:32:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.22 11:32:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.22 11:32:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.07.22 10:10:26 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.07.21 23:15:09 | 000,000,020 | ---- | C] () -- C:\Users\Demian\defogger_reenable
[2011.07.14 10:36:30 | 082,274,152 | -H-- | C] () -- C:\Users\Demian\Desktop\ISK_3.0_Lite_Incursion.pdf
[2011.07.02 21:34:11 | 025,402,635 | ---- | C] () -- C:\Users\Demian\ownloads
[2011.07.02 21:23:43 | 000,013,149 | ---- | C] () -- C:\Demian
[2011.05.16 20:58:35 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011.05.05 01:28:10 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.04.01 05:07:02 | 010,877,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2011.04.01 05:07:02 | 000,102,744 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.04.01 05:06:56 | 000,331,608 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.02.20 03:47:42 | 001,828,300 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.02.06 16:47:46 | 000,113,020 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.08.20 18:51:06 | 000,000,272 | ---- | C] () -- C:\Windows\_delis32.ini
[2010.01.14 18:35:19 | 000,007,608 | -H-- | C] () -- C:\Users\Demian\AppData\Local\Resmon.ResmonCfg
[2009.12.17 18:54:06 | 000,002,528 | ---- | C] () -- C:\Users\Demian\AppData\Roaming\$_hpcst$.hpc
[2009.11.17 13:13:22 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.17 13:13:22 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.11.17 02:27:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.09.28 09:51:14 | 000,000,760 | ---- | C] () -- C:\Users\Demian\AppData\Roaming\setup_ldm.iss
[2009.09.16 19:49:26 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2009.08.26 06:29:28 | 000,150,016 | ---- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.23 13:29:50 | 000,049,719 | ---- | C] () -- C:\Windows\SysWow64\instwdm.ini
[2009.06.23 13:29:48 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\ctzapxx.ini
[2009.06.23 12:51:00 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CTBurst.dll
[2009.06.23 12:48:16 | 000,037,888 | ---- | C] () -- C:\Windows\SysWow64\psconv.exe
[2009.06.23 12:28:48 | 000,386,852 | ---- | C] () -- C:\Windows\SysWow64\ctdnlstr.dat
[2009.06.23 12:28:48 | 000,051,787 | ---- | C] () -- C:\Windows\SysWow64\ctdlang.dat
[2009.06.23 12:20:06 | 000,005,120 | ---- | C] () -- C:\Windows\SysWow64\enlocstr.exe
[2009.06.23 11:20:08 | 000,313,207 | ---- | C] () -- C:\Windows\SysWow64\ctstatic.dat
[2009.06.23 11:20:08 | 000,053,932 | ---- | C] () -- C:\Windows\SysWow64\ctdaught.dat
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.04.22 16:02:57 | 000,000,612 | ---- | C] () -- C:\Users\Demian\AppData\Roaming\AutoGK.ini
[2009.03.06 20:34:55 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini
[2009.03.06 17:11:31 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.01.25 23:10:48 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.01.14 03:47:24 | 000,001,436 | ---- | C] () -- C:\Windows\CfgHPSp.ini
[2009.01.14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg05Sp.ini
[2009.01.14 03:47:24 | 000,001,434 | ---- | C] () -- C:\Windows\Cfg04Sp.ini
[2009.01.14 03:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg03Sp.ini
[2009.01.14 03:47:24 | 000,001,091 | ---- | C] () -- C:\Windows\Cfg02Sp.ini
[2009.01.14 03:47:24 | 000,001,000 | ---- | C] () -- C:\Windows\Cfg01Sp.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPHp.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\CfgHPDO.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg05DO.ini
[2009.01.14 03:47:24 | 000,000,932 | ---- | C] () -- C:\Windows\Cfg04DO.ini
[2009.01.14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg05Hp.ini
[2009.01.14 03:47:24 | 000,000,930 | ---- | C] () -- C:\Windows\Cfg04Hp.ini
[2009.01.14 03:47:24 | 000,000,818 | ---- | C] () -- C:\Windows\Cfg01APR.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg03DO.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg02DO.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01Hp.ini
[2009.01.14 03:47:24 | 000,000,725 | ---- | C] () -- C:\Windows\Cfg01DO.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPRLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPFMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\CfgHPDI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg05DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg04DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg03DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02RLI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02FMi.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg02DI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01Mic.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01LI.ini
[2009.01.14 03:47:24 | 000,000,453 | ---- | C] () -- C:\Windows\Cfg01DI.ini
[2009.01.09 01:01:22 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008.12.17 21:40:23 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.12.13 01:21:13 | 000,000,031 | ---- | C] () -- C:\Windows\CTWave32.ini
[2008.12.13 01:01:28 | 000,000,061 | ---- | C] () -- C:\Windows\sbwin.ini
[2008.12.02 20:29:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2008.12.02 19:10:16 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.12.02 18:44:05 | 000,003,072 | ---- | C] () -- C:\Windows\SysWow64\CTXFIGER.DLL
[2008.12.02 18:28:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2008.10.29 03:41:09 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2007.08.13 21:45:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\ctmmactl.dll
[2007.04.12 08:10:28 | 000,105,728 | ---- | C] () -- C:\Windows\SysWow64\APOMgrH.dll
[2006.10.02 18:25:18 | 000,000,307 | ---- | C] () -- C:\Windows\SysWow64\KILL.INI

< End of report >

Demian Saez 23.07.2011 12:23
Folgende zwei Dinge hat MSSE gerade entdeckt:

Kategorie: Ausnutzen

Beschreibung: Dieses Programm ist gefährlich. Es nutzt die Sicherheitslücken eines Computers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Security Essentials hat Programme erkannt, die Ihre Privatsphäre gefährden oder Ihren Computer beschädigen könnten. Sie können auf die von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne sie zu entfernen (nicht empfohlen). Wählen Sie zum Zugreifen auf diese Dateien die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als Administrator an, oder bitten Sie den Sicherheitsadministrator um Unterstützung.

Elemente:
file:C:\Users\Demian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\51c6f34f-3d29b121->a.class

Lesen Sie im Internet weitere Informationen zu diesem Element.


Kategorie: Ausnutzen

Beschreibung: Dieses Programm ist gefährlich. Es nutzt die Sicherheitslücken eines Computers aus.

Empfohlene Aktion: Entfernen Sie diese Software unverzüglich.

Security Essentials hat Programme erkannt, die Ihre Privatsphäre gefährden oder Ihren Computer beschädigen könnten. Sie können auf die von diesen Programmen verwendeten Dateien weiterhin zugreifen, ohne sie zu entfernen (nicht empfohlen). Wählen Sie zum Zugreifen auf diese Dateien die Aktion "Zulassen" aus, und klicken Sie dann auf "Aktionen anwenden". Wenn diese Option nicht verfügbar ist, melden Sie sich als Administrator an, oder bitten Sie den Sicherheitsadministrator um Unterstützung.

Elemente:
file:C:\Users\Demian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\9f178a0-403c54e7->bingo/haskalu.class

Lesen Sie im Internet weitere Informationen zu diesem Element.

Er hat beide gelöscht.

Demian Saez 23.07.2011 13:08
MBAM-Log:

Code:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7232

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

23.07.2011 14:03:14
mbam-log-2011-07-23 (14-03-14).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 517468
Laufzeit: 1 Stunde(n), 46 Minute(n), 3 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

M-K-D-B 23.07.2011 13:13
Hallo Demian Saez,



vielen Dank für die Rückmeldung bezüglich Microsoft Security Essentials und Malwarebytes' Anti-Malware. :)


Kommen diese Werbungen nur wenn du bestimmte Seiten aufrufst oder ständig bzw. ununterbrochen?



Schritt # 1: Fix mit OTL
Code:
:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.defaultthis.engineName: "Veoh Web Player Customized Web Search"
[2011.07.22 00:05:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present

:commands
[Purity]
[Emptytemp]
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread




Schritt # 2: rKill verwenden
Downloade Dir bitte rKill ( by Grinler ) von einem dieser Downloadspiegel.und speichere die Datei auf dem Desktop.
  • Deaktiviere deine Anti- Viren- Software.
  • Starte das Tool mit Doppelklick
    Vista und Win7 User: Mit Rechtsklick "als Administrator starten".
  • Nun sollte ein schwarzes Fenster aufpoppen und dir zeigen, dass es läuft.
  • Wenn das nicht der Fall ist, lösche die vorhandene Version und benutz einen anderen Downloadlink.
  • Lass das Tool in Ruhe laufen
Sollte es bei keinem der aufgeführten Downloadlinks laufen, teile mir das bitte mit. rKill öffnet am Ende ein Logfile. Poste mir dieses bitte mit deiner nächsten Antwort.





Schritt # 3: Scan mit SuperAntiSpyware (SAS)
Downloade Dir bitte SUPERAntiSpyware FREE Edition
  • Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
  • Schließe alle Anwendungen inkl. Browser.
  • Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
  • Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
  • Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
  • Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
  • Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
  • Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
  • Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
  • Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
  • Bitte kopiere diesen Bericht hier in den Thread.




Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort
  • die Beantwortung der gestellten Frage,
  • das Logfile des OTL-Fix,
  • das Logfile von rKill und
  • das Logfile von SAS.

Demian Saez 23.07.2011 14:06
Die Internetexplorer-Popups kommen periodisch, ich würde sagen alle 7-10 Minuten. Scheinen keinen Trigger zu haben.

OTL-LOG:

Code:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Veoh Web Player Customized Web Search" removed from browser.search.defaultthis.engineName
Folder C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Demian
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1291273 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6742131 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 802 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 8,00 mb
 
 
OTL by OldTimer - Version 3.2.26.1 log created on 07232011_150056

Files\Folders moved on Reboot...
C:\Users\Demian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Demian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PIWBCX5A\ac3[1].htm moved successfully.

Registry entries deleted on Reboot...
Ich sehe gerade, dass da überall "0 Files deleted" steht. Das kommt daher, dass ich das PRogramm 2x laufen lies.
Beim ersten Mal hat es 2 Instanzen gestartet und ist dann abgekackt. Beim REboot hat es 267MB gelöscht ge-
habt und einiges an Dateien. Beim 2. Durchlauf ging es dann einwandfrei.


rkill-log:
Code:
This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 23.07.2011 at 15:08:00.
Operating System: Windows 7 Professional


Processes terminated by Rkill or while it was running:

C:\Windows\SysWOW64\rundll32.exe
C:\Windows\SysWOW64\grpconv.exe


Rkill completed on 23.07.2011 at 15:09:16.
Im Moment läuft das SuperAntiSpyware. 112 infizierte Dateien gefunden. Infekt: Adware.Tracking Cookie


Hier das erste Log von OTL:

Code:
All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "Veoh Web Player Customized Web Search" removed from browser.search.defaultthis.engineName
C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Demian\AppData\Roaming\Mozilla\Firefox\Profiles\49jqg3le.default\extensions\engine@conduit.com folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Recovery\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
->Temp folder emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Demian
->Temp folder emptied: 1409593 bytes
->Temporary Internet Files folder emptied: 29418142 bytes
->Java cache emptied: 29404188 bytes
->FireFox cache emptied: 138758933 bytes
->Apple Safari cache emptied: 6398976 bytes
->Flash cache emptied: 52143 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 92546 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 551876 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 82953846 bytes
 
Total Files Cleaned = 276,00 mb
 
 
OTL by OldTimer - Version 3.2.26.1 log created on 07232011_145003

Files\Folders moved on Reboot...
C:\Users\Demian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Windows\temp\TMP000204869A8A0390050352F9 not found!

Registry entries deleted on Reboot...

M-K-D-B 23.07.2011 15:09
Hallo Demian Saez,


poste bitte noch das Logfile von SAS.


Vielen Dank.

Demian Saez 23.07.2011 15:22
Kommt, sobald er fertig ist. Der läuft seit 1:05:31

M-K-D-B 23.07.2011 15:25
Zitat:
Zitat von Demian Saez (Beitrag 686084)
Kommt, sobald er fertig ist. Der läuft seit 1:05:31
Ich wollte dich nicht hetzen oder so. ;)
Lass SAS in Ruhe fertig machen, befolge die gepostete Anleitung und füge das Logfile abschließend hier ein. :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:39 Uhr.
Seite 2 von 5 1 2 34 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131