Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner win32.backdoor.papras/a (https://www.trojaner-board.de/88000-trojaner-win32-backdoor-papras-a.html)

dragan4210 11.07.2010 11:51
Trojaner win32.backdoor.papras/a
 
Hallo,
die neuste Ad-aware Version hat bei mir den Trojaner "win32.backdoor.papras/a" gefunden. Es kam dazu als beim Onlinebanking auf einmal ein Popup erschien welches mir sagte ich solle 20 Tan-Nummern eingeben. Da mir dies unsicher war, habe ich direkt mein Onlinekonto sperren lassen. Genauso meine Tanliste.
Sonstige Auffälligkeiten: Die Google-Suchleiste ist einfach weg. Mit der Suchleiste meine ich das Feld um die Suchwörter einzugeben auf Google.de, nicht die integrierte Suchleiste bei FF. Im IE wird sie noch angezeigt, in Firefox nicht. Hauptsächlich benutze ich FF zum surfen, kurz bevor sich das Ereignis beim Online-banking ergab, habe ich die FF4 Beta installiert, kurz benutzt und dann wieder liegen lassen.
Laut Ad-Aware ist die Software weg, Avast erkennt auch nichts. Ich bin heute von Antivir auf Avast umgestiegen. Meine eigentliche Frage ist ob der Virus KOMPLETT weg ist und ich nun weiterhin surfen kann oder doch lieber formatieren sollte. Ich würde mich sehr über eure Hilfe freuen!


Hier der Malwarebyte Bericht


Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4301

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.07.2010 12:30:48
mbam-log-2010-07-11 (12-30-48).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 132482
Laufzeit: 6 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Hier der RSIT-Bericht:

RSIT Logfile:
Code:
Logfile of random's system information tool 1.08 (written by random/random)
Run by D at 2010-07-11 12:34:44
Microsoft Windows 7 Ultimate 
System drive C: has 5 GB (14%) free of 36 GB
Total RAM: 2047 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:35:00, on 11.07.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\SmartCam\SmartCam.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\DXPServer.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\D\Desktop\RSIT.exe
C:\Program Files\trend micro\D.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = **://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\D\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - D:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7393 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-06-19 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2010-07-11 1615200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Anmelde-Hilfsprogramm - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2010-05-14 220208]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-03-17 8546848]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"AVG9_TRAY"=C:\PROGRA~2\AVG\AVG9\avgtray.exe [2010-07-11 2065760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-04-29 437584]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-06-20 35760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
C:\Program Files\Cyberlink\Shared files\brs.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
C:\Windows\VM_STI.EXE [2003-01-21 40960]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-06-03 1144104]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
C:\PROGRA~2\Eraser\Eraser.exe [2010-04-10 979344]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
C:\Program Files\Logitech\SetPointP\SetPoint.exe [2010-01-27 1312848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files\ICQ7.1\ICQ.exe [2010-06-08 133368]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe [2010-06-15 141624]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
C:\Program Files\ManyCam 2.4\ManyCam.exe [2010-04-21 1824040]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe [2010-07-02 671608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe [2009-11-11 1451520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
D:\Program Files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
D:\Program Files\Steam\Steam.exe [2010-06-17 1238352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2010-04-21 202256]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
C:\PROGRA~2\COMMON~1\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-07-11 12:34:47 ----D---- C:\Program Files\trend micro
2010-07-11 12:34:44 ----D---- C:\rsit
2010-07-11 12:23:33 ----D---- C:\Users\D\AppData\Roaming\Malwarebytes
2010-07-11 12:23:17 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-07-11 12:23:16 ----D---- C:\ProgramData\Malwarebytes
2010-07-11 12:23:16 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-07-11 12:23:16 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-07-11 12:17:23 ----D---- C:\Program Files\CCleaner
2010-07-11 09:17:30 ----A---- C:\Windows\system32\avgrsstx.dll
2010-07-11 09:17:28 ----A---- C:\Windows\system32\drivers\avgtdix.sys
2010-07-11 09:17:22 ----A---- C:\Windows\system32\drivers\avgldx86.sys
2010-07-11 09:17:20 ----A---- C:\Windows\system32\drivers\avgmfx86.sys
2010-07-11 09:17:19 ----D---- C:\Windows\system32\drivers\Avg
2010-07-11 09:14:54 ----D---- C:\ProgramData\avg9
2010-07-11 09:13:15 ----D---- C:\Program Files\AVG
2010-07-11 08:55:32 ----A---- C:\Windows\system32\lsdelete.exe
2010-07-11 08:48:33 ----A---- C:\Windows\system32\drivers\SBREDrv.sys
2010-07-11 08:36:44 ----D---- C:\Program Files\PC Connectivity Solution
2010-07-11 08:35:50 ----D---- C:\ProgramData\NokiaInstallerCache
2010-07-11 01:04:07 ----A---- C:\Windows\system32\drivers\Lbd.sys
2010-07-11 01:01:30 ----HDC---- C:\ProgramData\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
2010-07-11 01:01:12 ----D---- C:\ProgramData\Lavasoft
2010-07-11 01:01:12 ----D---- C:\Program Files\Lavasoft
2010-07-10 23:15:27 ----D---- C:\ProgramData\SecTaskMan
2010-07-10 23:15:24 ----D---- C:\Program Files\Security Task Manager
2010-07-10 22:42:41 ----D---- C:\ProgramData\Sun
2010-07-10 22:42:40 ----D---- C:\Program Files\Common Files\Java
2010-07-10 22:42:31 ----A---- C:\Windows\system32\deployJava1.dll
2010-07-08 22:28:12 ----A---- C:\Windows\system32\drivers\cpuz133_x32.sys
2010-07-08 22:28:11 ----D---- C:\Program Files\CPUID
2010-07-08 01:15:39 ----D---- C:\Windows\system32\RTCOM
2010-07-08 01:15:20 ----A---- C:\Windows\system32\WavesLib.dll
2010-07-08 01:15:20 ----A---- C:\Windows\system32\SRSWOW.dll
2010-07-08 01:15:20 ----A---- C:\Windows\system32\SRSTSXT.dll
2010-07-08 01:15:20 ----A---- C:\Windows\system32\SRSTSHD.dll
2010-07-08 01:15:20 ----A---- C:\Windows\system32\SRSHP360.dll
2010-07-08 01:15:20 ----A---- C:\Windows\system32\drivers\RTKVHDA.sys
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RtkPgExt.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RtkCoInst.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RtkApoApi.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RtkAPO.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RTEEP32A.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RTEEL32A.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RTEEG32A.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RTEED32A.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RP3DHT32.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\RP3DAA32.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\MaxxAudioEQ.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\MaxxAudioAPO20.dll
2010-07-08 01:15:19 ----A---- C:\Windows\system32\MaxxAudioAPO.dll
2010-07-08 01:15:18 ----D---- C:\Program Files\Realtek
2010-07-08 01:15:18 ----A---- C:\Windows\system32\FMAPO.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSVoiceClarityDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSSymmetryDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSS2SpeakerDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSS2HeadphoneDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSNeoPCDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSLimiterDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSLFXAPO.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSGFXAPONS.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSGFXAPO.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSGainCompensatorDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSBoostDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\DTSBassEnhancementDLL.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\AERTARen.dll
2010-07-08 01:15:18 ----A---- C:\Windows\system32\AERTACap.dll
2010-07-08 01:15:16 ----R---- C:\Windows\RtlExUpd.dll
2010-07-08 01:15:16 ----HD---- C:\Program Files\Temp
2010-07-07 22:27:17 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1
2010-06-28 17:58:51 ----A---- C:\Windows\system32\devil.dll
2010-06-28 17:58:51 ----A---- C:\Windows\system32\avisynth.dll
2010-06-28 17:58:48 ----A---- C:\Windows\system32\i420vfw.dll
2010-06-28 17:58:48 ----A---- C:\Windows\system32\AVSredirect.dll
2010-06-28 17:58:47 ----D---- C:\Program Files\AviSynth 2.5
2010-06-28 17:58:34 ----RSH---- C:\Windows\system32\nbDX.dll
2010-06-28 17:58:34 ----RSH---- C:\Windows\system32\msfDX.dll
2010-06-28 17:58:34 ----RSH---- C:\Windows\system32\flvDX.dll
2010-06-28 17:58:09 ----D---- C:\Program Files\eRightSoft
2010-06-28 17:48:20 ----D---- C:\Users\D\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-23 00:35:45 ----A---- C:\Windows\system32\shell32_backup_wti.dll
2010-06-23 00:35:45 ----A---- C:\Windows\system32\OobeFldr_backup_wti.dll
2010-06-23 00:35:45 ----A---- C:\Windows\system32\ExplorerFrame_backup_wti.dll
2010-06-23 00:35:45 ----A---- C:\Windows\explorer_backup_wti.exe
2010-06-23 00:35:44 ----A---- C:\Windows\UTP.exe
2010-06-23 00:19:53 ----D---- C:\Program Files\CodeGazer
2010-06-22 23:02:24 ----D---- C:\Program Files\iPod
2010-06-22 23:02:23 ----D---- C:\Program Files\iTunes
2010-06-22 23:00:32 ----D---- C:\Program Files\Bonjour
2010-06-22 19:00:04 ----D---- C:\Program Files\Common Files\Symantec Shared
2010-06-21 19:22:35 ----D---- C:\Windows\SISWare
2010-06-21 19:17:18 ----D---- C:\Program Files\CequenzeTech
2010-06-17 18:06:09 ----D---- C:\Windows\1C4551A64743409391E41477CD655043.TMP
2010-06-17 18:05:59 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-06-17 18:05:41 ----D---- C:\ProgramData\Media Center Programs
2010-06-17 17:42:52 ----D---- C:\Program Files\Common Files\BioWare
2010-06-17 15:54:01 ----D---- C:\Program Files\Common Files\Steam
2010-06-13 14:45:28 ----D---- C:\Program Files\DVDVideoSoft
2010-06-13 14:45:28 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-06-13 13:09:15 ----D---- C:\Windows\system32\appmgmt
2010-06-13 12:12:12 ----D---- C:\ProgramData\Symantec
2010-06-13 12:12:12 ----D---- C:\ProgramData\Norton
2010-06-13 12:12:09 ----D---- C:\ProgramData\NortonInstaller
2010-06-13 11:43:36 ----D---- C:\Users\D\AppData\Roaming\FreeScreenToVideo
2010-06-13 11:43:36 ----D---- C:\Program Files\Free Screen To Video
2010-06-13 11:42:20 ----D---- C:\Users\D\AppData\Roaming\ManyCam
2010-06-13 11:42:19 ----D---- C:\Program Files\ManyCam 2.4
2010-06-12 23:00:31 ----D---- C:\Program Files\Hotspot Shield
2010-06-12 22:41:14 ----N---- C:\Windows\vidcap32.Exe
2010-06-12 22:41:14 ----D---- C:\Windows\CatRoot
2010-06-12 22:41:14 ----A---- C:\Windows\VMCap.exe
2010-06-12 22:41:14 ----A---- C:\Windows\Vm_sti.exe
2010-06-12 22:41:14 ----A---- C:\Windows\system32\VM31bSTI.dll
2010-06-12 22:41:14 ----A---- C:\Windows\StillCap.exe
2010-06-12 22:41:14 ----A---- C:\Windows\amcap.exe
2010-06-12 22:41:13 ----D---- C:\Program Files\Vimicro
2010-06-12 22:41:13 ----A---- C:\Windows\system32\drivers\usbVM31b.sys

======List of files/folders modified in the last 1 months======

2010-07-11 12:34:47 ----RD---- C:\Program Files
2010-07-11 12:23:17 ----D---- C:\Windows\system32\drivers
2010-07-11 12:23:16 ----HD---- C:\ProgramData
2010-07-11 12:20:36 ----D---- C:\Users\D\AppData\Roaming\Media Player Classic
2010-07-11 12:20:31 ----D---- C:\Windows\debug
2010-07-11 12:20:31 ----D---- C:\Windows
2010-07-11 12:20:30 ----D---- C:\Windows\Temp
2010-07-11 11:58:32 ----D---- C:\Program Files\Ubisoft
2010-07-11 11:50:22 ----D---- C:\Windows\system32\config
2010-07-11 11:40:50 ----D---- C:\Windows\System32
2010-07-11 11:40:44 ----D---- C:\Windows\Tasks
2010-07-11 11:36:41 ----D---- C:\ProgramData\NVIDIA
2010-07-11 09:14:51 ----SHD---- C:\System Volume Information
2010-07-11 09:14:41 ----SHD---- C:\Windows\Installer
2010-07-11 09:12:26 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-07-11 09:09:11 ----D---- C:\Windows\system32\Tasks
2010-07-11 09:06:51 ----D---- C:\Windows\system32\catroot
2010-07-11 08:58:06 ----D---- C:\Windows\inf
2010-07-11 08:41:19 ----D---- C:\Windows\system32\drivers\UMDF
2010-07-11 08:37:37 ----D---- C:\Program Files\Common Files\Nokia
2010-07-11 08:36:48 ----DC---- C:\Windows\system32\DRVSTORE
2010-07-11 08:36:48 ----D---- C:\Windows\system32\DriverStore
2010-07-11 08:36:48 ----D---- C:\Windows\system32\catroot2
2010-07-11 08:36:21 ----D---- C:\Program Files\Nokia
2010-07-11 01:11:10 ----D---- C:\Windows\winsxs
2010-07-11 01:06:17 ----D---- C:\Windows\Prefetch
2010-07-11 01:04:20 ----D---- C:\Users\D\AppData\Roaming\ICQ
2010-07-10 22:42:40 ----D---- C:\Program Files\Common Files
2010-07-10 22:42:25 ----D---- C:\Program Files\Java
2010-07-10 19:17:28 ----D---- C:\Users\D\AppData\Roaming\vlc
2010-07-08 01:15:17 ----HD---- C:\Program Files\InstallShield Installation Information
2010-07-07 14:12:06 ----D---- C:\Mp3 Output
2010-06-28 17:58:45 ----RSD---- C:\Windows\Fonts
2010-06-27 18:33:55 ----D---- C:\Program Files\Messenger Plus! Live
2010-06-27 15:07:25 ----D---- C:\Program Files\Mozilla Firefox
2010-06-23 15:34:09 ----SD---- C:\Users\D\AppData\Roaming\Microsoft
2010-06-23 11:47:40 ----A---- C:\Windows\system32\themeui.dll
2010-06-23 11:47:39 ----A---- C:\Windows\system32\themeservice.dll
2010-06-23 11:47:38 ----A---- C:\Windows\system32\uxtheme.dll
2010-06-23 11:47:09 ----A---- C:\Windows\system32\uxtheme.dll.backup
2010-06-23 11:47:09 ----A---- C:\Windows\system32\themeui.dll.backup
2010-06-23 11:47:09 ----A---- C:\Windows\system32\themeservice.dll.backup
2010-06-22 23:05:52 ----D---- C:\ProgramData\Kaspersky Lab
2010-06-22 23:02:23 ----D---- C:\ProgramData\Apple Computer
2010-06-22 23:02:23 ----D---- C:\Program Files\Common Files\Apple
2010-06-22 22:59:14 ----D---- C:\Program Files\Safari
2010-06-22 21:27:45 ----D---- C:\Program Files\Eidos
2010-06-22 21:26:07 ----D---- C:\Program Files\Mozilla Thunderbird
2010-06-22 21:16:41 ----D---- C:\Program Files\Google
2010-06-22 21:12:15 ----D---- C:\ProgramData\CyberLink
2010-06-22 17:01:25 ----D---- C:\ProgramData\DivX
2010-06-22 16:54:42 ----D---- C:\Program Files\DivX
2010-06-22 16:06:16 ----D---- C:\Windows\system32\wdi
2010-06-17 17:03:01 ----D---- C:\Windows\ModemLogs
2010-06-13 14:50:34 ----AD---- C:\ProgramData\Temp
2010-06-13 13:20:32 ----D---- C:\Users\D\AppData\Roaming\PC Suite
2010-06-12 23:00:43 ----D---- C:\Hotspot Shield
2010-06-12 22:44:00 ----D---- C:\Windows\twain_32
2010-06-12 22:40:47 ----D---- C:\Program Files\Common Files\InstallShield
2010-06-12 13:38:46 ----D---- C:\Program Files\ICQ7.1

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Lbd;Lbd; C:\Windows\system32\DRIVERS\Lbd.sys [2010-06-21 64288]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-04-20 691696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\Windows\System32\Drivers\avgldx86.sys [2010-07-11 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\Windows\System32\Drivers\avgmfx86.sys [2010-07-11 29584]
R1 AvgTdiX;AVG Free Network Redirector; C:\Windows\System32\Drivers\avgtdix.sys [2010-07-11 243024]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R2 cpuz133;cpuz133; \??\C:\Windows\system32\drivers\cpuz133_x32.sys [2010-03-10 20968]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 BthEnum;Bluetooth-Auflistungsdienst; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth-Gerät (PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 58880]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2010-03-17 3041568]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-11-10 35984]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-11-10 37392]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2009-11-10 28560]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver; C:\Windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
R3 nmwcd;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmb.sys [2010-02-26 18176]
R3 nmwcdc;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbo.sys [2010-02-26 22528]
R3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
R3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2010-05-14 32768]
R3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2010-02-26 8192]
R3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2009-07-14 27648]
R3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2010-02-26 8192]
R3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S3 aa2jvpc8;aa2jvpc8; C:\Windows\system32\drivers\aa2jvpc8.sys []
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP-Bus-Filtertreiber; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BTHPORT;Bluetooth-Porttreiber; C:\Windows\System32\Drivers\BTHport.sys [2009-07-14 392704]
S3 E1G60;Intel(R) PRO/1000 NDIS 6-Adaptertreiber; C:\Windows\system32\DRIVERS\E1G60I32.sys [2009-07-14 118784]
S3 pfsvgae;pfsvgae; \??\C:\Users\D\AppData\Local\Temp\pfsvgae.sys [2010-09-02 31744]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP-Bus-Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 viaagp;VIA AGP-Bus-Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7-Prozessortreiber; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 ZSMC301b;ZSMC USB PC Camera; C:\Windows\System32\Drivers\usbVM31b.sys [2004-08-05 90532]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-06-10 144176]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2010-07-11 308136]
R2 Bonjour Service;Dienst "Bonjour"; C:\Program Files\Bonjour\mDNSResponder.exe [2010-05-18 345376]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 HotspotShieldService;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2010-05-25 248368]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2010-05-25 323632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-11 1352832]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2010-04-03 129640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
R3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2010-06-14 615936]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-02 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater; D:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2010-05-25 57640]
S3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2010-06-15 540472]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [2010-01-29 292944]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2010-06-17 395048]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------
--- --- ---


Teil 2:

[QUOTE]info.txtRSIT Logfile:
Code:
logfile of random's system information tool 1.08 2010-07-11 12:35:10

======Uninstall list======

-->MsiExec /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"
Ad-Aware-->"C:\ProgramData\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe" REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\ProgramData\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe
Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.3 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Apple Application Support-->MsiExec.exe /I{B2D328BE-45AD-4D92-96F9-2151490A203E}
Apple Mobile Device Support-->MsiExec.exe /I{85991ED2-010C-4930-96FA-52F43C2CE98A}
Apple Software Update-->MsiExec.exe /I{C41300B9-185D-475E-BFEC-39EF732F19B1}
Assassin's Creed II-->"C:\Program Files\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\setup.exe" -runfromtemp -l0x0007 -removeonly
AVG Free 9.0-->C:\Program Files\AVG\AVG9\setup.exe /UNINSTALL
Bonjour-->MsiExec.exe /X{0CB9668D-F979-4F31-B8B8-67FE90F929F8}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
Counter-Strike: Source-->"D:\Program Files\Steam\steam.exe" steam://uninstall/240
CPUID CPU-Z 1.54-->"C:\Program Files\CPUID\CPU-Z\unins000.exe"
DivX-Setup-->C:\ProgramData\DivX\Setup\DivXSetup.exe /uninstall /bundleGroupId divx.com
Dragon Age: Origins-->C:\Program Files\Common Files\BioWare\Uninstall Dragon Age.exe
Eraser 6.0.7.1893-->MsiExec.exe /I{38BA2875-D7AD-4611-ABA3-C385051ADF42}
eReg-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
EvilLyrics-->"C:\Program Files\EvilLyrics\uninst.exe"
Fallout 3-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{974C4B12-4D02-4879-85E0-61C95CC63E9E}\setup.exe" -l0x7  -removeonly
Free Audio CD Burner version 1.3-->"C:\Program Files\DVDVideoSoft\Free Audio CD Burner\unins000.exe"
Free Screen To Video V 1.2-->"C:\Program Files\Free Screen To Video\unins000.exe"
Free Video Dub version 1.7-->"C:\Program Files\DVDVideoSoft\Free Video Dub\unins000.exe"
Free YouTube to MP3 Converter version 3.5-->"C:\Program Files\DVDVideoSoft\Free YouTube to MP3 Converter\unins000.exe"
Freez FLV to MP3 Converter-->"C:\Program Files\Smallvideosoft\Freez FLV to MP3 Converter\unins000.exe"
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hotspot Shield 1.45-->C:\Program Files\Hotspot Shield\Uninstall.exe
ICQ7.1-->"C:\Program Files\InstallShield Installation Information\{71BFC818-0CED-42D6-9C87-5142918957EE}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
iTunes-->MsiExec.exe /I{7AB3A249-FB81-416B-917A-A2A10E74C503}
JDownloader-->C:\Program Files\JDownloader\uninstall.exe
K-Lite Mega Codec Pack 5.9.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
Logitech SetPoint 6.0-->C:\Program Files\Common Files\LogiShrd\SP6_Uninstall\setup.exe
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
ManyCam 2.4 (remove only)-->"C:\Program Files\ManyCam 2.4\uninstall.exe"
Messenger Plus! Live-->"C:\Program Files\Messenger Plus! Live\Uninstall.exe"
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Games for Windows - LIVE Redistributable-->MsiExec.exe /X{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}
Microsoft Games for Windows - LIVE-->MsiExec.exe /X{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}
Microsoft Office Access MUI (German) 2007-->MsiExec.exe /X{90120000-0015-0407-0000-0000000FF1CE}
Microsoft Office Enterprise 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall ENTERPRISE /dll OSETUP.DLL
Microsoft Office Enterprise 2007-->MsiExec.exe /X{90120000-0030-0000-0000-0000000FF1CE}
Microsoft Office Excel MUI (German) 2007-->MsiExec.exe /X{90120000-0016-0407-0000-0000000FF1CE}
Microsoft Office Groove MUI (German) 2007-->MsiExec.exe /X{90120000-00BA-0407-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (German) 2007-->MsiExec.exe /X{90120000-0044-0407-0000-0000000FF1CE}
Microsoft Office OneNote MUI (German) 2007-->MsiExec.exe /X{90120000-00A1-0407-0000-0000000FF1CE}
Microsoft Office Outlook MUI (German) 2007-->MsiExec.exe /X{90120000-001A-0407-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (German) 2007-->MsiExec.exe /X{90120000-0018-0407-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Italian) 2007-->MsiExec.exe /X{90120000-001F-0410-0000-0000000FF1CE}
Microsoft Office Proofing (German) 2007-->MsiExec.exe /X{90120000-002C-0407-0000-0000000FF1CE}
Microsoft Office Publisher MUI (German) 2007-->MsiExec.exe /X{90120000-0019-0407-0000-0000000FF1CE}
Microsoft Office Shared MUI (German) 2007-->MsiExec.exe /X{90120000-006E-0407-0000-0000000FF1CE}
Microsoft Office Word MUI (German) 2007-->MsiExec.exe /X{90120000-001B-0407-0000-0000000FF1CE}
Microsoft Outlook Hotmail Connector 32-Bit-->MsiExec.exe /X{95140000-0048-0407-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Web Platform Installer 2.0-->MsiExec.exe /X{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}
Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Mozilla Firefox (4.0b1)-->C:\Program Files\Mozilla Firefox 4.0 Beta 1\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{F1FDAA01-988C-423F-AC12-0D8F333943FD}
Nokia Ovi Suite Software Updater-->MsiExec.exe /X{A0D65C73-F2C5-432F-8788-90F8A2E99B98}
Nokia Ovi Suite-->C:\ProgramData\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
Nokia Ovi Suite-->MsiExec.exe /X{8070452B-15D6-4169-B9B9-FCC3B54588AD}
Nokia PC Suite-->C:\ProgramData\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_ger_web.exe
Nokia PC Suite-->MsiExec.exe /I{19DC9559-9C20-4A46-A67D-7ECBA52A2788}
NVIDIA Display Control Panel-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe DisplayControlPanel
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA PhysX-->MsiExec.exe /X{DEA314C4-0929-4250-BC92-98E4C105F28D}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
Ovi Desktop Sync Engine-->MsiExec.exe /X{2D10FC46-1D96-44C4-8855-85F21B9B011E}
OviMPlatform-->MsiExec.exe /I{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}
PC Connectivity Solution-->MsiExec.exe /I{29F563F4-8807-4496-8463-441EAA0E96AB}
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|12.0
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe"  -removeonly
RealUpgrade 1.0-->MsiExec.exe /I{F4F4F84E-804F-4E9A-84D7-C34283F0088F}
Safari-->MsiExec.exe /I{AFAC914D-9E83-4A89-8ABE-427521C82CCF}
ScummVM 1.1.0-->"C:\Program Files\ScummVM\unins000.exe"
Security Task Manager 1.7h-->C:\Program Files\Security Task Manager\Uninstal.exe "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager"
SmartCam -- Smart Phone Camera-->C:\Program Files\SmartCam\uninstall.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
SumatraPDF-->"C:\Program Files\SumatraPDF\uninstall.exe"
SUPER © Version 2010.bld.38 (May 2, 2010)-->C:\PROGRA~2\ERIGHT~1\SUPER\Setup.exe /remove /q0
Tom Clancy's Splinter Cell Conviction-->"C:\Program Files\InstallShield Installation Information\{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}\setup.exe" -runfromtemp -l0x0007 -removeonly
Ubisoft Game Launcher-->"C:\Program Files\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409  -removeonly
Uninstall 1.0.0.1-->"C:\Program Files\Common Files\DVDVideoSoft\unins000.exe"
VC80CRTRedist - 8.0.50727.4053-->MsiExec.exe /I{5EE7D259-D137-4438-9A5F-42F432EC0421}
VistaGlazz 2.0-->"C:\Program Files\CodeGazer\VistaGlazz\unins000.exe"
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\Windows\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=""
VLC media player 1.0.5-->C:\Program Files\VideoLAN\VLC\uninstall.exe
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)-->C:\PROGRA~2\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_x86_neutral_66865278b97741ee\nokbtmdm.inf
Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)-->C:\PROGRA~2\DIFX\270581355A767BF1\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_x86_neutral_1c66f9881bdc58ed\nokia_bluetooth.inf
Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)-->C:\PROGRA~2\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
ZSMC USB PC Camera-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}\Setup.exe" -l0x9

======Hosts File======

127.0.0.1      onlineconfigservice.ubi.com
127.0.0.1      orbitservice.ubi.com

======System event log======

Computer Name: WIN-P0DK7N90O4V
Event Code: 7036
Message: Dienst "Windows Search" befindet sich jetzt im Status "Beendet".
Record Number: 661
Source Name: Service Control Manager
Time Written: 20100209201019.953125-000
Event Type: Informationen
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 7040
Message: Der Starttyp des Diensts "Windows Search" wurde von Automatisch starten in Deaktiviert geändert.
Record Number: 660
Source Name: Service Control Manager
Time Written: 20100209201019.234375-000
Event Type: Informationen
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 104
Message: Die Protokolldatei "Setup" wurde gelöscht.
Record Number: 659
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100209201015.718750-000
Event Type: Informationen
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 104
Message: Die Protokolldatei "Application" wurde gelöscht.
Record Number: 658
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100209201015.687500-000
Event Type: Informationen
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 104
Message: Die Protokolldatei "System" wurde gelöscht.
Record Number: 657
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100209201015.687500-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: WIN-P0DK7N90O4V
Event Code: 6001
Message: Der Winlogon-Benachrichtigungsabonnent <GPClient> ist bei einem Benachrichtigungsereignis fehlgeschlagen.
Record Number: 214
Source Name: Microsoft-Windows-Winlogon
Time Written: 20100209201111.000000-000
Event Type: Warnung
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 12306
Message: Rearming für AppId = 55c92734-d682-4d71-983e-d6ec3f16059f erfolgreich, SkuId = (null) - 2 Verbleibende Rearm-Anzahl.
Record Number: 213
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20100209201106.000000-000
Event Type: Informationen
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 1003
Message: Windows Search wurde gestartet.

Record Number: 212
Source Name: Microsoft-Windows-Search
Time Written: 20100209201021.000000-000
Event Type: Informationen
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 1013
Message: Windows Search wurde normal beendet.

Record Number: 211
Source Name: Microsoft-Windows-Search
Time Written: 20100209201019.000000-000
Event Type: Informationen
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 103
Message: Windows (1676) Windows: Das Datenbankmodul hat die Instanz (0) beendet.
Record Number: 210
Source Name: ESENT
Time Written: 20100209201019.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: WIN-P0DK7N90O4V
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                WIN-P0DK7N90O4V$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7

Anmeldetyp:                        5

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x1cc
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Arbeitsstationsname:       
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                Advapi 
        Authentifizierungspaket:        Negotiate
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 220
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209201021.734375-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 4672
Message: Einer neuen Anmeldung wurden besondere Rechte zugewiesen.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7

Berechtigungen:                SeAssignPrimaryTokenPrivilege
                        SeTcbPrivilege
                        SeSecurityPrivilege
                        SeTakeOwnershipPrivilege
                        SeLoadDriverPrivilege
                        SeBackupPrivilege
                        SeRestorePrivilege
                        SeDebugPrivilege
                        SeAuditPrivilege
                        SeSystemEnvironmentPrivilege
                        SeImpersonatePrivilege
Record Number: 219
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209201021.531250-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                WIN-P0DK7N90O4V$
        Kontodomäne:                WORKGROUP
        Anmelde-ID:                0x3e7

Anmeldetyp:                        5

Neue Anmeldung:
        Sicherheits-ID:                S-1-5-18
        Kontoname:                SYSTEM
        Kontodomäne:                NT-AUTORITÄT
        Anmelde-ID:                0x3e7
        Anmelde-GUID:                {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
        Prozess-ID:                0x1cc
        Prozessname:                C:\Windows\System32\services.exe

Netzwerkinformationen:
        Arbeitsstationsname:       
        Quellnetzwerkadresse:        -
        Quellport:                -

Detaillierte Authentifizierungsinformationen:
        Anmeldeprozess:                Advapi 
        Authentifizierungspaket:        Negotiate
        Übertragene Dienste:        -
        Paketname (nur NTLM):        -
        Schlüssellänge:                0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
        - Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
        - Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
        - Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
        - Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 218
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209201021.531250-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 4738
Message: Ein Benutzerkonto wurde geändert.

Antragsteller:
        Sicherheits-ID:                S-1-5-21-1550820388-3956790355-961967751-500
        Kontoname:                Administrator
        Kontodomäne:                WIN-P0DK7N90O4V
        Anmelde-ID:                0x1a6b6

Zielkonto:
        Sicherheits-ID:                S-1-5-21-1550820388-3956790355-961967751-500
        Kontoname:                Administrator
        Kontodomäne:                WIN-P0DK7N90O4V

Geänderte Attribute:
        SAM-Kontoname:        -
        Anzeigename:                -
        Benutzerprinzipalname:        -
        Stammverzeichnis:                -
        Stammlaufwerk:                -
        Skriptpfad:                -
        Profilpfad:                -
        Benutzerarbeitsstationen:        -
        Letzte Kennwortänderung:        -
        Konto gültig bis:                -
        Primäre Gruppen-ID:        -
        Darf delegieren an:        -
        Alter Benutzerkontensteuerungswert:                0x211
        Neuer Benutzerkontensteuerungswert:                0x211
        Benutzerkontensteuerung:        -
        Benutzerparameter:        -
        SID-Verlauf:                -
        Anmeldezeiten:                -

Weitere Informationen:
        Berechtigungen:                -
Record Number: 217
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100209201015.796875-000
Event Type: Überwachung erfolgreich
User:

Computer Name: WIN-P0DK7N90O4V
Event Code: 1102
Message: Das Überwachungsprotokoll wurde gelöscht.
Subjekt:
        Sicherheits-ID:        S-1-5-21-1550820388-3956790355-961967751-500
        Kontoname:        Administrator
        Domänenname:        WIN-P0DK7N90O4V
        Anmelde-ID:        0x1a6b6
Record Number: 216
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100209201015.703125-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\PC Connectivity Solution\;c:\Program Files\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 23 Stepping 6, GenuineIntel
"PROCESSOR_REVISION"=1706
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"asl.log"=Destination=file;OnFirstLog=command,environment,parent

-----------------EOF-----------------
--- --- ---

cosinus 12.07.2010 12:12
Hallo und :hallo:

bitte nen Vollscan mit malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

dragan4210 12.07.2010 14:07
Hallo,
danke für die Antwort.
Noch 2 kurze Fragen:
1. Sollte ich alle meine Passwörter ändern wenn sichergestellt ist dass kein Virus mehr drauf ist und 2. wie kann das Problem mit Google gelöst werden? (Auf der Seite fehlt die Suchleiste, ich kann da nichts eingeben)

Hier das Anti-Malware:
Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4301

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.07.2010 15:00:20
mbam-log-2010-07-12 (15-00-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 244264
Laufzeit: 51 Minute(n), 6 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL:
OTL Logfile:
Code:
OTL logfile created on: 12.07.2010 13:33:47 - Run 1
OTL by OldTimer - Version 3.2.9.0    Folder = C:\Users\D\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,70 Gb Total Space | 4,11 Gb Free Space | 11,84% Space Free | Partition Type: NTFS
Drive D: | 431,06 Gb Total Space | 100,87 Gb Free Space | 23,40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: D-PC
Current User Name: D
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\D\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Users\D\Downloads\SmartTouch\SmartTouch.exe ()
PRC - C:\Program Files\SmartCam\SmartCam.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\D\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE ()
SRV - (HotspotShieldService) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.)
SRV - (DAUpdaterSvc) -- D:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe (BioWare)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pfsvgae) -- C:\Users\D\AppData\Local\Temp\pfsvgae.sys ()
DRV - (AvgTdiX) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (UsbserFilt) -- C:\Windows\System32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (upperdev) -- C:\Windows\System32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (nmwcdc) -- C:\Windows\System32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia)
DRV - (LUsbFilt) -- C:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC-Seriellschnittstellentreiber (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) Brother MFC-nur-Fax-Modem (USB) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) Brother MFC-WDM-Treiber (USB,seriell) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) Brother WDM-Treiber (seriell) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (ManyCam) -- C:\Windows\System32\drivers\ManyCam.sys (ManyCam LLC.)
DRV - (ZSMC301b) -- C:\Windows\System32\drivers\usbVM31b.sys (VM)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E8 BB 5F A4 F3 20 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: anttoolbar@ant.com:2.0.1
FF - prefs.js..extensions.enabledItems: {1dbc4a33-ea62-4330-966c-7bdad3455322}:1.0.6.7
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: {00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}:0.7.2
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.07.11 09:16:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.11 14:25:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.11 14:25:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.11 08:37:09 | 000,000,000 | ---D | M]
 
[2010.05.21 21:03:43 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\mozilla\Extensions
[2010.05.21 21:03:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.07.11 17:35:25 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\mozilla\Firefox\Profiles\fmgmemdx.default\extensions
[2010.04.17 16:23:04 | 000,000,000 | ---D | M] (MacOSX Theme) -- C:\Users\D\AppData\Roaming\mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{00352F14-3F76-4e4d-ACFF-9972D7E4B3B9}
[2010.05.09 13:01:13 | 000,000,000 | ---D | M] (Remove It Permanently) -- C:\Users\D\AppData\Roaming\mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{1dbc4a33-ea62-4330-966c-7bdad3455322}
[2010.04.17 16:24:08 | 000,000,000 | ---D | M] (Linkification) -- C:\Users\D\AppData\Roaming\mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010.06.28 17:48:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\D\AppData\Roaming\mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.07.10 16:27:35 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\D\AppData\Roaming\mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.17 22:20:33 | 000,000,000 | ---D | M] -- C:\Users\D\AppData\Roaming\mozilla\Firefox\Profiles\fmgmemdx.default\extensions\anttoolbar@ant.com
[2010.07.11 14:25:59 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.05.16 00:02:24 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010.06.26 10:03:55 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.26 10:03:55 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.26 10:03:55 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.26 10:03:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.26 10:03:55 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.04.21 12:11:18 | 000,001,050 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      static3.cdn.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit.s3.amazonaws.com
O1 - Hosts: 127.0.0.1      onlineconfigservice.ubi.com
O1 - Hosts: 127.0.0.1      orbitservice.ubi.com
O1 - Hosts: 127.0.0.1      ubisoft-orbit-savegames.s3.amazonaws.com
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\D\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6fb09515-4c7a-11df-a226-0021853c4fa1}\Shell - "" = AutoRun
O33 - MountPoints2\{6fb09515-4c7a-11df-a226-0021853c4fa1}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.07.11 14:19:11 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.11 14:19:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.11 14:19:11 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.11 12:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.07.11 12:34:44 | 000,000,000 | ---D | C] -- C:\rsit
[2010.07.11 12:33:18 | 000,000,000 | ---D | C] -- C:\Users\D\Desktop\Neuer Ordner
[2010.07.11 12:23:33 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\Malwarebytes
[2010.07.11 12:23:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.07.11 12:23:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.07.11 12:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.07.11 12:23:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.07.11 12:17:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.07.11 09:17:30 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.07.11 09:17:28 | 000,243,024 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.07.11 09:17:22 | 000,216,400 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.07.11 09:17:20 | 000,029,584 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.07.11 09:17:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2010.07.11 09:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\avg9
[2010.07.11 09:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2010.07.11 08:48:33 | 000,095,024 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.07.11 08:36:44 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.07.11 08:35:50 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.07.11 01:04:07 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.07.11 01:03:49 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Local\Sunbelt Software
[2010.07.11 01:01:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
[2010.07.11 01:01:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.07.11 01:01:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010.07.10 23:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.07.10 23:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\Security Task Manager
[2010.07.10 22:42:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.10 22:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.07.10 22:42:31 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.08 22:28:12 | 000,020,968 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\cpuz133_x32.sys
[2010.07.08 22:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\CPUID
[2010.07.08 01:15:39 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM
[2010.07.08 01:15:20 | 003,041,568 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\drivers\RTKVHDA.sys
[2010.07.08 01:15:20 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll
[2010.07.08 01:15:20 | 000,551,456 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RTSndMgr.cpl
[2010.07.08 01:15:20 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll
[2010.07.08 01:15:20 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll
[2010.07.08 01:15:20 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll
[2010.07.08 01:15:20 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll
[2010.07.08 01:15:19 | 002,649,120 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkAPO.dll
[2010.07.08 01:15:19 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll
[2010.07.08 01:15:19 | 001,749,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkPgExt.dll
[2010.07.08 01:15:19 | 000,371,232 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkApoApi.dll
[2010.07.08 01:15:19 | 000,357,576 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll
[2010.07.08 01:15:19 | 000,311,568 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll
[2010.07.08 01:15:19 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll
[2010.07.08 01:15:19 | 000,293,584 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll
[2010.07.08 01:15:19 | 000,168,648 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll
[2010.07.08 01:15:19 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll
[2010.07.08 01:15:19 | 000,076,488 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll
[2010.07.08 01:15:19 | 000,062,664 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll
[2010.07.08 01:15:19 | 000,057,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\System32\RtkCoInst.dll
[2010.07.08 01:15:18 | 001,131,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll
[2010.07.08 01:15:18 | 000,961,296 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll
[2010.07.08 01:15:18 | 000,900,368 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll
[2010.07.08 01:15:18 | 000,448,272 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll
[2010.07.08 01:15:18 | 000,427,792 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll
[2010.07.08 01:15:18 | 000,405,776 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll
[2010.07.08 01:15:18 | 000,307,616 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll
[2010.07.08 01:15:18 | 000,290,064 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll
[2010.07.08 01:15:18 | 000,235,280 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll
[2010.07.08 01:15:18 | 000,223,504 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll
[2010.07.08 01:15:18 | 000,145,760 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTACap.dll
[2010.07.08 01:15:18 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll
[2010.07.08 01:15:18 | 000,103,696 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll
[2010.07.08 01:15:18 | 000,102,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll
[2010.07.08 01:15:18 | 000,096,160 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTARen.dll
[2010.07.08 01:15:18 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010.07.08 01:15:16 | 001,247,776 | R--- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.07.08 01:15:16 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp
[2010.07.07 22:27:17 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 1
[2010.07.01 13:35:11 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Local\Microsoft Games
[2010.06.28 17:58:51 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2010.06.28 17:58:51 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2010.06.28 17:58:48 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2010.06.28 17:58:47 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2010.06.28 17:58:35 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2010.06.28 17:58:35 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2010.06.28 17:58:35 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2010.06.28 17:58:35 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2010.06.28 17:58:35 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2010.06.28 17:58:35 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2010.06.28 17:58:34 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2010.06.28 17:58:34 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2010.06.28 17:58:34 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2010.06.28 17:58:34 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2010.06.28 17:58:34 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2010.06.28 17:58:34 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2010.06.28 17:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2010.06.28 17:48:20 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.06.23 00:35:45 | 012,866,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\shell32_backup_wti.dll
[2010.06.23 00:35:45 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer_backup_wti.exe
[2010.06.23 00:35:45 | 001,495,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ExplorerFrame_backup_wti.dll
[2010.06.23 00:35:45 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OobeFldr_backup_wti.dll
[2010.06.23 00:19:53 | 000,000,000 | ---D | C] -- C:\Program Files\CodeGazer
[2010.06.22 23:02:24 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010.06.22 23:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010.06.22 23:00:32 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010.06.22 19:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2010.06.21 19:22:35 | 000,000,000 | ---D | C] -- C:\Windows\SISWare
[2010.06.21 19:17:18 | 000,000,000 | ---D | C] -- C:\Program Files\CequenzeTech
[2010.06.17 18:25:22 | 000,000,000 | ---D | C] -- C:\Users\D\Documents\BioWare
[2010.06.17 18:06:09 | 000,000,000 | ---D | C] -- C:\Windows\1C4551A64743409391E41477CD655043.TMP
[2010.06.17 18:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010.06.17 18:05:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2010.06.17 17:42:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare
[2010.06.17 15:54:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Steam
[2010.06.13 14:49:49 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Local\Xenocode
[2010.06.13 14:45:38 | 000,000,000 | ---D | C] -- C:\Users\D\Documents\DVDVideoSoft
[2010.06.13 14:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2010.06.13 14:45:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2010.06.13 13:09:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.06.13 12:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.06.13 12:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.13 12:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.06.13 11:43:36 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\FreeScreenToVideo
[2010.06.13 11:43:36 | 000,000,000 | ---D | C] -- C:\Program Files\Free Screen To Video
[2010.06.13 11:42:20 | 000,000,000 | ---D | C] -- C:\Users\D\AppData\Roaming\ManyCam
[2010.06.13 11:42:19 | 000,000,000 | ---D | C] -- C:\Program Files\ManyCam 2.4
[2010.06.12 23:00:31 | 000,000,000 | ---D | C] -- C:\Program Files\Hotspot Shield
[2010.06.12 22:41:14 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\vidcap32.Exe
[2010.06.12 22:41:14 | 000,159,799 | ---- | C] (VM) -- C:\Windows\System32\VM31bPrp.Ax
[2010.06.12 22:41:14 | 000,147,456 | ---- | C] (VM) -- C:\Windows\VMCap.exe
[2010.06.12 22:41:14 | 000,061,440 | ---- | C] (VM) -- C:\Windows\System32\VM31bSTI.dll
[2010.06.12 22:41:14 | 000,053,248 | ---- | C] (VM) -- C:\Windows\StillCap.exe
[2010.06.12 22:41:14 | 000,040,960 | ---- | C] (VM.) -- C:\Windows\Vm_sti.exe
[2010.06.12 22:41:14 | 000,000,000 | ---D | C] -- C:\Windows\CatRoot
[2010.06.12 22:41:13 | 000,090,532 | ---- | C] (VM) -- C:\Windows\System32\drivers\usbVM31b.sys
[2010.06.12 22:41:13 | 000,000,000 | ---D | C] -- C:\Program Files\Vimicro
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.07.12 13:35:23 | 003,932,160 | -HS- | M] () -- C:\Users\D\NTUSER.DAT
[2010.07.12 13:27:00 | 000,001,086 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.07.12 10:00:02 | 061,903,785 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.07.12 09:21:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.07.11 17:38:01 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.07.11 14:26:01 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.11 14:19:02 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.07.11 14:19:02 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.07.11 14:19:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.07.11 14:19:02 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.07.11 12:32:45 | 000,339,991 | ---- | M] () -- C:\Users\D\Desktop\RSIT.exe
[2010.07.11 12:23:20 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.11 12:22:07 | 000,068,362 | ---- | M] () -- C:\Users\D\Documents\cc_20100711_122200.reg
[2010.07.11 12:17:24 | 000,000,965 | ---- | M] () -- C:\Users\D\Desktop\CCleaner.lnk
[2010.07.11 11:41:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.07.11 11:41:47 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.07.11 11:40:44 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.11 11:36:39 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.07.11 11:36:18 | 1610,059,776 | -HS- | M] () -- C:\hiberfil.sys
[2010.07.11 09:17:32 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010.07.11 09:17:32 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010.07.11 09:17:29 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010.07.11 09:17:23 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010.07.11 09:17:22 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010.07.11 09:17:20 | 000,113,461 | ---- | M] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010.07.11 09:12:26 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.11 09:12:26 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.11 09:12:26 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.11 09:12:26 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.11 09:12:26 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.11 08:48:32 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.07.11 08:41:21 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.07.11 08:40:58 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.11 08:38:31 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.11 01:01:28 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.10 21:17:35 | 000,010,240 | ---- | M] () -- C:\Users\D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.07.10 18:29:45 | 000,012,838 | ---- | M] () -- C:\Users\D\Desktop\Unidaten.docx
[2010.07.09 16:21:57 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.08 22:28:12 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010.07.07 21:58:34 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\Windows\System32\drivers\LNonPnP.sys
[2010.06.23 11:47:39 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll
[2010.06.23 11:47:37 | 000,252,680 | ---- | M] () -- C:\Windows\UTP.exe
[2010.06.23 11:47:09 | 002,755,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeui.dll.backup
[2010.06.23 11:47:09 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\uxtheme.dll.backup
[2010.06.23 11:47:09 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\themeservice.dll.backup
[2010.06.21 19:44:11 | 000,064,288 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.06.21 19:44:11 | 000,015,880 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2010.06.21 19:22:35 | 000,022,926 | ---- | M] () -- C:\Windows\spf.ico
[2010.06.21 19:22:35 | 000,022,486 | ---- | M] () -- C:\Windows\ssd.ico
[2010.06.21 19:22:35 | 000,022,486 | ---- | M] () -- C:\Windows\sisx.ico
[2010.06.21 19:22:35 | 000,022,486 | ---- | M] () -- C:\Windows\sis.ico
[2010.06.21 19:22:35 | 000,022,486 | ---- | M] () -- C:\Windows\pkg.ico
[2010.06.21 19:22:35 | 000,009,062 | ---- | M] () -- C:\Windows\swi.ico
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.07.11 14:26:01 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.11 12:32:45 | 000,339,991 | ---- | C] () -- C:\Users\D\Desktop\RSIT.exe
[2010.07.11 12:23:20 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.07.11 12:22:05 | 000,068,362 | ---- | C] () -- C:\Users\D\Documents\cc_20100711_122200.reg
[2010.07.11 12:17:24 | 000,000,965 | ---- | C] () -- C:\Users\D\Desktop\CCleaner.lnk
[2010.07.11 09:21:50 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.07.11 09:17:32 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\AVG Free 9.0.lnk
[2010.07.11 09:17:20 | 000,113,461 | ---- | C] () -- C:\Windows\System32\drivers\Avg\iavichjw.avm
[2010.07.11 09:17:19 | 061,903,785 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.07.11 08:55:32 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.07.11 08:41:21 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.07.11 08:40:58 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
[2010.07.11 08:38:31 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.11 01:01:28 | 000,001,108 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.07.09 16:21:57 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.07.08 22:28:12 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk
[2010.06.28 17:58:48 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.06.28 17:58:35 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2010.06.28 17:58:35 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2010.06.28 17:58:35 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2010.06.28 17:58:34 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2010.06.28 17:58:34 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2010.06.28 17:58:34 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2010.06.28 17:58:34 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2010.06.28 17:58:33 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2010.06.23 00:35:44 | 000,252,680 | ---- | C] () -- C:\Windows\UTP.exe
[2010.06.21 19:17:31 | 000,022,926 | ---- | C] () -- C:\Windows\spf.ico
[2010.06.21 19:17:31 | 000,022,486 | ---- | C] () -- C:\Windows\ssd.ico
[2010.06.21 19:17:31 | 000,022,486 | ---- | C] () -- C:\Windows\sisx.ico
[2010.06.21 19:17:31 | 000,022,486 | ---- | C] () -- C:\Windows\sis.ico
[2010.06.21 19:17:31 | 000,022,486 | ---- | C] () -- C:\Windows\pkg.ico
[2010.06.21 19:17:31 | 000,009,062 | ---- | C] () -- C:\Windows\swi.ico
[2010.06.12 22:41:14 | 000,049,152 | ---- | C] () -- C:\Windows\amcap.exe
[2010.05.06 17:01:08 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.06 17:01:08 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010.05.06 17:01:06 | 003,297,280 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2010.05.06 17:01:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.05.06 17:01:06 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2010.05.06 17:01:05 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2010.05.06 17:01:03 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010.05.06 17:01:03 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2010.04.28 11:07:36 | 008,676,883 | ---- | C] () -- C:\Windows\System32\mp3Media2.dll
[2010.04.26 18:20:38 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2010.04.20 14:43:18 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:66B13F37
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6152D44C
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 12.07.2010 13:33:47 - Run 1
OTL by OldTimer - Version 3.2.9.0    Folder = C:\Users\D\Downloads
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 54,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 34,70 Gb Total Space | 4,11 Gb Free Space | 11,84% Space Free | Partition Type: NTFS
Drive D: | 431,06 Gb Total Space | 100,87 Gb Free Space | 23,40% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: D-PC
Current User Name: D
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MIF5BA~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{38BA2875-D7AD-4611-ABA3-C385051ADF42}" = Eraser 6.0.7.1893
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{41E496B5-47F4-11D6-9BBB-00E0987BB2CD}" = ZSMC USB PC Camera
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0048-0407-0000-0000000FF1CE}" = Microsoft Outlook Hotmail Connector 32-Bit
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B67C01B3-8502-4BE7-AEAB-BBDE910AD3EE}" = Microsoft Web Platform Installer 2.0
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"7-Zip" = 7-Zip 4.65
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AVG9Uninstall" = AVG Free 9.0
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EvilLyrics" = EvilLyrics
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3
"Free Screen To Video_is1" = Free Screen To Video V 1.2
"Free Video Dub_is1" = Free Video Dub version 1.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5
"Freez FLV to MP3 Converter v1.5_is1" = Freez FLV to MP3 Converter
"HotspotShield" = Hotspot Shield 1.45
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.9.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.4 (remove only)
"Messenger Plus! Live" = Messenger Plus! Live
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealPlayer 12.0" = RealPlayer
"ScummVM_is1" = ScummVM 1.1.0
"Security Task Manager" = Security Task Manager 1.7h
"SmartCam" = SmartCam -- Smart Phone Camera
"SP6" = Logitech SetPoint 6.0
"Steam App 240" = Counter-Strike: Source
"SumatraPDF" = SumatraPDF
"SUPER ©" = SUPER © Version 2010.bld.38 (May 2, 2010)
"Uninstall_is1" = Uninstall 1.0.0.1
"VistaGlazz_is1" = VistaGlazz 2.0
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.07.2010 06:04:20 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:04:20 (OviSuite) - ERROR  - DAL_Plugin_PCCS,  Thread
  29, Line 168, .\Application\CDalPCCSDevice.cpp, CDalPCCSDevice::getHandle(): DAL
 failure detected: (102) converted from PCCS error [0x80100023: Device do not support
 operation] / DA_OpenCA / @ CDalPCCSDevice::getHandle (.\Application\CDalPCCSDevice.cpp:168)
 
Error - 11.07.2010 06:04:20 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:04:20 (OviSuite) - ERROR  - DAL_Plugin_PCCS,  Thread
  29, Line 168, .\Application\CDalPCCSDevice.cpp, CDalPCCSDevice::getHandle(): DAL
 failure detected: (0) converted from PCCS error [0x0: Ok] / DA_OpenCA / @ CDalPCCSDevice::getHandle
 (.\Application\CDalPCCSDevice.cpp:168)
 
Error - 11.07.2010 06:04:20 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:04:20 (OviSuite) - ERROR  - DAL_Plugin_PCCS,  Thread
  29, Line 168, .\Application\CDalPCCSDevice.cpp, CDalPCCSDevice::getHandle(): DAL
 failure detected: (0) converted from PCCS error [0x0: Ok] / DA_OpenCA / @ CDalPCCSDevice::getHandle
 (.\Application\CDalPCCSDevice.cpp:168)
 
Error - 11.07.2010 06:04:49 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:04:49 (OviSuite) - ERROR  - DashboardPlugin,  Thread
 GUI, Line 825, .\Application\DashboardView.cpp, CDashboardView::onNotifyWidgetCleared():
 Could not found pNotifyElement from m_listShowableElement
 
Error - 11.07.2010 06:04:49 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:04:49 (OviSuite) - ERROR  - DashboardPlugin,  Thread
 GUI, Line 825, .\Application\DashboardView.cpp, CDashboardView::onNotifyWidgetCleared():
 Could not found pNotifyElement from m_listShowableElement
 
Error - 11.07.2010 06:04:49 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:04:49 (OviSuite) - ERROR  - MapsPlugin,  Thread GUI,
 Line 482, .\Application\ItemsPane.cpp, CItemsPane::showItemsPaneNoData(): ShowItemsPaneNoData
 error 1013
 
Error - 11.07.2010 06:04:49 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:04:49 (OviSuite) - ERROR  - DashboardPlugin,  Thread
 GUI, Line 1106, .\Application\DashboardView.cpp, CDashboardView::addNotifyElementToShowableList():
 Could not found listAllElements.at(i) from the m_mapAllNotificationElements
 
Error - 11.07.2010 06:04:49 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:04:49 (OviSuite) - ERROR  - MapsPlugin,  Thread GUI,
 Line 482, .\Application\ItemsPane.cpp, CItemsPane::showItemsPaneNoData(): ShowItemsPaneNoData
 error 1010
 
Error - 11.07.2010 06:24:29 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:24:29 (OviSuite) - ERROR  - DashboardPlugin,  Thread
 GUI, Line 825, .\Application\DashboardView.cpp, CDashboardView::onNotifyWidgetCleared():
 Could not found pNotifyElement from m_listShowableElement
 
Error - 11.07.2010 06:24:29 | Computer Name = D-PC | Source = OviSuite | ID = 1
Description = 11/07/2010 12:24:29 (OviSuite) - ERROR  - MapsPlugin,  Thread GUI,
 Line 482, .\Application\ItemsPane.cpp, CItemsPane::showItemsPaneNoData(): ShowItemsPaneNoData
 error 999
 
[ System Events ]
Error - 07.07.2010 19:16:54 | Computer Name = D-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
 aktuellen Status gemeldet: 0
 
Error - 08.07.2010 09:14:18 | Computer Name = D-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom1.
 
Error - 09.07.2010 19:18:31 | Computer Name = D-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 10.07.2010 13:29:41 | Computer Name = D-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
 aktuellen Status gemeldet: 0
 
Error - 10.07.2010 17:47:07 | Computer Name = D-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.
 
Error - 10.07.2010 17:47:08 | Computer Name = D-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR9 gefunden.
 
Error - 10.07.2010 19:03:41 | Computer Name = D-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "Lavasoft Ad-Aware Service" ist als interaktiver Dienst
 gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste
 nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11.07.2010 02:19:41 | Computer Name = D-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?07.?2010 um 01:22:32 unerwartet heruntergefahren.
 
Error - 11.07.2010 02:36:47 | Computer Name = D-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "ServiceLayer" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 11.07.2010 03:06:48 | Computer Name = D-PC | Source = Service Control Manager | ID = 7016
Description = Der Dienst "NVIDIA Stereoscopic 3D Driver Service" hat einen ungültigen
 aktuellen Status gemeldet: 0
 
 
< End of report >
--- --- ---

cosinus 12.07.2010 14:27
Passwörter immer ändern wenn alles ok ist oder jetzt von einem garantiert sauberen System aus!
Das mit Google bekommen wir später in den Griff.
Hast Du zuvor schon mit Malwarebytes gescannt? Es hatte ja im ersten Log was Du gepostet hast keine Funde gehabt und das glaub ich nicht so ganz.

dragan4210 12.07.2010 14:29
Ja habe im 1. Pos gescannt und nach dem OTL-Scan nochmal einen vollen Scan durchgeführt.
BTW: Dieses Popup erscheint nicht mehr auf der Seite der Bank

cosinus 12.07.2010 14:30
Zitat:
Ja habe im 1. Pos gescannt und nach dem OTL-Scan nochmal einen vollen Scan durchgeführt.
Das weiß ich. Ich wollte wissen, ob Du davor schonmal Malwarebytes ausgeführt hat und wenn ja, ob und was es gefunden hat.

dragan4210 12.07.2010 14:31
Nein, das Programm habe ich beim erstellen des Themas zum 1. Mal genutzt.

cosinus 12.07.2010 14:43
Ok, das wollt ich wissen ;)

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
O33 - MountPoints2\{6fb09515-4c7a-11df-a226-0021853c4fa1}\Shell - "" = AutoRun
O33 - MountPoints2\{6fb09515-4c7a-11df-a226-0021853c4fa1}\Shell\AutoRun\command - "" = G:\autorun.exe -- File not found
[2010.06.23 11:47:37 | 000,252,680 | ---- | M] () -- C:\Windows\UTP.exe
@Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:66B13F37
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:6152D44C
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

dragan4210 12.07.2010 14:54
Zitat:
All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fb09515-4c7a-11df-a226-0021853c4fa1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fb09515-4c7a-11df-a226-0021853c4fa1}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6fb09515-4c7a-11df-a226-0021853c4fa1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6fb09515-4c7a-11df-a226-0021853c4fa1}\ not found.
File G:\autorun.exe not found.
C:\Windows\UTP.exe moved successfully.
ADS C:\ProgramData\Temp:66B13F37 deleted successfully.
ADS C:\ProgramData\Temp:6152D44C deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: D
->Temp folder emptied: 3609979751 bytes
->Temporary Internet Files folder emptied: 9589692 bytes
->Java cache emptied: 18091433 bytes
->FireFox cache emptied: 38376216 bytes
->Apple Safari cache emptied: 60694217 bytes
->Flash cache emptied: 5843 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 282724 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.564,00 mb


OTL by OldTimer - Version 3.2.9.0 log created on 07122010_154754

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Kleine Info: nach dem Neustart gab es nur einen schwarzen Bildschirm, der Log und die Maus und sonst nichts. Erst musste ich die Explorer.exe beenden und neustarten damit der Desktop und die Taskleiste angezeigt wird.

cosinus 12.07.2010 15:04
Ok, dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in smss.exe.
[IMG]http://saved.im/mtc0ntmzz2m4/smss.jpg[/IMG]
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte smss.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

dragan4210 12.07.2010 15:58
Alles gemacht, hier der Log:

Combofix Logfile:
Code:
ComboFix 10-07-11.05 - D 12.07.2010  16:28:42.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.2047.1073 [GMT 2:00]
ausgeführt von:: c:\users\D\Desktop\ComboFix.exe
 * Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\AVSredirect.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-06-12 bis 2010-07-12  ))))))))))))))))))))))))))))))
.

2010-07-12 14:34 . 2010-07-12 14:52        --------        d-----w-        c:\users\D\AppData\Local\temp
2010-07-12 14:34 . 2010-07-12 14:34        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-07-12 14:14 . 2010-07-12 14:14        --------        d-----w-        c:\program files\Conduit
2010-07-12 14:14 . 2010-07-12 14:14        --------        d-----w-        c:\program files\Winload
2010-07-12 14:13 . 2010-03-24 14:13        52224        ----a-w-        c:\users\D\AppData\Roaming\Mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\FFExternalAlert.dll
2010-07-12 14:13 . 2010-03-24 14:13        101376        ----a-w-        c:\users\D\AppData\Roaming\Mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCore.dll
2010-07-12 13:47 . 2010-07-12 13:47        --------        d-----w-        C:\_OTL
2010-07-11 10:34 . 2010-07-11 10:35        --------        d-----w-        c:\program files\trend micro
2010-07-11 10:34 . 2010-07-11 10:35        --------        d-----w-        C:\rsit
2010-07-11 10:23 . 2010-07-11 10:23        --------        d-----w-        c:\users\D\AppData\Roaming\Malwarebytes
2010-07-11 10:23 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-11 10:23 . 2010-07-11 10:23        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-07-11 10:23 . 2010-07-11 10:23        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-11 10:23 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-07-11 10:17 . 2010-07-12 14:14        --------        d-----w-        c:\program files\CCleaner
2010-07-11 07:17 . 2010-07-11 07:17        12536        ----a-w-        c:\windows\system32\avgrsstx.dll
2010-07-11 07:17 . 2010-07-11 07:17        243024        ----a-w-        c:\windows\system32\drivers\avgtdix.sys
2010-07-11 07:17 . 2010-07-11 07:17        216400        ----a-w-        c:\windows\system32\drivers\avgldx86.sys
2010-07-11 07:17 . 2010-07-11 07:17        29584        ----a-w-        c:\windows\system32\drivers\avgmfx86.sys
2010-07-11 07:17 . 2010-07-12 08:00        --------        d-----w-        c:\windows\system32\drivers\Avg
2010-07-11 07:14 . 2010-07-11 07:15        --------        d-----w-        c:\programdata\avg9
2010-07-11 07:13 . 2010-07-11 07:15        --------        d-----w-        c:\program files\AVG
2010-07-11 06:55 . 2010-06-21 17:44        15880        ----a-w-        c:\windows\system32\lsdelete.exe
2010-07-11 06:48 . 2010-07-11 06:48        95024        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2010-07-11 06:36 . 2010-07-11 06:36        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-07-11 06:35 . 2010-07-11 06:35        77824        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-11 06:35 . 2010-07-11 06:35        50000        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-11 06:35 . 2010-07-09 08:42        69222840        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-11 06:35 . 2010-07-11 06:35        --------        d-----w-        c:\programdata\NokiaInstallerCache
2010-07-10 23:04 . 2010-06-21 17:44        64288        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2010-07-10 23:03 . 2010-07-10 23:03        --------        d-----w-        c:\users\D\AppData\Local\Sunbelt Software
2010-07-10 23:01 . 2010-07-10 23:01        --------        dc-h--w-        c:\programdata\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}
2010-07-10 23:01 . 2010-06-21 17:52        2978768        -c--a-w-        c:\programdata\{90FF8911-FC06-4E49-8959-C3CF1CA226BB}\Ad-AwareInstall.exe
2010-07-10 23:01 . 2010-07-10 23:04        --------        d-----w-        c:\programdata\Lavasoft
2010-07-10 23:01 . 2010-07-10 23:01        --------        d-----w-        c:\program files\Lavasoft
2010-07-10 20:42 . 2010-07-10 20:42        --------        d-----w-        c:\program files\Common Files\Java
2010-07-10 20:42 . 2010-07-11 12:19        411368        ----a-w-        c:\windows\system32\deployJava1.dll
2010-07-08 20:28 . 2010-03-10 15:25        20968        ----a-w-        c:\windows\system32\drivers\cpuz133_x32.sys
2010-07-08 20:28 . 2010-07-08 20:28        --------        d-----w-        c:\program files\CPUID
2010-07-07 20:27 . 2010-07-12 13:49        --------        d-----w-        c:\program files\Mozilla Firefox 4.0 Beta 1
2010-07-01 11:35 . 2010-07-01 11:35        --------        d-----w-        c:\users\D\AppData\Local\Microsoft Games
2010-06-28 15:58 . 2009-09-27 07:39        369152        ----a-w-        c:\windows\system32\avisynth.dll
2010-06-28 15:58 . 2004-02-22 08:11        719872        ----a-w-        c:\windows\system32\devil.dll
2010-06-28 15:58 . 2004-01-24 22:00        70656        ----a-w-        c:\windows\system32\i420vfw.dll
2010-06-28 15:58 . 2010-06-28 15:58        --------        d-----w-        c:\program files\AviSynth 2.5
2010-06-28 15:58 . 2008-03-16 12:30        216064        --sh--r-        c:\windows\system32\nbDX.dll
2010-06-28 15:58 . 2007-02-21 10:47        31232        --sh--r-        c:\windows\system32\msfDX.dll
2010-06-28 15:58 . 2006-05-03 09:06        163328        --sh--r-        c:\windows\system32\flvDX.dll
2010-06-28 15:58 . 2010-06-28 15:58        --------        d-----w-        c:\program files\eRightSoft
2010-06-28 15:48 . 2010-06-28 15:48        --------        d-----w-        c:\users\D\AppData\Roaming\DVDVideoSoftIEHelpers
2010-06-22 22:35 . 2009-10-31 05:45        2614272        ----a-w-        c:\windows\explorer_backup_wti.exe
2010-06-22 22:35 . 2009-07-14 01:16        12866560        ----a-w-        c:\windows\system32\shell32_backup_wti.dll
2010-06-22 22:35 . 2009-07-14 01:16        859648        ----a-w-        c:\windows\system32\OobeFldr_backup_wti.dll
2010-06-22 22:35 . 2009-07-14 01:15        1495040        ----a-w-        c:\windows\system32\ExplorerFrame_backup_wti.dll
2010-06-22 22:19 . 2010-06-22 22:19        --------        d-----w-        c:\program files\CodeGazer
2010-06-22 21:02 . 2010-06-22 21:02        --------        d-----w-        c:\program files\iPod
2010-06-22 21:02 . 2010-06-22 21:02        --------        d-----w-        c:\program files\iTunes
2010-06-22 21:00 . 2010-06-22 21:00        --------        d-----w-        c:\program files\Bonjour
2010-06-22 20:59 . 2010-06-22 20:59        72504        ----a-w-        c:\programdata\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-22 20:58 . 2010-06-22 20:58        71992        ----a-w-        c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-22 19:52 . 2010-07-09 08:42        69222840        ----a-w-        c:\users\D\AppData\Roaming\Nokia\Ovi Suite\Software Updater\NokiaOviSuite2Installer.exe
2010-06-22 17:00 . 2010-06-22 17:00        --------        d-----w-        c:\program files\Common Files\Symantec Shared
2010-06-22 14:54 . 2010-06-22 14:54        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-06-22 14:54 . 2010-06-22 14:54        56997        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-06-22 14:54 . 2010-06-22 14:54        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-06-22 14:54 . 2010-06-22 14:54        57715        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe
2010-06-22 14:54 . 2010-06-22 14:54        54153        ----a-w-        c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-06-22 14:54 . 2010-06-22 14:54        54128        ----a-w-        c:\programdata\DivX\Converter\Uninstaller.exe
2010-06-22 14:54 . 2010-06-22 14:54        54644        ----a-w-        c:\programdata\DivX\TranscodeEngine\Uninstaller.exe
2010-06-22 14:54 . 2010-06-22 14:54        54101        ----a-w-        c:\programdata\DivX\MPEG2Plugin\Uninstaller.exe
2010-06-21 17:22 . 2010-06-21 17:22        --------        d-----w-        c:\windows\SISWare
2010-06-21 17:17 . 2010-06-22 19:27        --------        d-----w-        c:\program files\CequenzeTech
2010-06-17 16:05 . 2010-06-17 16:05        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-06-17 16:05 . 2010-06-17 16:05        --------        d-----w-        c:\programdata\Media Center Programs
2010-06-17 15:42 . 2010-06-17 16:05        --------        d-----w-        c:\program files\Common Files\BioWare
2010-06-17 13:54 . 2010-06-19 11:42        --------        d-----w-        c:\program files\Common Files\Steam
2010-06-13 12:49 . 2010-06-13 12:49        --------        d-----w-        c:\users\D\AppData\Local\Xenocode
2010-06-13 12:45 . 2010-06-28 15:48        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-06-13 12:45 . 2010-06-28 15:48        --------        d-----w-        c:\program files\DVDVideoSoft
2010-06-13 10:12 . 2010-06-22 19:26        --------        d-----w-        c:\programdata\Norton
2010-06-13 10:12 . 2010-06-22 19:26        --------        d-----w-        c:\programdata\Symantec
2010-06-13 10:12 . 2010-06-13 10:12        --------        d-----w-        c:\programdata\NortonInstaller
2010-06-13 09:43 . 2010-07-06 22:02        --------        d-----w-        c:\users\D\AppData\Roaming\FreeScreenToVideo
2010-06-13 09:43 . 2010-06-13 20:34        --------        d-----w-        c:\program files\Free Screen To Video
2010-06-13 09:42 . 2010-06-13 09:42        --------        d-----w-        c:\users\D\AppData\Roaming\ManyCam
2010-06-13 09:42 . 2010-06-13 09:42        --------        d-----w-        c:\program files\ManyCam 2.4
2010-06-12 21:00 . 2010-06-12 21:00        --------        d-----w-        c:\program files\Hotspot Shield
2010-06-12 20:41 . 2010-06-12 20:41        --------        d-----w-        c:\windows\CatRoot
2010-06-12 20:41 . 2003-05-15 15:17        61440        ----a-w-        c:\windows\system32\VM31bSTI.dll
2010-06-12 20:41 . 2003-01-21 13:19        40960        ----a-w-        c:\windows\Vm_sti.exe
2010-06-12 20:41 . 2002-09-24 19:14        49152        ----a-w-        c:\windows\amcap.exe
2010-06-12 20:41 . 2002-08-22 15:02        53248        ----a-w-        c:\windows\StillCap.exe
2010-06-12 20:41 . 2002-08-22 14:34        147456        ----a-w-        c:\windows\VMCap.exe
2010-06-12 20:41 . 2000-10-31 10:00        307200        ------w-        c:\windows\vidcap32.Exe
2010-06-12 20:41 . 2010-06-12 20:41        --------        d-----w-        c:\program files\Vimicro
2010-06-12 20:41 . 2004-08-05 16:05        90532        ----a-w-        c:\windows\system32\drivers\usbVM31b.sys

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-12 14:21 . 2010-04-16 17:01        --------        d-----w-        c:\programdata\NVIDIA
2010-07-11 21:25 . 2010-04-18 20:24        --------        d-----w-        c:\users\D\AppData\Roaming\ICQ
2010-07-11 10:20 . 2010-05-06 15:01        --------        d-----w-        c:\users\D\AppData\Roaming\Media Player Classic
2010-07-11 09:58 . 2010-04-21 10:09        --------        d-----w-        c:\program files\Ubisoft
2010-07-11 07:12 . 2009-07-14 08:47        643628        ----a-w-        c:\windows\system32\perfh007.dat
2010-07-11 07:12 . 2009-07-14 08:47        126188        ----a-w-        c:\windows\system32\perfc007.dat
2010-07-11 06:41 . 2010-07-11 06:41        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-11 06:40 . 2010-07-11 06:40        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-11 06:37 . 2010-04-21 12:26        --------        d-----w-        c:\program files\Common Files\Nokia
2010-07-11 06:36 . 2010-04-21 12:24        --------        d-----w-        c:\program files\Nokia
2010-07-10 21:16 . 2010-07-10 21:15        --------        d-----w-        c:\programdata\SecTaskMan
2010-07-10 20:42 . 2010-04-16 17:17        --------        d-----w-        c:\program files\Java
2010-07-10 17:17 . 2010-04-18 12:52        --------        d-----w-        c:\users\D\AppData\Roaming\vlc
2010-07-07 23:16 . 2010-07-07 23:15        --------        d--h--w-        c:\program files\Temp
2010-07-07 23:15 . 2010-07-07 23:15        --------        d-----w-        c:\program files\Realtek
2010-07-07 23:15 . 2010-04-18 20:24        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-07-07 19:58 . 2010-05-07 21:47        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2010-06-27 16:33 . 2010-04-18 14:46        --------        d-----w-        c:\program files\Messenger Plus! Live
2010-06-23 09:47 . 2009-07-13 23:39        2755072        ----a-w-        c:\windows\system32\themeui.dll
2010-06-23 09:47 . 2009-07-13 23:39        37376        ----a-w-        c:\windows\system32\themeservice.dll
2010-06-23 09:47 . 2009-07-13 23:40        249856        ----a-w-        c:\windows\system32\uxtheme.dll
2010-06-22 21:05 . 2010-05-15 22:01        --------        d-----w-        c:\programdata\Kaspersky Lab
2010-06-22 21:02 . 2010-04-21 13:57        --------        d-----w-        c:\programdata\Apple Computer
2010-06-22 21:02 . 2010-04-21 13:56        --------        d-----w-        c:\program files\Common Files\Apple
2010-06-22 20:59 . 2010-05-04 14:09        --------        d-----w-        c:\program files\Safari
2010-06-22 19:27 . 2010-04-26 16:17        --------        d-----w-        c:\program files\Eidos
2010-06-22 19:26 . 2010-05-21 19:03        --------        d-----w-        c:\program files\Mozilla Thunderbird
2010-06-22 19:16 . 2010-05-01 22:17        --------        d-----w-        c:\program files\Google
2010-06-22 19:12 . 2010-05-29 14:27        --------        d-----w-        c:\programdata\CyberLink
2010-06-22 19:09 . 2010-05-29 14:24        53319        ----a-w-        c:\programdata\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
2010-06-22 15:01 . 2010-05-07 19:42        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-22 15:01 . 2010-05-07 19:40        --------        d-----w-        c:\programdata\DivX
2010-06-22 14:54 . 2010-05-07 19:40        --------        d-----w-        c:\program files\DivX
2010-06-22 14:53 . 2010-05-07 19:42        895256        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-22 14:53 . 2010-05-07 19:42        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-06-13 11:43 . 2010-04-21 12:24        12212040        ----a-w-        c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-06-13 11:43 . 2010-04-21 12:24        13930312        ----a-w-        c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-06-13 11:43 . 2010-04-21 12:24        77824        ----a-w-        c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-06-13 11:43 . 2010-04-21 12:24        61440        ----a-w-        c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-06-13 11:43 . 2010-04-21 12:24        58880        ----a-w-        c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-06-13 11:43 . 2010-04-21 12:24        50000        ----a-w-        c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Installer\CommonCustomActions\pcswpc.exe
2010-06-13 11:20 . 2010-04-21 13:39        --------        d-----w-        c:\users\D\AppData\Roaming\PC Suite
2010-06-12 20:40 . 2010-05-07 11:05        --------        d-----w-        c:\program files\Common Files\InstallShield
2010-06-12 11:38 . 2010-04-18 20:24        --------        d-----w-        c:\program files\ICQ7.1
2010-06-11 19:27 . 2010-04-16 17:18        --------        d-----w-        c:\program files\JDownloader
2010-06-06 14:50 . 2010-06-06 14:50        --------        d-----w-        c:\program files\Eraser
2010-05-29 14:30 . 2010-05-29 14:30        --------        d-----w-        c:\users\D\AppData\Roaming\CyberLink
2010-05-29 14:28 . 2010-05-29 14:28        53319        ----a-w-        c:\programdata\Temp\{8C20787A-7402-4FA7-BF25-6E5750930FDC}\PostBuild.exe
2010-05-29 14:28 . 2010-05-29 14:24        29480        ----a-w-        c:\windows\system32\msxml3a.dll
2010-05-29 14:28 . 2010-04-21 10:56        505128        ----a-w-        c:\windows\system32\msvcp71.dll
2010-05-29 14:26 . 2010-05-29 14:26        --------        d-----w-        c:\program files\Common Files\CyberLink
2010-05-28 19:16 . 2010-05-04 20:05        --------        d-----w-        c:\users\D\AppData\Roaming\dvdcss
2010-05-24 14:14 . 2010-05-24 14:14        --------        d-----w-        c:\program files\SmartCam
2010-05-22 04:18 . 2010-05-22 04:18        --------        d-----w-        c:\program files\MSECache
2010-05-21 19:03 . 2010-05-21 19:03        --------        d-----w-        c:\users\D\AppData\Roaming\Thunderbird
2010-05-21 11:47 . 2010-04-21 13:41        --------        d-----w-        c:\users\D\AppData\Roaming\Nokia
2010-05-21 11:47 . 2010-04-21 12:25        --------        d-----w-        c:\program files\DIFX
2010-05-21 11:46 . 2010-05-21 11:46        --------        d-----w-        c:\program files\Common Files\PCSuite
2010-05-21 11:46 . 2010-05-21 11:46        95232        ----a-w-        c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-21 11:46 . 2010-05-21 11:46        8192        ----a-w-        c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstCCD.exe
2010-05-21 11:46 . 2010-05-21 11:46        61440        ----a-w-        c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-21 11:46 . 2010-05-21 11:46        10240        ----a-w-        c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-21 11:45 . 2010-05-21 11:45        --------        d-----w-        c:\programdata\Installations
2010-05-21 11:45 . 2010-05-21 11:46        34503088        ----a-w-        c:\programdata\Installations\{19DC9559-9C20-4A46-A67D-7ECBA52A2788}\Nokia_PC_Suite_ger_web.exe
2010-05-18 14:35 . 2010-05-18 14:35        91424        ----a-w-        c:\windows\system32\dnssd.dll
2010-05-18 14:35 . 2010-05-18 14:35        107808        ----a-w-        c:\windows\system32\dns-sd.exe
2010-05-15 22:38 . 2010-05-15 22:38        --------        d-----w-        c:\users\Default\AppData\Roaming\Apple Computer
2010-05-15 22:25 . 2010-05-15 22:24        --------        d-----w-        c:\programdata\Comodo Downloader
2010-05-14 16:57 . 2010-04-16 15:17        108824        ----a-w-        c:\users\D\AppData\Local\GDIPFONTCACHEV1.DAT
2010-05-14 15:38 . 2010-04-25 14:13        --------        d-----w-        c:\programdata\Microsoft Help
2010-05-14 15:36 . 2010-05-14 15:36        --------        d-----w-        c:\program files\Microsoft Works
2010-05-14 15:36 . 2009-07-14 04:52        --------        d-----w-        c:\program files\MSBuild
2010-05-14 15:35 . 2010-05-14 15:35        --------        d-----w-        c:\program files\Microsoft.NET
2010-05-14 15:33 . 2010-05-14 15:33        --------        d-----w-        c:\program files\Microsoft Visual Studio 8
2010-05-13 22:22 . 2010-05-13 12:15        --------        d-----w-        c:\users\D\AppData\Roaming\SumatraPDF
2010-05-13 22:05 . 2010-05-13 22:05        32768        ----a-w-        c:\windows\system32\drivers\taphss.sys
2010-05-13 18:55 . 2010-05-07 19:42        --------        d-----w-        c:\users\D\AppData\Roaming\DivX
2010-05-07 21:47 . 2010-05-07 21:47        53248        ----a-r-        c:\users\D\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2010-05-07 19:41 . 2010-05-07 19:41        84040        ----a-w-        c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        57609        ----a-w-        c:\programdata\DivX\MFComponents\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        57054        ----a-w-        c:\programdata\DivX\DSDesktopComponents\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        57532        ----a-w-        c:\programdata\DivX\DSASPDecoder\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        54166        ----a-w-        c:\programdata\DivX\DSAVCDecoder\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        56458        ----a-w-        c:\programdata\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        54174        ----a-w-        c:\programdata\DivX\DSAACDecoder\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        57409        ----a-w-        c:\programdata\DivX\ControlPanel\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        52963        ----a-w-        c:\programdata\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        54073        ----a-w-        c:\programdata\DivX\Qt4.5\Uninstaller.exe
2010-05-07 19:41 . 2010-05-07 19:41        56969        ----a-w-        c:\programdata\DivX\ASPEncoder\Uninstaller.exe
2010-05-04 14:09 . 2010-05-04 14:09        79144        ----a-w-        c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-04-26 16:20 . 2010-04-26 16:20        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll
2010-04-21 12:24 . 2010-04-21 12:24        98366952        ----a-w-        c:\programdata\OviInstallerCache\{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}\Nokia_Ovi_Suite_webinstaller.exe
2010-04-21 10:57 . 2010-04-21 10:57        49152        ----a-w-        c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-04-21 10:57 . 2010-04-21 10:57        45056        ----a-w-        c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-04-21 10:57 . 2010-04-21 10:57        45056        ----a-w-        c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-04-21 10:57 . 2010-04-21 10:57        45056        ----a-w-        c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-04-21 10:57 . 2010-04-21 10:57        45056        ----a-w-        c:\programdata\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-04-21 10:57 . 2010-04-21 10:57        40960        ----a-w-        c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-04-21 10:57 . 2010-04-21 10:57        341600        ----a-w-        c:\programdata\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-04-21 10:57 . 2010-04-21 10:57        308808        ----a-w-        c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2006-05-03 09:06 . 2010-06-28 15:58        163328        --sh--r-        c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2010-06-28 15:58        31232        --sh--r-        c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2010-06-28 15:58        216064        --sh--r-        c:\windows\System32\nbDX.dll
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{40c3cc16-7269-4b32-9531-17f2950fb06f}]
2010-03-17 13:45        2355224        ----a-w-        c:\program files\Winload\tbWinl.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-05-13 22:06        220208        ----a-w-        c:\program files\Hotspot Shield\HssIE\HssIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{40c3cc16-7269-4b32-9531-17f2950fb06f}"= "c:\program files\Winload\tbWinl.dll" [2010-03-17 2355224]

[HKEY_CLASSES_ROOT\clsid\{40c3cc16-7269-4b32-9531-17f2950fb06f}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-03-17 8546848]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"AVG9_TRAY"="c:\progra~2\AVG\AVG9\avgtray.exe" [2010-07-11 2065760]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Users^D^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Logitech . Produktregistrierung.lnk]
path=c:\users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Produktregistrierung.lnk
backup=c:\windows\pss\Logitech . Produktregistrierung.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06        976832        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04        35760        ----a-w-        c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BigDogPath]
2003-01-21 13:19        40960        ----a-w-        c:\windows\Vm_sti.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-06-03 00:50        1144104        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser]
2010-04-10 06:45        979344        ----a-w-        c:\progra~2\Eraser\Eraser.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EvtMgr6]
2010-01-27 11:30        1312848        ----a-w-        c:\program files\Logitech\SetPointP\SetPoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-26 22:47        31016        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2010-06-08 11:39        133368        ----a-w-        c:\program files\ICQ7.1\ICQ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 14:33        141624        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ManyCam]
2010-04-21 08:26        1824040        ----a-w-        c:\program files\ManyCam 2.4\ManyCam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 14:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2]
2010-07-02 10:20        671608        ----a-w-        c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57        1451520        ----a-w-        c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-17 19:53        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-06-17 13:54        1238352        ----a-w-        d:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-04-21 10:56        202256        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 136176]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\program files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 pfsvgae;pfsvgae;c:\users\D\AppData\Local\Temp\pfsvgae.sys [x]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2010-04-20 691696]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-06-21 64288]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-07-11 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-07-11 243024]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-11 308136]
S2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-03-10 20968]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [2010-05-25 323632]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-07-11 1352832]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-04-03 240232]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam.sys [2008-01-14 21632]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.
Inhalt des "geplante Tasks" Ordners

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 22:17]

2010-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-01 22:17]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2319825
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\D\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
FF - ProfilePath - c:\users\D\AppData\Roaming\Mozilla\Firefox\Profiles\fmgmemdx.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Winload Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\users\D\AppData\Roaming\Mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\FFExternalAlert.dll
FF - component: c:\users\D\AppData\Roaming\Mozilla\Firefox\Profiles\fmgmemdx.default\extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-BDRegion - c:\program files\Cyberlink\Shared files\brs.exe
MSConfigStartUp-RemoteControl10 - d:\program files\CyberLink\PowerDVD10\PowerDVD10\PDVD10Serv.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-328246223-3902764012-4111868320-1001\Software\SecuROM\License information*]
"datasecu"=hex:be,c1,40,4b,87,1a,3f,f6,1d,67,86,ee,fa,03,24,8c,81,ce,d7,b5,ca,
  23,ac,59,8c,48,15,be,07,93,2d,86,b7,1c,c9,82,c7,db,54,68,d4,d8,de,91,6c,f8,\
"rkeysecu"=hex:67,b3,24,46,33,63,1b,8a,29,76,48,15,92,5e,60,99

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-07-12  16:55:12
ComboFix-quarantined-files.txt  2010-07-12 14:55

Vor Suchlauf: 5.936.775.168 Bytes frei
Nach Suchlauf: 5.851.123.712 Bytes frei

- - End Of File - - 862084771DB02D2F069170EC8B98840B
--- --- ---

cosinus 12.07.2010 16:35
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

dragan4210 12.07.2010 17:03
GMER stürzte jedes mal ab, hier der OSAM -Log

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 18:02:54 on 12.07.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\avgrsstx.dll

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~2\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Free AVI Loader Driver x86" (AvgLdx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgldx86.sys
"AVG Free Network Redirector" (AvgTdiX) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgtdix.sys
"AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgmfx86.sys
"catchme" (catchme) - ? - C:\Users\D\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz133" (cpuz133) - "Windows (R) Win 7 DDK provider" - C:\Windows\system32\drivers\cpuz133_x32.sys
"pfsvgae" (pfsvgae) - ? - C:\Users\D\AppData\Local\Temp\pfsvgae.sys  (File not found)
"ZSMC USB PC Camera" (ZSMC301b) - "VM" - C:\Windows\System32\Drivers\usbVM31b.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG9\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG9\avgse.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -  (File not found | COM-object registry key not found)
Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG9\avgssie.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} "Hotspot Shield Class" - ? - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVG9_TRAY" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~2\AVG\AVG9\avgtray.exe
"NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\themeservice.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\themeservice.dll
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"AVG Free WatchDog" (avg9wd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG9\avgwdsvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - D:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files\Hotspot Shield\bin\hsswd.exe  (File found, but it contains no detailed information)
"Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe  (File found, but it contains no detailed information)
"Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE  (File found, but it contains no detailed information)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru[/QUOTE]

cosinus 12.07.2010 17:42
Zitat:
"pfsvgae" (pfsvgae) - ? - C:\Users\D\AppData\Local\Temp\pfsvgae.sys (File not found)
Bitte mit OSAM deaktivieren und löschen

dragan4210 12.07.2010 17:56
(Success) HKLM\SYSTEM\CurrentControlSet\Services\pfsvgae pfsvgae C:\Users\D\AppData\Local\Temp\pfsvgae.sys


Das habe ich deaktiviert und gelöscht.

Hier der neue Log:
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 18:56:21 on 12.07.2010

OS: Windows 7 Ultimate Edition (Build 7600), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.6

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\avgrsstx.dll

[Boot Execute]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Session Manager )-----
"BootExecute" - ? - C:\Windows\system32\lsdelete.exe  (File found, but it contains no detailed information)

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\MLCFG32.CPL
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~2\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Free AVI Loader Driver x86" (AvgLdx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgldx86.sys
"AVG Free Network Redirector" (AvgTdiX) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgtdix.sys
"AVG Free On-access Scanner Minifilter Driver x86" (AvgMfx86) - "AVG Technologies CZ, s.r.o." - C:\Windows\System32\Drivers\avgmfx86.sys
"catchme" (catchme) - ? - C:\Users\D\AppData\Local\Temp\catchme.sys  (File not found)
"cpuz133" (cpuz133) - "Windows (R) Win 7 DDK provider" - C:\Windows\system32\drivers\cpuz133_x32.sys
"ZSMC USB PC Camera" (ZSMC301b) - "VM" - C:\Windows\System32\Drivers\usbVM31b.sys

[Explorer]
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{2C7339CF-2B09-4501-B3F3-F3508C9228ED} "Themes Setup" - "Microsoft Corporation" - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "XPLPPFilter Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG9\avgpp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{9F97547E-460A-42C5-AE0C-81C61FFAEBC3} "AVG Find Extension" - ? -  (File not found | COM-object registry key not found)
{9F97547E-4609-42C5-AE0C-81C61FFAEBC3} "AVG Shell Extension Class" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG9\avgse.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{D8D1CE8C-B1EB-4E95-B63B-1531BA60E992} "DivX Property Handler" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXPropertyHandler.dll
{83238FAE-D346-4E12-8734-D42F7554B3E6} "DivX Thumbnail Provider" - "DivX, Inc." - C:\Program Files\DivX\DivX Plus Media Foundation Components\DivXThumbnailProvider.dll
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Program Files\Logitech\SetPointP\kbcplext.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\OLKFSTUB.DLL
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll
Logitech Setpoint Extension "{B9B9F083-2B04-452A-8691-83694AC1037B}" - ? -  (File not found | COM-object registry key not found)
Eraser Shell Extension "{BC9B776A-90D7-4476-A791-79D835F30650}" - ? -  (File not found | COM-object registry key not found)

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
"ICQ7.1" - "ICQ, LLC." - C:\Program Files\ICQ7.1\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} "AVG Safe Search" - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG9\avgssie.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} "Hotspot Shield Class" - ? - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -  (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVG9_TRAY" - "AVG Technologies CZ, s.r.o." - C:\PROGRA~2\AVG\AVG9\avgtray.exe
"NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\themeservice.dll,-8192" (Themes) - "Microsoft Corporation" - C:\Windows\system32\themeservice.dll
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"AVG Free WatchDog" (avg9wd) - "AVG Technologies CZ, s.r.o." - C:\Program Files\AVG\AVG9\avgwdsvc.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Dragon Age: Origins - Inhaltsupdater" (DAUpdaterSvc) - "BioWare" - D:\Program Files\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Hotspot Shield Monitoring Service" (HssWd) - ? - C:\Program Files\Hotspot Shield\bin\hsswd.exe  (File found, but it contains no detailed information)
"Hotspot Shield Service" (HotspotShieldService) - ? - C:\Program Files\Hotspot Shield\bin\openvpnas.exe  (File found, but it contains no detailed information)
"Hotspot Shield Tray Service" (HssTrayService) - ? - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE  (File found, but it contains no detailed information)
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Lavasoft Ad-Aware Service" (Lavasoft Ad-Aware Service) - "Lavasoft" - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit Online Solutions :: Index


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:45 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131