Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Virus Backdoor (https://www.trojaner-board.de/93962-virus-backdoor.html)

bugbugbug 20.12.2010 18:51
Virus Backdoor
 
Hallo ich habe eine problem bei mir öffen sich ständig der Internet explorer
mein pc stürzt einfach ab ich habe was runtergeladen und danach hatte ich den virus

Hier mein Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:48:32, on 20.12.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Users\*****\AppData\Local\Temp\Omx.exe
C:\Windows\Explorer.EXE
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter3.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Microsoft LifeChat\LifeChat.exe
C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\Onyhab.exe
C:\Users\*****\AppData\Local\Temp\Rar$EX00.524\HijackThis.exe
C:\Users\*****\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} -

C:\Program Files\Ask.com\GenericAskToolbar.dll
R3 - URLSearchHook: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -

C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll (file

missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program

Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O2 - BHO: (no name) - {B1B220C1-A503-59BD-F413-02B53A2C8954} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} -

C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program

Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program

Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program

Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Program

Files\Stopzilla!\Toolbar\SZSG.dll
O3 - Toolbar: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - mscoree.dll

(file missing)
O3 - Toolbar: YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} -

C:\Program Files\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll
O3 - Toolbar: LimeWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program

Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program

Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [LifeChat] "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java

Update\jusched.exe"
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search

Settings\SearchSettings.exe"
O4 - HKCU\..\Run: [JP595IR86O] C:\Users\*****\AppData\Local\Temp\Omx.exe
O4 - HKCU\..\Run: [swg] "C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"

/background
O4 - HKLM\..\Policies\Explorer\Run: [9rogj] C:\Users\*****\AppData\Local\Temp\8k95w6t.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe

oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem

(User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\srcr.tmp\svchost.exe" (User

'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RegistryMonitor1] "C:\Windows\TEMP\srcr.tmp\svchost.exe" (User

'Default user')
O4 - Startup: FRITZ!DSL Internet.lnk = C:\Program Files\FRITZ!DSL\FritzDsl.exe
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop

Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Add to Windows &Live Favorites -

hxxp://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google

Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3

\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-

8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows

Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1

\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -

C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program

Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3

\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-

2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -

hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) -

hxxp://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D59A61CF-2D8B-4DE7-B383-8AD9D9114525}: NameServer =

213.73.91.35,62.2.100.201
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program

Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: juaw98rajewifhausihuggdd - {B1B220C1-A503-59BD-F413-02B53A2C8954}

- (no file)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program

Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner -

C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\avupgsvc.exe (file missing)
O23 - Service: Application Updater - Spigot, Inc. - C:\Program Files\Application

Updater\ApplicationUpdater.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program

Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!

DSL\IGDCTRL.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero

BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common

Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation -

C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. -

C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common

Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation -

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 11178 bytes

cosinus 20.12.2010 20:46
Schon wieder ein anderer Rechner? :D

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

bugbugbug 21.12.2010 16:13
HIER DIE OTL LOGS: Nr 1OTL Logfile:
Code:
OTL logfile created on: 21.12.2010 16:02:16 - Run 3
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 24,91 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TAMTAMPC
Current User Name: ****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\****\AppData\Local\Temp\Om2.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Windows\Onyhab.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Users\****\AppData\Local\Temp\Omx.exe (Windows (R) Codename Longhorn DDK provider)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Toolbar\wltuser.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirUpgradeService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hwinterface) -- C:\Windows\System32\drivers\hwinterface.sys (Logix4u)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (SOFTWIN S.R.L.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Programme\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=966134"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/| www.gametrailers.com/| www.ofdb.de/ | www.kino.to/| www.ebay.de/| www.mobile.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.0.8.0552
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.0.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.4.4
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.3.20080730
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=966134&p="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.19 00:17:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.10 22:23:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
 
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.12.20 18:40:04 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.19 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009.07.19 12:46:45 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com
[2009.07.18 19:34:37 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com-trash
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\moveplayer@movenetworks.com
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\searchrecs@veoh.com
[2010.11.28 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\toolbar@ask.com
[2010.02.04 15:45:40 | 000,002,254 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\askcom.xml
[2009.07.19 12:46:14 | 000,002,399 | ---- | M] () -- C:\Users\****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\daemon-search.xml
[2010.12.20 18:40:04 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.15 17:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 20:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.07.06 23:20:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.15 09:54:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.15 09:54:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.15 09:54:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.20 00:28:33 | 000,001,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\WebSearchober180451644.xml
[2010.07.15 09:54:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.15 09:54:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.20 00:36:37 | 000,000,068 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (no name) - {B1B220C1-A503-59BD-F413-02B53A2C8954} - No CLSID value found.
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Programme\YouTube Downloader Toolbar\IE\4.1\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [{E07C3A02-5DE0-949B-1612-45C6271678C4}] C:\Users\****\AppData\Roaming\Myoq\ywyhp.exe (Avira GmbH)
O4 - HKCU..\Run: [JP595IR86O] C:\Users\****\AppData\Local\Temp\Omx.exe (Windows (R) Codename Longhorn DDK provider)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O4 - Startup: C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xouv.exe (Avira GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9rogj = C:\Users\****\AppData\Local\Temp\8k95w6t.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {B1B220C1-A503-59BD-F413-02B53A2C8954} - juaw98rajewifhausihuggdd - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell - "" = AutoRun
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Pynyk
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\Myoq
[2010.12.20 20:15:40 | 000,163,840 | ---- | C] (Avira GmbH) -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xouv.exe
[2010.12.20 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\****\Documents\theHunter
[2010.12.20 18:48:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\****\Desktop\HijackThis.exe
[2010.12.20 18:05:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.12.20 01:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter
[2010.12.20 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\{B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}
[2010.12.20 00:33:51 | 000,223,744 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Onyhab.exe
[2010.12.20 00:28:14 | 000,223,744 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Onyhaa.exe
[2010.12.20 00:27:52 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\updates
[2010.12.20 00:27:51 | 000,325,632 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\sshnas21.dll
[2010.12.20 00:27:50 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\Windows
[2010.12.20 00:27:47 | 000,000,000 | -H-D | C] -- C:\Users\****\AppData\Local\Server
[2010.12.20 00:22:51 | 000,000,000 | ---D | C] -- C:\Programme\theHunter
[2010.12.14 21:47:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.14 21:47:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.14 21:47:57 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.14 21:47:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.14 21:47:55 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.14 21:47:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.14 21:47:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.14 21:47:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.14 21:47:51 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.14 21:47:46 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.14 21:47:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.14 21:47:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.14 21:47:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.14 21:47:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.14 21:47:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.06 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Local\Two Worlds II
[2010.12.06 14:37:17 | 000,000,000 | ---D | C] -- C:\Programme\Reality Pump
[2010.12.06 03:27:51 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.12.06 03:27:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.12.06 03:27:51 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.06 03:27:51 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.12.06 03:27:51 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.12.06 03:27:51 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.12.06 03:27:51 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.12.06 03:27:51 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.12.06 03:27:51 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.27 14:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Zombie Driver
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.21 16:06:17 | 009,699,328 | -HS- | M] () -- C:\Users\****\ntuser.dat
[2010.12.21 16:04:01 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.21 16:03:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.21 15:57:24 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.21 15:57:16 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.12.21 15:57:16 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.21 15:57:16 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.21 15:57:16 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.21 15:57:16 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.21 15:55:05 | 000,000,248 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.21 15:50:55 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.21 15:50:48 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.21 15:50:48 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.21 15:50:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.12.21 15:50:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.21 15:50:28 | 3487,752,192 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.21 15:49:29 | 000,524,288 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.12.21 15:49:29 | 000,065,536 | -HS- | M] () -- C:\Users\****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.12.21 15:49:18 | 003,004,107 | -H-- | M] () -- C:\Users\****\AppData\Local\IconCache.db
[2010.12.21 15:25:42 | 000,002,774 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2010.12.21 15:25:42 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2010.12.20 20:21:50 | 000,010,203 | ---- | M] () -- C:\Users\****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:15:40 | 000,163,840 | ---- | M] (Avira GmbH) -- C:\Users\****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xouv.exe
[2010.12.20 20:00:36 | 000,000,042 | ---- | M] () -- C:\Users\****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 19:59:59 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - ****.job
[2010.12.20 19:48:19 | 000,082,944 | ---- | M] () -- C:\Users\****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 18:09:56 | 000,000,120 | ---- | M] () -- C:\Users\****\AppData\Local\Wnovocareza.dat
[2010.12.20 01:45:53 | 000,010,326 | ---- | M] () -- C:\Users\****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,000 | ---- | M] () -- C:\Users\****\AppData\Local\Uwami.bin
[2010.12.20 00:36:37 | 000,000,068 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.12.20 00:28:10 | 000,223,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Onyhab.exe
[2010.12.20 00:27:52 | 000,325,632 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\sshnas21.dll
[2010.12.20 00:27:52 | 000,223,744 | ---- | M] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\Onyhaa.exe
[2010.12.20 00:27:49 | 000,030,000 | ---- | M] () -- C:\Windows\System32\if86lp.dll
[2010.12.20 00:27:46 | 000,064,000 | ---- | M] () -- C:\Windows\System\dwm.exe
[2010.12.18 23:57:29 | 000,079,457 | ---- | M] () -- C:\Users\****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.15 03:22:17 | 000,327,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 21:32:16 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.12.11 00:21:23 | 000,013,218 | ---- | M] () -- C:\Users\****\AppData\Roaming\wklnhst.dat
[2010.12.08 17:37:30 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.06 14:41:58 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.06 02:56:57 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.12.05 01:22:48 | 000,547,059 | ---- | M] () -- C:\Users\****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.12.04 00:15:57 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.04 00:15:50 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.04 00:15:09 | 000,099,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.27 15:30:48 | 000,030,252 | ---- | M] () -- C:\Users\****\MercedesCLC.jpg
[2010.11.27 14:04:09 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.11.27 14:04:09 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.11.23 02:01:30 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.20 20:06:08 | 000,010,203 | ---- | C] () -- C:\Users\****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | C] () -- C:\Users\****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 18:42:28 | 3487,752,192 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.20 01:45:50 | 000,010,326 | ---- | C] () -- C:\Users\****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,120 | ---- | C] () -- C:\Users\****\AppData\Local\Wnovocareza.dat
[2010.12.20 00:37:02 | 000,000,000 | ---- | C] () -- C:\Users\****\AppData\Local\Uwami.bin
[2010.12.20 00:33:48 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.12.20 00:27:59 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{BBAEAEAF-1275-40e2-BD6C-BC8F88BD114A}.job
[2010.12.20 00:27:57 | 000,000,248 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.12.20 00:27:49 | 000,030,000 | ---- | C] () -- C:\Windows\System32\if86lp.dll
[2010.12.20 00:27:48 | 000,064,000 | ---- | C] () -- C:\Windows\System\dwm.exe
[2010.12.18 23:57:28 | 000,079,457 | ---- | C] () -- C:\Users\****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.06 14:41:58 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.05 01:22:47 | 000,547,059 | ---- | C] () -- C:\Users\****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.27 15:30:48 | 000,030,252 | ---- | C] () -- C:\Users\****\MercedesCLC.jpg
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.06.24 21:37:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.12.19 02:55:05 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.12.16 00:55:14 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.15 16:20:45 | 000,022,584 | ---- | C] () -- C:\Windows\System32\PnkBstrK.sys
[2009.10.25 18:12:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.10.09 23:58:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.23 23:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 22:13:04 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.08.23 18:47:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[2009.08.23 18:47:51 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL
[2009.07.16 21:35:23 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009.07.16 21:35:19 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2009.07.16 21:35:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009.05.03 04:38:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.03.28 22:14:42 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
[2009.03.03 01:17:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.03 01:17:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.03 01:17:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.02.14 10:30:57 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.10.14 16:26:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.14 16:26:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.14 16:14:51 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.30 17:05:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.08.08 17:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2007.01.10 06:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
--- --- ---

cosinus 21.12.2010 16:14
Ich wollte erst den Vollscan mit mbam sehen...

bugbugbug 21.12.2010 16:16
OTL LOG : Nr 2OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 21.12.2010 16:02:16 - Run 3
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 57,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 24,91 Gb Free Space | 8,71% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TAMTAMPC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3150804105-3559284404-3918947858-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{059F915C-36DD-4900-ABDB-7C3368EB49A3}" = lport=51970 | protocol=6 | dir=in | name=51970 |
"{09B0FCC5-BA96-4AD5-819D-20426DC3861D}" = lport=3889 | protocol=6 | dir=in | name=3889 |
"{0C0F902B-BFFE-42AA-8244-63A4FEBD94A3}" = lport=6883 | protocol=6 | dir=in | name=6883 |
"{0D7DD56A-3021-4D39-914E-217C0E00CA37}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{1F1AE682-A9BB-4B25-90F4-EC0C353F663C}" = lport=52525 | protocol=6 | dir=in | name=52525 |
"{21922F4E-46F8-4623-BBE2-771BB2C298D4}" = lport=6886 | protocol=6 | dir=in | name=6886 |
"{2820386C-5AE1-4CD2-8AD2-0DC8E9B2FCB9}" = lport=3882 | protocol=6 | dir=in | name=3882 |
"{2D343DC1-C2BC-412C-BEE9-CC69B3A01E00}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{32781735-DE82-4D50-AEAD-E049A881E636}" = lport=3883 | protocol=6 | dir=in | name=3883 |
"{34FCB130-2A06-41D9-88B4-A405DDAE2757}" = lport=20843 | protocol=6 | dir=in | name=20843 |
"{372F5F79-FB58-43E9-9BB5-28C89231BB58}" = lport=6969 | protocol=6 | dir=in | name=6969 |
"{380F9240-FAB8-4FBA-A84B-D6171D08330D}" = lport=3885 | protocol=6 | dir=in | name=3885 |
"{3CED33EB-9125-46E8-87C1-401BEEF54C13}" = lport=6800 | protocol=6 | dir=in | name=sacred2 192.168.178.28 6800  |
"{475B13D6-835E-4678-B033-C7D038FEFA61}" = lport=119 | protocol=6 | dir=in | name=119 |
"{4C7479D1-286C-429B-9922-F11670B3F394}" = lport=3886 | protocol=6 | dir=in | name=3886 |
"{4F8CEA56-8CFB-444C-820D-0A7C189F735A}" = lport=119 | protocol=17 | dir=in | name=119 |
"{5414442F-CC5B-4C27-B938-DE68EC3B08B5}" = lport=3881 | protocol=6 | dir=in | name=3881 |
"{6AD82A48-3A52-45F4-82E1-5DA6797229BE}" = lport=7011 | protocol=6 | dir=in | name=7011 |
"{6E632DC8-2F4A-440D-AE49-D2BBDF5A21AF}" = lport=49152 | protocol=6 | dir=in | name=49152 |
"{73727A79-255C-4F61-A9E2-6D9CC6FB2FC2}" = lport=3884 | protocol=6 | dir=in | name=3884 |
"{84B4C29B-66C0-4BD1-8D30-99BE66E26FB0}" = lport=3887 | protocol=6 | dir=in | name=3887 |
"{89462D0C-C474-4AFD-8434-CB75BA8CCA21}" = lport=6884 | protocol=6 | dir=in | name=6884 |
"{A0671457-EAF9-4652-B620-EDA43D0AE158}" = lport=3888 | protocol=6 | dir=in | name=3888 |
"{A0836C36-3F50-4544-9824-ADE04B10F05D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A2E5912A-F13E-42ED-ABC9-103AA342DA47}" = lport=6800 | protocol=17 | dir=in | name=sacred2 |
"{A7C86D55-F4B3-4F7A-A443-0F8119B41471}" = lport=6889 | protocol=6 | dir=in | name=6889 |
"{AC58AAAE-0AE3-42CA-AE06-BDD2568890DC}" = lport=443 | protocol=6 | dir=in | name=usenext |
"{B2F0C6A8-EB65-468A-84E2-8F0740D6374D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B3389A1F-52DE-4B14-A1E1-BAB24544F65F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B47CE0E3-6F06-47D6-9D89-9DD6735664D5}" = lport=6882 | protocol=6 | dir=in | name=6882 |
"{B58310DA-5D09-418D-B9F7-FE388FB267EC}" = lport=7011 | protocol=17 | dir=in | name=192.168.178.28 7011  |
"{B79271F7-F7A8-4808-81F1-18D73661435B}" = lport=6887 | protocol=6 | dir=in | name=6887 |
"{BCD222B2-4060-483E-BC76-ACC58CE3D67E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C1E9DFC5-F541-4CFB-8F9F-0CAC495330C9}" = lport=135 | protocol=6 | dir=in | svc=rpcss | app=c:\windows\system32\svchost.exe |
"{C213CEB1-F984-4B8F-AE4A-0DC4FB048C4F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CB7B40D3-E901-4E77-A634-E671EF8AC810}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CC6590F8-2002-481C-9D70-C11CC7D7E16A}" = lport=6881 | protocol=6 | dir=in | name=6881 |
"{CF3B30C8-4505-4364-992B-1DF122BE4BFE}" = lport=6888 | protocol=6 | dir=in | name=6888 |
"{DC8EC2BA-0C81-4FAC-92C1-CB8993317EED}" = lport=6885 | protocol=6 | dir=in | name=6885 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01797C0D-7CD1-452F-BED3-3CF4145E99E2}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{01FB15C3-77CC-4BB3-8056-5BE78EF4D062}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{05097E66-1213-48A9-928A-C3F80DC1F947}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{052DD755-25CB-40C7-A41A-6B2D68FF6B0B}" = protocol=6 | dir=in | app=h:\fsetup.exe |
"{0C1BDEB8-8F35-43E4-BF83-FE9D24D370E6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{0C930D68-7D5A-4BEB-907B-CCB8778BCDBC}" = protocol=17 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{0CC0990D-5957-4ECF-A5D8-F7556CA7DAFC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{0DC047B8-8FC5-4E3E-9627-10A31D42286F}" = protocol=17 | dir=in | app=c:\program files\usenext\usenext.exe |
"{0E2CC395-A972-4408-9FD2-6CC61BE33948}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{0E6FBDCD-1056-49AF-975A-B5CD5BEAECCE}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{0F223D9F-30EA-4920-878D-391EBC650F43}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{0F9DC035-D875-4570-8C0F-BAD3B52DF030}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{0FE25207-7147-4114-8C8B-BFBDF4C141CD}" = protocol=6 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{1032B914-E96E-4FCF-8D13-47802A8F447A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{1385EAB8-3770-4FA6-8D24-787F70A04D71}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{143AD7FB-53CB-4DF8-A570-7936D2C22F0C}" = protocol=6 | dir=in | app=c:\program files\thehunter\launcher\launcher.exe |
"{14D574BB-20E2-4F92-842D-34044DD3125F}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{177773E1-D11A-4E3E-AED6-F128B9E62A1D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{1AE1DD15-9F0C-4DBC-98A1-1DAE8EBED4D3}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{1BD962DE-C26A-42E7-BF4A-F8CE6E3B7A94}" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{1CD1CE4D-DEA7-4FB1-9AD3-B4033583B122}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{1DA2158A-4CDB-4656-BFF8-FD10293E5177}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwupdate.exe |
"{20918BC8-ED22-4DDA-8139-7BD39214D2AD}" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{2139558A-5D0E-4957-AC89-FF0BE8D1B1F5}" = protocol=17 | dir=in | app=c:\program files\reality pump\two worlds ii\twoworlds2.exe |
"{24E9F2B3-AA8B-4409-A73D-E397E5FBAD63}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main.exe |
"{2DE0E0F5-E745-426E-B699-961E7C5E7107}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{2F96EAD0-9F56-436F-A705-C972A057DF5B}" = protocol=6 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\revoke.exe |
"{314938D5-5521-4174-81B6-3885C1CE6FEF}" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"{36A1A113-6FAD-4A5C-BC39-C23064BC76D5}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{392163A3-E5AA-4E59-A719-CAECE2BBB21B}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\uplaybrowser.exe |
"{3D17F957-FAB3-484B-95CF-7639C02EB052}" = protocol=17 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{417896F0-27DA-4819-953F-FB060A68DD1B}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{42B07EF2-78B3-400B-8198-0A32FA7748CD}" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars the force unleashed 2\swtfu2.exe |
"{46833256-8126-4282-9E6A-392DD5D43FB4}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{47575330-50D8-4ECD-9DC9-D4B04D0941B6}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{48344705-46FD-4CF4-8906-9EDB572ADBE5}" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\unrealfrontend.exe |
"{4A269245-E4C8-4FCD-B3A4-732DF659AD39}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{4B218E1F-1CB2-4F99-95F9-FBD3A26C8B1C}" = protocol=6 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{4D13031E-AB13-4474-86D7-DC4E66464B5E}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{4E9E3A47-4516-41DB-8D45-9E53B13F514B}" = protocol=6 | dir=in | app=c:\program files\usenext\usenext.exe |
"{516B3692-9B54-4290-B4C2-51EC873F879F}" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe |
"{520847CD-9EFB-4209-BB79-710C181FE644}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\7zs365e.tmp\symnrt.exe |
"{5561A96D-6D8F-4107-8556-C51C1B3F27E1}" = protocol=17 | dir=in | app=c:\program files\ascaron entertainment\sacred 2 - fallen angel\system\revoke.exe |
"{56E5AB82-C460-4042-9B80-2D823A351642}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{5863ADD9-5F0A-4E5B-B7B9-489E9F313BDD}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{58EE5D40-1AE1-4F10-B914-E6BC05FE632F}" = protocol=17 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe |
"{5986533A-F73A-4AAE-8C2D-ADD49F7DE9D9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{5DEB8D39-CF64-4DC9-A616-94F80009A37F}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{5F5714A0-88B7-4EE4-993E-E0DFC2084192}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{5FFA1E17-2AFE-4B7F-AB79-6F33DA43FCEE}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{615A4083-3442-4DB1-8B83-C7904221A603}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6677AE2E-1765-4265-834E-E26A4A415693}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{694FA893-FA3A-4E00-9F18-514B680B3222}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{6A2277BE-BCE6-43D3-AF8B-6AD4B55D5CB8}" = protocol=17 | dir=in | app=c:\program files\thehunter\game\thehunter.exe |
"{6F2EF067-AAF7-46B6-B311-3F73A44C9837}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{71A86CE6-948C-40F1-BA6F-63D508910F66}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{737D8D37-E40F-4D60-90F7-40EE3689B42F}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{7D1B1D5A-EB74-47F0-8930-743940E40D30}" = protocol=17 | dir=in | app=c:\program files\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{80709898-868C-4F14-B1ED-F6223977D370}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2server.exe |
"{81B9F5A7-E4BF-439D-B279-D406A3404A77}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrk.sys |
"{82DA41A6-FBC5-4901-A683-16773E5805C1}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{84749D83-4391-40E1-84F0-8A4612E7F696}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{85F9E1C8-5A40-45B2-82BB-64C0C1B603CE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrk.sys |
"{87343C82-E9EB-4C8A-A0AE-9E0E6597BFCE}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{876E63F4-CD1F-4880-9956-FD9C928519E0}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{895B82C8-8962-459C-B602-7EF9A7675D0A}" = protocol=17 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreedii.exe |
"{8DC82DAC-F43D-44C2-8B2A-9B8CEB700E94}" = protocol=6 | dir=in | app=c:\programdata\a82a4df\wsa82a.exe |
"{8F48CF1E-1A82-44FD-8F93-03E40D81885B}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8F636BAC-2E6C-40D0-BE63-641B5B952FCF}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{91738D1D-B510-477E-9BAD-89400964ABBA}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{94179E3B-68F7-47F2-AB44-5EF9755C6E56}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{97C0E6E5-9F29-4E95-BD51-8F6CE72E7259}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{989B908C-B249-4DBE-ABA0-676E021334C8}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{99D91D7A-8D4B-4F4D-B7AF-37EB4596F852}" = protocol=17 | dir=in | app=c:\programdata\a82a4df\wsa82a.exe |
"{9C288235-2EE2-4B70-ACB5-2FCC2E38ABEB}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{9DA1AE38-B8BA-4B64-B2F6-7F6FC747586D}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{A149813B-7F15-4515-A882-A16CEAA8C417}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe |
"{A29CDCF2-44B4-4433-9F96-95C60470F3C8}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{A4159EFD-C652-4959-BC7E-BF4E4E54791B}" = protocol=17 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{A954C762-FAFB-4F6E-B5EC-E172DB296DE4}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{B0B80788-C5E3-4814-9C05-77461B2F8972}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{B0C834B5-CF99-4D79-A7A0-E7600FECA952}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{B14EB4B4-0797-4E15-9D09-654F8E05D53F}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{BA217FB3-AB08-44F9-9368-EC6D871D0A2A}" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{BC020374-0A46-4E5E-9EE8-03724407540F}" = protocol=6 | dir=in | app=c:\program files\reality pump\two worlds ii\twoworlds2.exe |
"{BD99DB92-4FED-4A48-97D0-198266E66945}" = protocol=6 | dir=in | app=c:\udk\udk-2010-01\binaries\unrealfrontend.exe |
"{C16A1AB9-DC9A-43FF-88C5-5DD1DF7D98EE}" = protocol=17 | dir=in | app=h:\fsetup.exe |
"{C3573122-D9DA-4D6A-A78A-024F03574B6F}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{C3E63CA2-2458-4522-9953-9B2544578DA6}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{C4448901-98FC-4CE6-B5E1-4903FB9AF676}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{C73AF844-090D-457E-8F2D-65C4C7AA9100}" = protocol=6 | dir=in | app=c:\program files\atari\neverwinter nights 2\nwn2main_amdxp.exe |
"{C85E5F7F-F2A4-4A1A-BE1E-1D15F2385B30}" = protocol=6 | dir=in | app=c:\program files\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{D0621E23-B4A2-4D49-A12A-D887FCB4CC45}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrk.sys |
"{D16EFA52-2162-4A3D-9C8F-E6D55623160E}" = protocol=6 | dir=in | app=c:\program files\thehunter\game\thehunter.exe |
"{D204465E-5F24-4CEB-A17F-E41571FB41B8}" = protocol=6 | dir=in | app=c:\program files\starcraft ii\starcraft ii.exe |
"{D2C29F4F-06E0-47C4-848D-07A22F8FC44E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{D2ED27D8-1AF3-4067-9E97-F6149CCD1004}" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"{D2F63111-54A2-4EF3-9E4A-C5F8149DC9BE}" = protocol=6 | dir=in | app=c:\program files\ubisoft\assassin's creed ii\assassinscreediigame.exe |
"{D45B6BD1-B1D2-4C53-87D1-F78450D7AB77}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{D645D8A6-2AD7-495E-8CE3-A425735C3426}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrk.sys |
"{D9775EDC-E3B3-4EAD-B11A-7968CB8CC321}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{DA1448AB-781E-4A48-BB58-BF0C26B70A56}" = protocol=17 | dir=in | app=c:\udk\udk-2010-01\binaries\win32\udk.exe |
"{DA745B1D-1479-47AB-AD52-931C8AF4AC12}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{DC09C0AB-D335-4ECA-B51B-567085898FF4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{DFF50DAC-4E2D-44FD-89A1-DF39BCC7038B}" = protocol=17 | dir=in | app=c:\program files\thehunter\launcher\launcher.exe |
"{E56A9860-5886-47B3-A63C-74B84E177CA0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{EBAA9131-05F1-4BEE-8AE4-5287C4F45311}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{EEE4D6D7-5060-447C-BCA1-9BE73CC302D8}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{F0D5BC82-AB77-44BC-ABC0-007B30D7D333}" = protocol=6 | dir=in | app=c:\windows\system32\plasrv.exe |
"{F14B46AE-CEE3-4FB1-B474-9C01ECF677D1}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F99A4917-42AA-4AA3-9AD3-C1CCE066A06E}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{FAACD65D-192A-4D77-86A9-3D94347DF20E}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\7zs365e.tmp\symnrt.exe |
"{FE45AC75-B5C5-4BB4-9D6A-7EF10B1337D1}" = protocol=17 | dir=in | app=c:\program files\konami\pro evolution soccer 2010\pes2010.exe |
"{FE4A7BC7-10D0-447C-B6A3-B3EC8C483BF7}" = protocol=6 | dir=in | app=c:\program files\rockstar games\eflc\launcheflc.exe |
"{FF267BCD-8D21-4A8C-9D89-A36ABD7AB71E}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"TCP Query User{10E85D8B-931D-4F82-B6E6-34F3013CEFE2}C:\gta\gtawin\grand theft auto.exe" = protocol=6 | dir=in | app=c:\gta\gtawin\grand theft auto.exe |
"TCP Query User{3BCD04D0-EBC2-4887-8B3C-E38ACDA98F2E}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{3E831DE0-46B3-4826-B793-048D8D785B1A}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3F9ADF29-51E3-4A0D-906B-C37EBD512EC6}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{4181C1C6-AB2E-4D55-A83D-4D1D4C386B69}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"TCP Query User{45781EB7-B2CF-49A8-B53B-5FABD69991B2}C:\users\*****\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\*****\program files\dna\btdna.exe |
"TCP Query User{5336B6CE-05A2-42B3-A0DD-2317C813BC42}C:\windows\system32\winupdateman.exe" = protocol=6 | dir=in | app=c:\windows\system32\winupdateman.exe |
"TCP Query User{6BF59FC7-C270-48FA-BFBA-821DBFAF0355}C:\program files\packard bell\updator\pbupdator.exe" = protocol=6 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe |
"TCP Query User{7DB0D180-02EA-487A-A5D9-97FEC87BF2BB}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{824D0ECB-AE5C-4CF8-8796-C3738B49DB26}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"TCP Query User{8D881CE4-B387-4513-9BD0-3C99984C7DF3}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{AB9202E6-AD7F-46EC-A9C6-776BB547A68B}C:\program files\mirc\mirc.exe" = protocol=6 | dir=in | app=c:\program files\mirc\mirc.exe |
"TCP Query User{CB0BD445-F604-4B15-A819-E553D7483392}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{CFEEF620-5A34-42FF-BBC5-3C9062D77D85}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=6 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"TCP Query User{D43E42BB-CD09-4177-B670-522B8A78BED2}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{E1B034EA-EEB8-4FF6-B8CE-B0BD6C85AE18}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{0534A750-77BB-49CF-9BF1-EF7C0C31A981}C:\program files\packard bell\updator\pbupdator.exe" = protocol=17 | dir=in | app=c:\program files\packard bell\updator\pbupdator.exe |
"UDP Query User{1FB4E85F-4D61-40CD-B59A-B6E9B04FE08C}C:\program files\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files\codemasters\der herr der ringe online\lotroclient.exe |
"UDP Query User{2D8672B7-6175-41C8-9CCD-8D8121A4242B}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{348735B3-2C89-4C3A-AEA6-D7CF8A5719F7}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{358CFED0-A205-46E7-B5E8-C4F30BB605A8}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{35E469E5-1177-4013-B6B6-B73E1198A71F}C:\users\*****\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\*****\program files\dna\btdna.exe |
"UDP Query User{386144F2-9BA6-4D5F-AEDF-E373AF754F02}C:\windows\system32\winupdateman.exe" = protocol=17 | dir=in | app=c:\windows\system32\winupdateman.exe |
"UDP Query User{4263C516-1200-4458-8E8B-2B8DBE239016}C:\program files\mirc\mirc.exe" = protocol=17 | dir=in | app=c:\program files\mirc\mirc.exe |
"UDP Query User{66D48D9F-B863-476F-B712-FC5F8447625C}C:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe" = protocol=17 | dir=in | app=c:\program files\logitech\desktop messenger\8876480\program\logitechdesktopmessenger.exe |
"UDP Query User{6C9F507A-4A89-479D-A9FD-8A07D167DD44}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{800F7015-1309-4893-B67E-17C78B38533F}C:\gta\gtawin\grand theft auto.exe" = protocol=17 | dir=in | app=c:\gta\gtawin\grand theft auto.exe |
"UDP Query User{8C18A901-E37E-4832-A247-D5437300A82A}C:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=c:\program files\2k games\gearbox software\borderlands\binaries\borderlands.exe |
"UDP Query User{9B82C92F-B853-4655-9928-7C13F791B09B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{A33A3619-FFF2-4628-8E7B-D63FE7D9EE59}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{D24DDB0B-5E7D-4855-B876-34234695230E}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{F0C3F17D-8B6E-4F27-8270-05B2982B0476}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{03CE1BCB-03F5-4C6A-B37E-69799AA3C544}" = SpyHunter
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{067FFF2F-0F1C-43DB-827B-F9BC4735F1BC}" = D2500
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{156E82CB-20F2-46cf-BCEA-40E4F23DC4A3}" = YouTube Downloader Toolbar v4.1
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.5
"{1E99F5D7-4262-4C7C-9135-F066E7485811}" = System Requirements Lab
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 22
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{35095169-C59A-4571-A361-2117E04B7AFD}" = DJ_SF_03_D2500_ProductContext
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3E5721E5-BA31-46AD-8B35-065924D38E91}" = D2500_Help
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41785C66-90F2-40CE-8CB5-1C94BFC97280}" = Microsoft Chart Controls for Microsoft .NET Framework 3.5
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{56918C0C-0D87-4CA6-92BF-4975A43AC719}" = KhalInstallWrapper
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{59C6EFB0-7A6F-4FC2-98C5-31A9DB93014A}" = DJ_SF_03_D2500_Software
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61CF2C86-8E46-4210-A115-E4D6C65AF369}" = HP Photosmart B109a-m All-In-One Driver Software 13.0 Rel .6
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{656FDFA4-C7C6-40D9-99F7-F6F331412AEF}" = WarrantyExtension
"{66039B36-96AE-40D1-8A32-071F7A61B738}" = Microsoft LifeChat
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CBBEAC-4F50-4839-A5AF-58D5D6D46D4A}_is1" = Spyhunter Compact OS 1.0b
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7236B969-6A18-42DD-ADE4-BBA2604F34C8}" = DJ_SF_03_D2500_Software_Min
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{765E50AF-5550-4F7E-84F4-524D1BF2C49D}" = MSM2MSI_gstudio
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{80B6EB72-3C0C-47BF-B337-2D46988A58C5}" = EXP Viewer 6.0
"{80FE5490-E9DD-4AE9-8537-3EB5EFB606FC}" = PS_AIO_06_B109a-m_SW_Min
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8CC990CD-87C8-475C-AC32-8A7984E2FCFA}" = CDDRV_Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0.1
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980B9958-1239-4FC5-8C88-AC5650321031}" = Nero 8 Essentials
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{98A64C75-BFD6-4212-8746-8BADC7ABA79E}" = Virtual CD v9
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5653E98-C00B-421B-86A2-E7DA75BFD97A}" = iS3 STOPzilla Toolbar
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF20390E-5ADD-4CB0-BF9D-EDF6E7891AD9}" = B109a-m
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBF0A67B-5DBA-452F-9D2E-6F168BC226E4}" = Need for Speed™ SHIFT
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10AB8DE-0ED1-4152-A247-FB89CF1435D5}" = HP Deskjet D2500 Printer Driver Software 11.0 Rel .3
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D74CFE48-087F-46E1-80E6-E2950E1A8DCE}" = HP Photosmart Essential 2.5
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter" = AC3Filter (remove only)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"AdobeReader" = Adobe Reader 8
"AUDIO_REALTEK" = Realtek HD Audio V6.0.1.5610
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"CCleaner" = CCleaner (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"EADM" = EA Download Manager
"Fraps" = Fraps
"GESO Ernährungsberater_is1" = GESO Ernährungsberater
"Google Chrome" = Google Chrome
"GoogleBAE" = Google BAE
"GoogleToolbar" = Google Toolbar
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"InstallShield_{C4E2A4A7-B623-40CB-8EEA-72F577E49D56}" = Vampire - The Masquerade Bloodlines
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"KaloMa_is1" = KaloMa 4.76
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.7.0 (Full)
"LimeWire" = LimeWire 5.5.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"Mount&Blade Warband" = Mount&Blade Warband
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Nero8" = Nero 8 Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OFF2k7_GE" = Microsoft® Office Home and Student 2007
"OpenAL" = OpenAL
"PokerStars" = PokerStars
"PunkBusterSvc" = PunkBuster Services
"QuickPar" = QuickPar 0.9
"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0
"Security Task Manager" = Security Task Manager 1.7h
"SETUPMYPC_DE" = SetUp My PC
"Shop for HP Supplies" = Shop for HP Supplies
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Star Wars: The Force Unleashed 2_is1" = Star Wars: The Force Unleashed 2
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"SUPER ©" = SUPER © Version 2008.bld.33 (Sep 2, 2008)
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"theHunter" = theHunter (remove only)
"Two Worlds II" = Two Worlds II
"Unlocker" = Unlocker 1.8.7
"Updator" = Packard Bell Updator
"UseNeXT_is1" = UseNeXT
"VIDEO_NVIDIA" = Video NVIDIA v174.90
"VLC media player" = VLC media player 0.9.6
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"works9" = Microsoft Works 9
"Xfire" = Xfire (remove only)
"XP Codec Pack" = XP Codec Pack
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2009 11:44:35 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94,  Prozess-ID 0x1424, Anwendungsstartzeit
 01ca151a7271c3c6.
 
Error - 04.08.2009 11:45:09 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94,  Prozess-ID 0xe60, Anwendungsstartzeit
 01ca151a869afd36.
 
Error - 04.08.2009 12:47:26 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
 0xc0000374, Fehleroffset 0x000b015d,  Prozess-ID 0x1590, Anwendungsstartzeit 01ca151a9d4f0806.
 
Error - 04.08.2009 20:38:35 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul PlayerSelector.asi, Version 0.0.0.0, Zeitstempel 0x49dcada2,
 Ausnahmecode 0xc0000005, Fehleroffset 0x0000ea94,  Prozess-ID 0x1114, Anwendungsstartzeit
 01ca156508d32446.
 
Error - 04.08.2009 22:17:37 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
 0xc0000374, Fehleroffset 0x000b015d,  Prozess-ID 0x1294, Anwendungsstartzeit 01ca15651c08e596.
 
Error - 05.08.2009 09:50:44 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GTAIV.exe, Version 1.0.3.0, Zeitstempel 0x499dc616,
 fehlerhaftes Modul ntdll.dll, Version 6.0.6001.18000, Zeitstempel 0x4791a7a6, Ausnahmecode
 0xc0000374, Fehleroffset 0x000b015d,  Prozess-ID 0x15e0, Anwendungsstartzeit 01ca15cbe381be66.
 
Error - 05.08.2009 11:21:00 | Computer Name = *****-PC | Source = RasClient | ID = 20227
Description =
 
Error - 05.08.2009 18:00:24 | Computer Name = *****-PC | Source = VSS | ID = 12310
Description =
 
Error - 05.08.2009 18:00:26 | Computer Name = *****-PC | Source = VSS | ID = 12298
Description =
 
Error - 06.08.2009 02:26:56 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Fallout3ng.exe, Version 1.0.0.12, Zeitstempel
 0x48d194b3, fehlerhaftes Modul Fallout3ng.exe, Version 1.0.0.12, Zeitstempel 0x48d194b3,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00044163,  Prozess-ID 0x1544, Anwendungsstartzeit
 01ca1659ea97ebf6.
 
[ Media Center Events ]
Error - 08.12.2009 11:26:50 | Computer Name = *****-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 20.12.2010 13:44:21 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7000
Description =
 
Error - 20.12.2010 13:47:46 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7022
Description =
 
Error - 20.12.2010 16:04:59 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7032
Description =
 
Error - 20.12.2010 23:15:09 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7032
Description =
 
Error - 21.12.2010 01:40:59 | Computer Name = TamTampc | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 21.12.2010 um 06:38:26 unerwartet heruntergefahren.
 
Error - 21.12.2010 01:42:18 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.12.2010 10:22:37 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7000
Description =
 
Error - 21.12.2010 10:48:06 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7032
Description =
 
Error - 21.12.2010 10:48:06 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7032
Description =
 
Error - 21.12.2010 10:52:10 | Computer Name = TamTampc | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

bugbugbug 21.12.2010 20:09
OK Hier ist der Maleware bytes log :

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5366

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

21.12.2010 20:08:09
mbam-log-2010-12-21 (20-08-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|)
Durchsuchte Objekte: 371515
Laufzeit: 2 Stunde(n), 47 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 3
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 11
Infizierte Registrierungswerte: 11
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 38

Infizierte Speicherprozesse:
c:\Users\*****\AppData\Local\Temp\Omx.exe (Rootkit.Agent) -> 1412 -> No action taken.
c:\Users\*****\AppData\Local\Temp\Om2.exe (Rootkit.Agent) -> 2644 -> No action taken.
c:\Windows\Onyhab.exe (Rootkit.Agent) -> 6012 -> No action taken.

Infizierte Speichermodule:
c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (Adware.WidgiToolbar) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Rootkit.Agent) -> Value: JP595IR86O -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (Adware.WidgiToolbar) -> Value: {F3FEE66E-E034-436A-86E4-9690573BEE8A} -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{E07C3A02-5DE0-949B-1612-45C6271678C4} (Trojan.Dropper) -> Value: {E07C3A02-5DE0-949B-1612-45C6271678C4} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Value: {B1B220C1-A503-59BD-F413-02B53A2C8954} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{B1B220C1-A503-59BD-F413-02B53A2C8954} (Trojan.ErtFor) -> Value: {B1B220C1-A503-59BD-F413-02B53A2C8954} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Value: WINID -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Value: idstrf -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Value: NoFolderOptions -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\RegistryMonitor2 (Malware.Trace) -> Value: RegistryMonitor2 -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\*****\AppData\Local\Temp\Omx.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Om2.exe (Rootkit.Agent) -> No action taken.
c:\program files\youtube downloader toolbar\IE\4.1\youtubedownloadertoolbarie.dll (Adware.WidgiToolbar) -> No action taken.
c:\Windows\Onyhab.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe (Trojan.Dropper) -> No action taken.
c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\niul.exe (Trojan.Dropper) -> No action taken.
c:\Users\administrator\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\uvsyyd.exe (Trojan.Dropper) -> No action taken.
c:\Users\*****\AppData\Local\mesnSqc.dll (Trojan.Hiloti) -> No action taken.
c:\Users\*****\AppData\Local\Temp\hywgxge.exe (Trojan.Dropper) -> No action taken.
c:\Users\*****\AppData\Local\Temp\ifdla.exe (Trojan.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\19792079 (Spyware.Passwords.XGen) -> No action taken.
c:\Users\*****\AppData\Local\Temp\okyqih.exe (Backdoor.Bot) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Om0.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Om1.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Omv.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Omw.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Omy.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\Omz.exe (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\sshnas21.dll (Rootkit.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\tmvspdwr.exe (Trojan.FakeAV.Gen) -> No action taken.
c:\Users\*****\AppData\Local\Temp\cw69l3b7x9i9o6.exe (Trojan.Ertfor) -> No action taken.
c:\Users\*****\AppData\Local\Temp\xt.exe (Adware.FlvTube) -> No action taken.
c:\Users\*****\AppData\Local\Temp\BA24.tmp (Trojan.Agent) -> No action taken.
c:\Users\*****\AppData\Local\Temp\nsmABA4.tmp\_tbp.exe (Trojan.Hiloti) -> No action taken.
c:\Users\*****\AppData\Local\Temp\vtorjfuji\kgomopaaffm.exe (Trojan.FakeAV.Gen) -> No action taken.
c:\Users\*****\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\xouv.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Onyhaa.exe (Rootkit.Agent) -> No action taken.
c:\Windows\system\dwm.exe (Backdoor.Bot) -> No action taken.
c:\Windows\System32\if86lp.dll (Trojan.Ertfor) -> No action taken.
c:\Windows\System32\sshnas21.dll (Rootkit.Agent) -> No action taken.
c:\Windows\Temp\E48D.tmp (Trojan.Agent) -> No action taken.
c:\Windows\Temp\xclw\setup.exe (Backdoor.Bot) -> No action taken.
c:\program files\common files\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> No action taken.
c:\program files\dealio toolbar\widgihelper.exe (Adware.WidgiToolbar) -> No action taken.
c:\program files\youtube downloader toolbar\widgihelper.exe (Adware.WidgiToolbar) -> No action taken.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> No action taken.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> No action taken.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> No action taken.

cosinus 21.12.2010 22:49
Zitat:
-> No action taken.
Wieso löscht du die Funde denn nicht :stirn:

bugbugbug 21.12.2010 23:55
Hab sie jetzt gelöscht

cosinus 22.12.2010 00:00
Dann brauch ich jetzt neue OTL-Logs.

bugbugbug 22.12.2010 21:41
OTL LOG EXTRAS:
OTL Logfile:
Code:
OTL logfile created on: 22.12.2010 21:36:05 - Run 4
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 24,57 Gb Free Space | 8,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TAMTAMPC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirUpgradeService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hwinterface) -- C:\Windows\System32\drivers\hwinterface.sys (Logix4u)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (SOFTWIN S.R.L.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Programme\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/| www.gametrailers.com/| www.ofdb.de/ | www.kino.to/| www.ebay.de/| www.mobile.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.19 00:17:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.10 22:23:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
 
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.12.22 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions
[2010.12.21 21:57:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.21 21:57:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.19 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.12.21 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\moveplayer@movenetworks.com
[2010.12.21 21:57:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\quickstores@quickstores.de
[2010.12.21 21:57:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\searchrecs@veoh.com
[2010.11.28 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\toolbar@ask.com
[2010.02.04 15:45:40 | 000,002,254 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\askcom.xml
[2009.07.19 12:46:14 | 000,002,399 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\daemon-search.xml
[2010.12.22 18:20:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.15 17:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 20:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.07.06 23:20:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.15 09:54:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.15 09:54:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.15 09:54:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.20 00:28:33 | 000,001,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\WebSearchober180451644.xml
[2010.07.15 09:54:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.15 09:54:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.21 20:27:05 | 000,000,313 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [{E07C3A02-5DE0-949B-1612-45C6271678C4}] C:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9rogj = C:\Users\*****\AppData\Local\Temp\8k95w6t.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell - "" = AutoRun
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.21 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\JBG ALBUM
[2010.12.21 16:14:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VIRUSLAN
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Pynyk
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Myoq
[2010.12.20 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\theHunter
[2010.12.20 18:48:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\*****\Desktop\HijackThis.exe
[2010.12.20 18:05:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.12.20 01:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter
[2010.12.20 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}
[2010.12.20 00:27:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\updates
[2010.12.20 00:27:50 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Windows
[2010.12.20 00:27:47 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Server
[2010.12.20 00:22:51 | 000,000,000 | ---D | C] -- C:\Programme\theHunter
[2010.12.14 21:47:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.14 21:47:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.14 21:47:57 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.14 21:47:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.14 21:47:55 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.14 21:47:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.14 21:47:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.14 21:47:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.14 21:47:51 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.14 21:47:46 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.14 21:47:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.14 21:47:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.14 21:47:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.14 21:47:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.14 21:47:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.06 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Two Worlds II
[2010.12.06 14:37:17 | 000,000,000 | ---D | C] -- C:\Programme\Reality Pump
[2010.12.06 03:27:51 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.12.06 03:27:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.12.06 03:27:51 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.06 03:27:51 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.12.06 03:27:51 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.12.06 03:27:51 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.12.06 03:27:51 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.12.06 03:27:51 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.12.06 03:27:51 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.27 14:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Zombie Driver
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 21:38:11 | 009,699,328 | -HS- | M] () -- C:\Users\*****\ntuser.dat
[2010.12.22 21:24:00 | 000,002,774 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2010.12.22 21:24:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2010.12.22 21:06:42 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.12.22 21:06:42 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.22 21:06:42 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.22 21:06:42 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.22 21:06:42 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.22 21:03:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 21:00:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 21:00:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 21:00:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 21:00:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.12.22 21:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 21:00:05 | 3487,789,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 17:51:26 | 256,961,193 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.21 20:38:18 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.21 20:38:10 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.21 20:36:52 | 000,099,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010.12.21 20:28:01 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.12.21 20:28:01 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.12.21 20:28:00 | 002,999,843 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.12.21 20:27:05 | 000,000,313 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.12.21 20:21:02 | 000,086,016 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 20:21:50 | 000,010,203 | ---- | M] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 19:59:59 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - *****.job
[2010.12.20 18:09:56 | 000,000,120 | ---- | M] () -- C:\Users\*****\AppData\Local\Wnovocareza.dat
[2010.12.20 01:45:53 | 000,010,326 | ---- | M] () -- C:\Users\*****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,000 | ---- | M] () -- C:\Users\*****\AppData\Local\Uwami.bin
[2010.12.18 23:57:29 | 000,079,457 | ---- | M] () -- C:\Users\*****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.15 03:22:17 | 000,327,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 21:32:16 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.12.11 00:21:23 | 000,013,218 | ---- | M] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2010.12.08 17:37:30 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.06 14:41:58 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.06 02:56:57 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.12.05 01:22:48 | 000,547,059 | ---- | M] () -- C:\Users\*****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.27 15:30:48 | 000,030,252 | ---- | M] () -- C:\Users\*****\MercedesCLC.jpg
[2010.11.27 14:04:09 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.11.27 14:04:09 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.11.23 02:01:30 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.22 17:51:26 | 256,961,193 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.20 20:06:08 | 000,010,203 | ---- | C] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | C] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 18:42:28 | 3487,789,056 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.20 01:45:50 | 000,010,326 | ---- | C] () -- C:\Users\*****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Local\Wnovocareza.dat
[2010.12.20 00:37:02 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\Uwami.bin
[2010.12.18 23:57:28 | 000,079,457 | ---- | C] () -- C:\Users\*****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.06 14:41:58 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.05 01:22:47 | 000,547,059 | ---- | C] () -- C:\Users\*****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.27 15:30:48 | 000,030,252 | ---- | C] () -- C:\Users\*****\MercedesCLC.jpg
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.06.24 21:37:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.12.19 02:55:05 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.12.16 00:55:14 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.15 16:20:45 | 000,022,584 | ---- | C] () -- C:\Windows\System32\PnkBstrK.sys
[2009.10.25 18:12:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.10.09 23:58:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.23 23:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 22:13:04 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.08.23 18:47:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[2009.08.23 18:47:51 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL
[2009.07.16 21:35:23 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009.07.16 21:35:19 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2009.07.16 21:35:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009.05.03 04:38:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.03.28 22:14:42 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
[2009.03.03 01:17:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.03 01:17:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.03 01:17:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.02.14 10:30:57 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.10.14 16:26:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.14 16:26:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.14 16:14:51 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.30 17:05:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.08.08 17:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2007.01.10 06:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
--- --- ---

bugbugbug 22.12.2010 21:41
OTL LOG NR 2:OTL Logfile:
Code:
OTL logfile created on: 22.12.2010 21:36:05 - Run 4
OTL by OldTimer - Version 3.2.4.1    Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 61,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 286,09 Gb Total Space | 24,57 Gb Free Space | 8,59% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: TAMTAMPC
Current User Name: *****
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Logitech\KhalShared\KHALMNPR.exe (Logitech Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
MOD - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirUpgradeService) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (VC9SecS) -- C:\Programme\Virtual CD v9\System\VC9SecS.exe (H+H Software GmbH)
SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (Crypkey License) -- C:\Windows\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SRS_SSCFilter) SRS Labs Audio Sandbox (WDM) -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (hwinterface) -- C:\Windows\System32\drivers\hwinterface.sys (Logix4u)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (nvrd32) -- C:\Windows\system32\drivers\nvrd32.sys (NVIDIA Corporation)
DRV - (nvstor32) -- C:\Windows\system32\drivers\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\system32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\Windows\System32\drivers\L8042Kbd.sys (Logitech Inc.)
DRV - (bdfsfltr) -- C:\Windows\System32\drivers\bdfsfltr.sys (SOFTWIN S.R.L.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (HH9Help.sys) -- C:\Windows\System32\drivers\HH9Help.sys (H+H Software GmbH)
DRV - (NetworkX) -- C:\Windows\system32\ckldrv.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {D3F669EB-57CE-4f45-8FBD-E245CBB46366} - C:\Programme\STOPzilla!\Toolbar\SZIESearchHook.dll (iS3 Inc.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.youtube.com/| www.gametrailers.com/| www.ofdb.de/ | www.kino.to/| www.ebay.de/| www.mobile.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.6.117
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.22
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: quickstores@quickstores.de:1.2.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: youtubedownloader@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.1
FF - prefs.js..extensions.enabledItems: {B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{780044d1-e8c0-488f-8059-4522ddbfc2ea}: C:\Program Files\Stopzilla!\Toolbar\Extension [2009.12.19 00:17:31 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.06.10 22:23:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.9\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.13 15:29:11 | 000,000,000 | ---D | M]
 
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2010.04.16 21:37:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2010.12.22 18:20:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions
[2010.12.21 21:57:09 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.21 21:57:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.19 13:40:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.12.21 21:57:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\DTToolbar@toolbarnet.com
[2009.07.17 00:51:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\moveplayer@movenetworks.com
[2010.12.21 21:57:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\quickstores@quickstores.de
[2010.12.21 21:57:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\searchrecs@veoh.com
[2010.11.28 23:05:57 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\yinj9w3i.default\extensions\toolbar@ask.com
[2010.02.04 15:45:40 | 000,002,254 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\askcom.xml
[2009.07.19 12:46:14 | 000,002,399 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\FireFox\Profiles\yinj9w3i.default\searchplugins\daemon-search.xml
[2010.12.22 18:20:57 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.15 17:09:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.11.11 20:56:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.07.06 23:20:46 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.15 09:54:23 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.15 09:54:23 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.15 09:54:23 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.12.20 00:28:33 | 000,001,456 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\WebSearchober180451644.xml
[2010.07.15 09:54:23 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.15 09:54:23 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.21 20:27:05 | 000,000,313 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.8minutedating.com
O1 - Hosts: 127.0.0.1 whysohardx.com
O1 - Hosts: 127.0.0.1 protectyourpc-11.com
O1 - Hosts: 127.0.0.1 checkserverstatux.com
O1 - Hosts: 127.0.0.1 xinmin.cn
O1 - Hosts: 127.0.0.1 xy95.cn
O1 - Hosts: 127.0.0.1 koralda.com
O1 - Hosts: 127.0.0.1 weirden.com
O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (STOPzilla) - {98828DED-A591-462F-83BA-D2F62A68B8B8} - C:\Programme\STOPzilla!\Toolbar\SZSG.dll (iS3, Inc)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [LifeChat] C:\Program Files\Microsoft LifeChat\LifeChat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [{E07C3A02-5DE0-949B-1612-45C6271678C4}] C:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9rogj = C:\Users\*****\AppData\Local\Temp\8k95w6t.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Programme\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: HP Smart Web Printing ein- oder ausblenden - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programme\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Programme\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell - "" = AutoRun
O33 - MountPoints2\{68787f94-7459-11de-a196-001fe23cecf3}\Shell\AutoRun\command - "" = I:\Autorun.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.21 16:43:38 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\JBG ALBUM
[2010.12.21 16:14:11 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\VIRUSLAN
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Pynyk
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Myoq
[2010.12.20 20:00:42 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\theHunter
[2010.12.20 18:48:14 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\*****\Desktop\HijackThis.exe
[2010.12.20 18:05:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.12.20 01:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Hunter
[2010.12.20 00:37:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{B8F64BDE-39E2-4195-A7DD-DFB180F57AA7}
[2010.12.20 00:27:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\updates
[2010.12.20 00:27:50 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Windows
[2010.12.20 00:27:47 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Server
[2010.12.20 00:22:51 | 000,000,000 | ---D | C] -- C:\Programme\theHunter
[2010.12.14 21:47:59 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.14 21:47:57 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.14 21:47:57 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.14 21:47:57 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.14 21:47:55 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.14 21:47:55 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.14 21:47:53 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.14 21:47:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.14 21:47:51 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.14 21:47:46 | 000,471,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.14 21:47:43 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.14 21:47:43 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.12.14 21:47:43 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.14 21:47:43 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.12.14 21:47:36 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.12.06 15:12:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Two Worlds II
[2010.12.06 14:37:17 | 000,000,000 | ---D | C] -- C:\Programme\Reality Pump
[2010.12.06 03:27:51 | 014,899,816 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.12.06 03:27:51 | 013,019,752 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.12.06 03:27:51 | 010,084,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.12.06 03:27:51 | 005,473,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2010.12.06 03:27:51 | 004,837,480 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.12.06 03:27:51 | 002,912,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.12.06 03:27:51 | 002,666,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.12.06 03:27:51 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.12.06 03:27:51 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.11.27 14:02:55 | 000,000,000 | ---D | C] -- C:\Programme\Zombie Driver
[2004.11.24 20:25:52 | 000,335,872 | ---- | C] ( ) -- C:\Windows\System32\drvc.dll
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.22 21:38:11 | 009,699,328 | -HS- | M] () -- C:\Users\*****\ntuser.dat
[2010.12.22 21:24:00 | 000,002,774 | ---- | M] () -- C:\Users\Public\Documents\DME-SETTINGS.xml
[2010.12.22 21:24:00 | 000,000,302 | ---- | M] () -- C:\Windows\tasks\DMEPeriodicTask.job
[2010.12.22 21:06:42 | 001,541,724 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.12.22 21:06:42 | 000,664,044 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.22 21:06:42 | 000,625,384 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.22 21:06:42 | 000,142,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.22 21:06:42 | 000,116,946 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.22 21:03:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.22 21:00:27 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.22 21:00:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 21:00:21 | 000,006,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.22 21:00:21 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.12.22 21:00:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.22 21:00:05 | 3487,789,056 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.22 17:51:26 | 256,961,193 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.12.21 20:38:18 | 000,137,176 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.12.21 20:38:10 | 000,268,952 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2010.12.21 20:36:52 | 000,099,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2010.12.21 20:28:01 | 000,524,288 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.12.21 20:28:01 | 000,065,536 | -HS- | M] () -- C:\Users\*****\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.12.21 20:28:00 | 002,999,843 | -H-- | M] () -- C:\Users\*****\AppData\Local\IconCache.db
[2010.12.21 20:27:05 | 000,000,313 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.12.21 20:21:02 | 000,086,016 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.20 20:21:50 | 000,010,203 | ---- | M] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | M] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 19:59:59 | 000,000,584 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Systemprüfung ausführen - *****.job
[2010.12.20 18:09:56 | 000,000,120 | ---- | M] () -- C:\Users\*****\AppData\Local\Wnovocareza.dat
[2010.12.20 01:45:53 | 000,010,326 | ---- | M] () -- C:\Users\*****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,000 | ---- | M] () -- C:\Users\*****\AppData\Local\Uwami.bin
[2010.12.18 23:57:29 | 000,079,457 | ---- | M] () -- C:\Users\*****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | M] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.15 03:22:17 | 000,327,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 21:32:16 | 000,001,974 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.12.11 00:21:23 | 000,013,218 | ---- | M] () -- C:\Users\*****\AppData\Roaming\wklnhst.dat
[2010.12.08 17:37:30 | 000,135,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.12.06 14:41:58 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.06 02:56:57 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.12.05 01:22:48 | 000,547,059 | ---- | M] () -- C:\Users\*****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.27 15:30:48 | 000,030,252 | ---- | M] () -- C:\Users\*****\MercedesCLC.jpg
[2010.11.27 14:04:09 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\System32\wrap_oal.dll
[2010.11.27 14:04:09 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\System32\OpenAL32.dll
[2010.11.23 02:01:30 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[8 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.22 17:51:26 | 256,961,193 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.12.20 20:06:08 | 000,010,203 | ---- | C] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.bin
[2010.12.20 20:00:36 | 000,000,042 | ---- | C] () -- C:\Users\*****\AppData\Roaming\TheHunterSettings_live.cfg
[2010.12.20 18:42:28 | 3487,789,056 | -HS- | C] () -- C:\hiberfil.sys
[2010.12.20 01:45:50 | 000,010,326 | ---- | C] () -- C:\Users\*****\Documents\cc_20101220_014546.reg
[2010.12.20 00:37:02 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Local\Wnovocareza.dat
[2010.12.20 00:37:02 | 000,000,000 | ---- | C] () -- C:\Users\*****\AppData\Local\Uwami.bin
[2010.12.18 23:57:28 | 000,079,457 | ---- | C] () -- C:\Users\*****\95249dcce6515949.jpg
[2010.12.15 21:23:39 | 000,000,922 | ---- | C] () -- C:\Users\Public\Desktop\YouTube Downloader.lnk
[2010.12.06 14:41:58 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Two Worlds II.lnk
[2010.12.05 01:22:47 | 000,547,059 | ---- | C] () -- C:\Users\*****\Documents\wallpaper_05_1920x1200_07-2010.jpg
[2010.11.27 15:30:48 | 000,030,252 | ---- | C] () -- C:\Users\*****\MercedesCLC.jpg
[2010.07.09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.06.24 21:37:30 | 000,268,912 | ---- | C] () -- C:\Windows\System32\drivers\SRS_SSCFilter_i386.sys
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.12.19 02:55:05 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.12.16 00:55:14 | 000,137,176 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.15 16:20:45 | 000,022,584 | ---- | C] () -- C:\Windows\System32\PnkBstrK.sys
[2009.10.25 18:12:06 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2009.10.09 23:58:04 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.09.23 23:53:49 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.09.17 22:13:04 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009.08.23 18:47:51 | 000,240,640 | ---- | C] () -- C:\Windows\System32\NMOCOD.DLL
[2009.08.23 18:47:51 | 000,035,328 | ---- | C] () -- C:\Windows\System32\INETWH32.DLL
[2009.07.16 21:35:23 | 000,000,071 | ---- | C] () -- C:\Windows\Crypkey.ini
[2009.07.16 21:35:19 | 000,031,846 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2009.07.16 21:35:19 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2009.05.03 04:38:07 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009.03.28 22:14:42 | 000,003,120 | ---- | C] () -- C:\Windows\System32\6ffdbcaf-f6c1-42d3-a4a9-c7957224a70b.dll
[2009.03.03 01:17:38 | 000,168,448 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.03.03 01:17:37 | 000,795,648 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.03.03 01:17:37 | 000,130,048 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.02.14 10:30:57 | 000,000,316 | ---- | C] () -- C:\Windows\game.ini
[2008.12.19 16:15:58 | 004,338,246 | ---- | C] () -- C:\Windows\System32\libavcodec.dll
[2008.12.17 18:41:18 | 000,884,237 | ---- | C] () -- C:\Windows\System32\ff_x264.dll
[2008.12.17 18:22:58 | 000,093,184 | ---- | C] () -- C:\Windows\System32\ff_wmv9.dll
[2008.12.17 18:22:48 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2008.12.17 18:17:34 | 000,239,247 | ---- | C] () -- C:\Windows\System32\ff_theora.dll
[2008.12.17 17:59:54 | 000,560,802 | ---- | C] () -- C:\Windows\System32\libmplayer.dll
[2008.12.11 12:27:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.10.14 16:26:47 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2008.10.14 16:26:41 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2008.10.14 16:14:51 | 000,721,904 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2008.09.30 17:05:16 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2007.08.08 17:54:10 | 000,028,968 | ---- | C] () -- C:\Windows\System32\drivers\ATITool.sys
[2007.01.10 06:44:26 | 001,457,024 | ---- | C] () -- C:\Windows\System32\SSCProt.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2004.10.03 18:50:54 | 000,129,024 | ---- | C] () -- C:\Windows\System32\ff_mpeg2enc.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 487 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
--- --- ---

cosinus 22.12.2010 21:49
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
:OTL
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [{E07C3A02-5DE0-949B-1612-45C6271678C4}] C:\Users\*****\AppData\Roaming\Myoq\ywyhp.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 9rogj = C:\Users\*****\AppData\Local\Temp\8k95w6t.exe File not found
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Pynyk
[2010.12.20 20:15:41 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Myoq
[2010.12.20 18:05:05 | 000,000,000 | -HSD | C] -- C:\found.001
[2010.12.20 00:27:52 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\updates
[2010.12.20 00:27:50 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Windows
[2010.12.20 00:27:47 | 000,000,000 | -H-D | C] -- C:\Users\*****\AppData\Local\Server
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

bugbugbug 22.12.2010 23:01
Ok hab ich gemacht:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{E07C3A02-5DE0-949B-1612-45C6271678C4} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E07C3A02-5DE0-949B-1612-45C6271678C4}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\9rogj deleted successfully.
C:\Users\hannes\AppData\Roaming\Pynyk folder moved successfully.
C:\Users\hannes\AppData\Roaming\Myoq folder moved successfully.
C:\found.001 folder moved successfully.
C:\Users\hannes\AppData\Roaming\updates folder moved successfully.
C:\Users\hannes\AppData\Local\Windows folder moved successfully.
C:\Users\hannes\AppData\Local\Server folder moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 13903317 bytes
->Temporary Internet Files folder emptied: 210319 bytes
->Java cache emptied: 12119233 bytes
->FireFox cache emptied: 18633729 bytes
->Flash cache emptied: 405 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hannes
->Temp folder emptied: 759527566 bytes
->Temporary Internet Files folder emptied: 43355833 bytes
->Java cache emptied: 71651052 bytes
->FireFox cache emptied: 101647112 bytes
->Flash cache emptied: 19793 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1224704 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4857095 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 981,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 12222010_225623

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 22.12.2010 23:12
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

bugbugbug 23.12.2010 18:30
wenn ich ComboFix ausführe bekomme ich einen blauer Bildschirm wo steht
a problem has been detected on your computer und mein computer macht neustart

cosinus 23.12.2010 20:55
Starte den PC neu und probier es nochmal.

bugbugbug 24.12.2010 13:15
Habe jetzt 5 mal versucht combofix zu starten und jedes mal stürtzt mein Computer ab und es kommt der Blaue Bildschirm der hat bestimmt auch ihrgendwas mit dem Virus zutun :wtf:

cosinus 25.12.2010 00:48
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

bugbugbug 25.12.2010 02:33
GMER SCAN:

GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2010-12-25 02:32:15
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000032 WDC_WD32 rev.01.0
Running: 2i7u4xjx.exe; Driver: C:\Users\hannes\AppData\Local\Temp\ugrcipow.sys


---- System - GMER 1.0.15 ----

INT 0x52 ? 874AFF00
INT 0x82 ? 85FE2BF8
INT 0x92 ? 85FE3BF8
INT 0xA2 ? 85FE3BF8
INT 0xB3 ? 874AFF00

---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\spqr.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 8B78341B 5 Bytes JMP 874AF4E0
.text abl8ojoj.SYS 90B03000 22 Bytes [82, 03, 62, 82, 6C, 02, 62, ...]
.text abl8ojoj.SYS 90B03017 181 Bytes [00, 32, 87, D9, 82, 3D, 85, ...]
.text abl8ojoj.SYS 90B030CE 10 Bytes [00, 00, 00, 00, 00, 00, 02, ...]
.text abl8ojoj.SYS 90B030DA 12 Bytes [00, 00, 02, 00, 00, 00, 24, ...]
.text abl8ojoj.SYS 90B030E7 714 Bytes [00, F0, 0E, 00, 00, 00, 00, ...]
.text ...
.text C:\Windows\system32\DRIVERS\atksgt.sys section is writeable [0xA2AC7300, 0x3B6D8, 0xE8000020]
.text C:\Windows\system32\DRIVERS\lirsgt.sys section is writeable [0xA2B0A300, 0x1BEE, 0xE8000020]
pnidata C:\Windows\System32\Drivers\secdrv.SYS unknown last section [0xA4A12F00, 0x24000, 0x48000000]

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtProtectVirtualMemory 776C4D34 5 Bytes JMP 009C000A
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!NtWriteVirtualMemory 776C5674 5 Bytes JMP 009D000A
.text C:\Windows\system32\svchost.exe[1124] ntdll.dll!KiUserExceptionDispatcher 776C5DC8 5 Bytes JMP 0097000A
.text C:\Windows\system32\svchost.exe[1124] ole32.dll!CoCreateInstance 76749F3E 5 Bytes JMP 00DB000A
.text C:\Windows\system32\svchost.exe[1124] USER32.dll!GetCursorPos 762D0B88 5 Bytes JMP 0095000A
.text C:\Windows\Explorer.EXE[3136] ntdll.dll!NtProtectVirtualMemory 776C4D34 5 Bytes JMP 008A000A
.text C:\Windows\Explorer.EXE[3136] ntdll.dll!NtWriteVirtualMemory 776C5674 5 Bytes JMP 0099000A
.text C:\Windows\Explorer.EXE[3136] ntdll.dll!KiUserExceptionDispatcher 776C5DC8 5 Bytes JMP 0086000A

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [82C8E6D6] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [82C8E042] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [82C8E800] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [82C8E0C0] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [82C8E13E] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [82C9DE9C] \SystemRoot\System32\Drivers\spqr.sys
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortNotification] CC358B04
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortUchar] 8390B28F
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortUlong] 458B38C6
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetPhysicalAddress] A5A5A514
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 100D8BA5
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetScatterGatherList] 5F90B260
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortUchar] 30810889
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortStallExecution] 54771129
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetParentBusType] 10C25D5E
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortRequestCallback] [8B55CC00] \SystemRoot\system32\drivers\NETIO.SYS (Network I/O Subsystem/Microsoft Corporation)
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 084D8BEC
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 0CF0918B
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortCompleteRequest] 458B0000
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortMoveMemory] 8B108910
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 000CF491
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 04508900
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 053C7980
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortUshort] 560C558B
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortReadPortBufferUshort] C6127557
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortInitialize] B18D0502
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortGetDeviceBase] 00000CF8
IAT \SystemRoot\System32\Drivers\abl8ojoj.SYS[ataport.SYS!AtaPortDeviceStateChange] A508788D

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [743F7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [7444A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [743FBB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [743EF695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [743F75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [743EE7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74428395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [743FDA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [743EFFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [743EFF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [743E71CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7447CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [7441C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [743ED968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [743E6853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [743E687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3136] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [743F2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85FE91F8
Device \Driver\sptd \Device\2320267322 spqr.sys
Device \Driver\volmgr \Device\VolMgrControl 85FE51F8
Device \Driver\usbohci \Device\USBPDO-0 87527500
Device \Driver\usbehci \Device\USBPDO-1 87497500
Device \Driver\volmgr \Device\HarddiskVolume1 85FE51F8
Device \Driver\volmgr \Device\HarddiskVolume2 85FE51F8
Device \Driver\cdrom \Device\CdRom0 876201F8
Device \Driver\nvstor32 \Device\00000059 85FE81F8
Device \Driver\USBSTOR \Device\00000065 8876E1F8
Device \Driver\volmgr \Device\HarddiskVolume3 85FE51F8
Device \Driver\cdrom \Device\CdRom1 876201F8
Device \Driver\atapi \Device\Ide\IdePort0 85FE71F8
Device \Driver\atapi \Device\Ide\IdePort1 85FE71F8
Device \Driver\volmgr \Device\HarddiskVolume4 85FE51F8
Device \Driver\netbt \Device\NetBT_Tcpip_{D59A61CF-2D8B-4DE7-B383-8AD9D9114525} 886621F8
Device \Driver\volmgr \Device\HarddiskVolume5 85FE51F8
Device \Driver\USBSTOR \Device\00000068 8876E1F8
Device \Driver\volmgr \Device\HarddiskVolume6 85FE51F8
Device \Driver\USBSTOR \Device\00000069 8876E1F8
Device \Driver\volmgr \Device\HarddiskVolume7 85FE51F8
Device \Driver\netbt \Device\NetBt_Wins_Export 886621F8
Device \Driver\PCI_PNP1316 \Device\0000004b spqr.sys
Device \Driver\Smb \Device\NetbiosSmb 880471F8
Device \Driver\nvstor32 \Device\RaidPort0 85FE81F8
Device \Driver\iScsiPrt \Device\RaidPort1 874B11F8
Device \Driver\USBSTOR \Device\0000006a 8876E1F8
Device \Driver\USBSTOR \Device\0000006b 8876E1F8
Device \Driver\USBSTOR \Device\0000006c 8876E1F8
Device \Driver\usbohci \Device\USBFDO-0 87527500
Device \Driver\USBSTOR \Device\0000006d 8876E1F8
Device \Driver\usbehci \Device\USBFDO-1 87497500
Device \Driver\abl8ojoj \Device\Scsi\abl8ojoj1Port4Path0Target0Lun0 876231F8
Device \Driver\abl8ojoj \Device\Scsi\abl8ojoj1 876231F8
Device \FileSystem\cdfs \Cdfs 88E6F1F8
Device \Device\00000058 -> \??\SCSI#Disk&Ven_WDC_WD32&Prod_00AAJS-22B4A#4&119ff274&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xC2 0x8D 0x38 0xE0 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xA9 0xFE 0x9B 0xCF ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x0F 0x81 0x67 0x55 ...
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools Lite\

bugbugbug 25.12.2010 02:38
Hier Der OSAM Scan :

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 02:37:27 on 25.12.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.13

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Norton Internet Security - Systemprüfung ausführen - *****.job" - ? - C:\Program Files\Norton Internet Security\Norton AntiVirus\Navw32.exe  (File not found)
"DMEPeriodicTask.job" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\warrantyextension\HPPromo.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"abl8ojoj" (abl8ojoj) - "Microsoft Corporation" - C:\Windows\system32\drivers\abl8ojoj.sys  (Hidden registry entry, rootkit activity | File signed by Microsoft)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"bdfsfltr" (bdfsfltr) - "SOFTWIN S.R.L." - C:\Windows\System32\DRIVERS\bdfsfltr.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"hwinterface" (hwinterface) - "Logix4u" - C:\Windows\System32\Drivers\hwinterface.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MEMSWEEP2" (MEMSWEEP2) - ? - C:\Windows\system32\1E89.tmp  (File not found)
"NetworkX" (NetworkX) - ? - C:\Windows\system32\ckldrv.sys  (File found, but it contains no detailed information)
"PnkBstrK" (PnkBstrK) - ? - C:\Windows\system32\drivers\PnkBstrK.sys  (File found, but it contains no detailed information)
"SASDIFSV" (SASDIFSV) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
"SASKUTIL" (SASKUTIL) - "SUPERAdBlocker.com and SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
"Security Driver" (secdrv) - "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." - C:\Windows\system32\drivers\secdrv.sys
"sptd" (sptd) - "Duplex Secure Ltd." - C:\Windows\System32\Drivers\sptd.sys  (File is exclusively opened, access blocked)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"ugrcipow" (ugrcipow) - ? - C:\Users\*****\AppData\Local\Temp\ugrcipow.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} "linkscanner" - ? -  (File not found | COM-object registry key not found)
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "SABShellExecuteHook Class" - "SuperAdBlocker.com" - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\Display\nvui.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} "UnlockerShellExtension" - ? - C:\Program Files\Unlocker\UnlockerCOM.dll  (File found, but it contains no detailed information)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
<binary data> "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "{00000000-6E41-4FD3-8538-502F5495E5FC}" - ? -  (File not found | COM-object registry key not found)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} "DivXBrowserPlugin Object" - "DivX,Inc." - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll / hxxp://download.divx.com/player/DivXBrowserPlugin.cab
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.6.0_07" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_22" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_22.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
{1E54D648-B804-468d-BC78-4AFFED8E262E} "System Requirements Lab Class" - "Husdawg, LLC" - C:\Windows\Downloaded Program Files\sysreqlab_srl.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
{17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\system32\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
"PokerStars" - "PokerStars" - C:\Program Files\PokerStars\PokerStarsUpdate.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} "AVG Security Toolbar" - ? -  (File not found | COM-object registry key not found)
<binary data> "DAEMON Tools Toolbar" - ? - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "STOPzilla" - "iS3, Inc" - C:\Program Files\Stopzilla!\Toolbar\SZSG.dll
SITEguard "{98828DED-A591-462F-83BA-D2F62A68B8B8}" - ? -  (File not found | COM-object registry key not found)
<binary data> "{D4027C7F-154A-4066-A1AD-4243D8127440}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

[Logon]
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)
"Logitech Desktop Messenger.lnk" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe  (Shortcut exists | File exists)
"Logitech SetPoint.lnk" - "Logitech Inc." - C:\Program Files\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
-----( %SystemDrive%\_OTL\MovedFiles\12222010_225623\C_Users\*****\AppData\Local\Windows )-----
"desktop.ini" - ? - C:\_OTL\MovedFiles\12222010_225623\C_Users\*****\AppData\Local\Windows\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"msnmsgr" - "Microsoft Corporation" - "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
"hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe
"LifeChat" - "Microsoft Corporation" - "C:\Program Files\Microsoft LifeChat\LifeChat.exe"
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"avm:" - "AVM Berlin GmbH" - C:\Windows\system32\avmprmon.dll
"hpf3l70w.dll" - "Hewlett-Packard Company" - C:\Windows\system32\hpf3l70w.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Avira Upgrade Service" (AntiVirUpgradeService) - ? - "C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\avupgsvc.exe" /TEMPSTART:""C:\Users\*****\AppData\Local\Temp\AVSETUP_4b2a73af\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE"  (File not found)
"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
"Easybits Shared Services for Windows" (ezSharedSvc) - "EasyBits Sofware AS" - C:\Windows\System32\ezsvc7.dll
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"PnkBstrB" (PnkBstrB) - ? - C:\Windows\system32\PnkBstrB.exe  (File found, but it contains no detailed information)
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"Steam Client Service" (Steam Client Service) - "Valve Corporation" - C:\Program Files\Common Files\Steam\SteamService.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"!SASWinLogon" - "SUPERAntiSpyware.com" - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

bugbugbug 25.12.2010 02:41
Und der MBRCHECK:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Packard Bell BV
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: PACKARD BELL BV
System Product Name: IMEDIA X1009
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 157):
0x8264C000 \SystemRoot\system32\ntkrnlpa.exe
0x82619000 \SystemRoot\system32\hal.dll
0x874DC000 \SystemRoot\system32\kdcom.dll
0x80604000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80674000 \SystemRoot\system32\PSHED.dll
0x80685000 \SystemRoot\system32\BOOTVID.dll
0x8068D000 \SystemRoot\system32\CLFS.SYS
0x806CE000 \SystemRoot\system32\CI.dll
0x82C03000 \SystemRoot\system32\drivers\Wdf01000.sys
0x82C7F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x82C8C000 \SystemRoot\System32\Drivers\spqr.sys
0x82D8D000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x82D96000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x82DBC000 \SystemRoot\system32\drivers\pci.sys
0x807AE000 \SystemRoot\system32\drivers\acpi.sys
0x82DE3000 \SystemRoot\system32\drivers\msisadrv.sys
0x82DEB000 \SystemRoot\System32\drivers\partmgr.sys
0x82E0D000 \SystemRoot\system32\drivers\volmgr.sys
0x82E1C000 \SystemRoot\System32\drivers\volmgrx.sys
0x82E66000 \SystemRoot\system32\drivers\pciide.sys
0x82E6D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82E7B000 \SystemRoot\System32\drivers\mountmgr.sys
0x82E8B000 \SystemRoot\system32\drivers\atapi.sys
0x82E93000 \SystemRoot\system32\drivers\ataport.SYS
0x82EB1000 \SystemRoot\system32\drivers\nvstor32.sys
0x82ECF000 \SystemRoot\system32\drivers\storport.sys
0x82F10000 \SystemRoot\system32\drivers\fltmgr.sys
0x82F42000 \SystemRoot\system32\drivers\fileinfo.sys
0x82F52000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8B403000 \SystemRoot\system32\drivers\ndis.sys
0x8B50E000 \SystemRoot\system32\drivers\msrpc.sys
0x8B539000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B603000 \SystemRoot\System32\drivers\tcpip.sys
0x8B6ED000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B805000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8B915000 \SystemRoot\system32\drivers\volsnap.sys
0x8B94E000 \SystemRoot\System32\Drivers\spldr.sys
0x8B956000 \SystemRoot\System32\Drivers\mup.sys
0x8B965000 \SystemRoot\System32\drivers\ecache.sys
0x8B98C000 \SystemRoot\system32\drivers\disk.sys
0x8B99D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8B9BE000 \SystemRoot\system32\drivers\crcdisk.sys
0x8B708000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8B713000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8B71C000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8B72B000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B9FC000 \SystemRoot\system32\DRIVERS\L8042Kbd.sys
0x8B73E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B749000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8B753000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8B791000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8FC0F000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8FC9C000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8FCAC000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8FE04000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x907A1000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x8FCBA000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x907A3000 \SystemRoot\System32\drivers\watchdog.sys
0x907AF000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x90A05000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x90B02000 \SystemRoot\System32\Drivers\abl8ojoj.SYS
0x90B3A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x90B43000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x90B72000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90B7D000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x90B94000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x90B9F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x90BC2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x90BD1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90BE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x907C7000 \SystemRoot\system32\DRIVERS\termdd.sys
0x907D7000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x90BFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8FD59000 \SystemRoot\system32\DRIVERS\ks.sys
0x907E2000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x907EC000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8FD83000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8FDB8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x90E0C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x91012000 \SystemRoot\system32\drivers\portcls.sys
0x9103F000 \SystemRoot\system32\drivers\drmk.sys
0x91064000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9106D000 \SystemRoot\System32\Drivers\Null.SYS
0x91074000 \SystemRoot\System32\Drivers\Beep.SYS
0x91084000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9108B000 \SystemRoot\System32\drivers\vga.sys
0x91097000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x910B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x910C0000 \SystemRoot\system32\drivers\rdpencdd.sys
0x910C8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x910D3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x910E1000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x910EA000 \SystemRoot\system32\DRIVERS\tdx.sys
0x91100000 \SystemRoot\system32\DRIVERS\smb.sys
0x91114000 \SystemRoot\System32\DRIVERS\netbt.sys
0x91146000 \SystemRoot\system32\drivers\afd.sys
0x9118E000 \SystemRoot\system32\DRIVERS\pacer.sys
0x911A4000 \SystemRoot\system32\DRIVERS\netbios.sys
0x911B2000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x911C5000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x911CB000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x911ED000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8B7A0000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x911F3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90E00000 \SystemRoot\system32\ckldrv.sys
0x90E05000 \SystemRoot\System32\Drivers\hwinterface.sys
0x8FDC9000 \SystemRoot\System32\Drivers\dfsc.sys
0x8B574000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8FDE0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x90E06000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8FC00000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x8B7DC000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x8B7E6000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x8B59A000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x8B5BF000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x9107B000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x911FD000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8B9C7000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8B9D4000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0x8B9DE000 \SystemRoot\System32\Drivers\dump_nvstor32.sys
0x8FDF7000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8B5D4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x907F9000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x8B7F3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8B5E4000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x8B5EC000 \SystemRoot\system32\drivers\usbaudio.sys
0x9A280000 \SystemRoot\System32\win32k.sys
0x82FC3000 \SystemRoot\System32\drivers\Dxapi.sys
0x82FCD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x9A4A0000 \SystemRoot\System32\TSDDD.dll
0x9A4C0000 \SystemRoot\System32\cdd.dll
0x82FDC000 \SystemRoot\system32\drivers\luafv.sys
0x80C07000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x80C1C000 \SystemRoot\system32\drivers\spsys.sys
0x80CCC000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x80CDC000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x80CEF000 \SystemRoot\system32\drivers\HTTP.sys
0x80D5C000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x80D65000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x80D82000 \SystemRoot\system32\DRIVERS\bowser.sys
0x80D9B000 \SystemRoot\System32\drivers\mpsdrv.sys
0x80DB0000 \SystemRoot\system32\drivers\mrxdav.sys
0x80DD1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA2A00000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA2A39000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA2A51000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA2A79000 \SystemRoot\System32\DRIVERS\srv.sys
0xA2AC7000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xA2B0A000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA2B0F000 \SystemRoot\system32\drivers\peauth.sys
0xA4A0F000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA4A37000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA4A43000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0xA4A58000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0xA4A6A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0xA4A80000 \??\C:\Users\****\AppData\Local\Temp\ugrcipow.sys
0x77660000 \Windows\System32\ntdll.dll

Processes (total 74):
0 System Idle Process
4 System
428 C:\Windows\System32\smss.exe
496 csrss.exe
556 C:\Windows\System32\wininit.exe
564 csrss.exe
600 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
636 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
832 C:\Windows\System32\svchost.exe
912 C:\Windows\System32\nvvsvc.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1064 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1124 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\audiodg.exe
1324 C:\Windows\System32\SLsvc.exe
1404 C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
1416 C:\Windows\System32\nvvsvc.exe
1448 C:\Windows\System32\svchost.exe
1616 C:\Windows\System32\svchost.exe
1848 C:\Windows\System32\spoolsv.exe
1900 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1924 C:\Windows\System32\svchost.exe
476 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
684 C:\Program Files\Application Updater\ApplicationUpdater.exe
928 C:\Windows\System32\svchost.exe
1728 C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
1864 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1908 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
2064 C:\Windows\System32\svchost.exe
2160 C:\Windows\System32\IoctlSvc.exe
2208 C:\Windows\System32\svchost.exe
2260 C:\Windows\System32\PnkBstrA.exe
2284 C:\Windows\System32\PnkBstrB.exe
2296 C:\Windows\System32\svchost.exe
2308 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
2352 C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
2380 C:\Windows\System32\svchost.exe
2428 C:\Windows\System32\svchost.exe
2480 C:\Windows\System32\SearchIndexer.exe
2624 C:\Windows\System32\taskeng.exe
2696 WUDFHost.exe
3072 C:\Windows\System32\dwm.exe
3112 C:\Windows\System32\taskeng.exe
3136 C:\Windows\explorer.exe
3692 C:\Windows\RtHDVCpl.exe
3700 C:\Program Files\Microsoft LifeChat\LifeChat.exe
3716 C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
3748 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3792 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
3872 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2728 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2756 C:\Program Files\FRITZ!DSL\StCenter.exe
2784 C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
2792 C:\Program Files\Logitech\SetPoint\SetPoint.exe
2272 C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
4640 C:\Program Files\Mozilla Firefox\firefox.exe
1504 C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
472 C:\Program Files\Mozilla Firefox\plugin-container.exe
4452 C:\Windows\System32\SearchProtocolHost.exe
4808 C:\Windows\System32\SearchFilterHost.exe
604 C:\Windows\explorer.exe
2220 C:\Windows\explorer.exe
5856 C:\Windows\explorer.exe
5028 C:\Windows\explorer.exe
3856 C:\Windows\explorer.exe
4664 C:\Windows\System32\dllhost.exe
4148 dllhost.exe
3596 dllhost.exe
4180 C:\Users\****\Desktop\MBRCheck.exe
5988 C:\Windows\System32\conime.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`003ebe00 (NTFS)

PhysicalDrive0 Model Number: WDC WD3200AAJS-22B4A, Rev: 01.0

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 25.12.2010 17:16
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:38 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55