MS removal Tool vollständig entfernen

M-K-D-B · 29.06.2011, 20:22

Hallo Deathkid,

Schritt # 1: GMER Rootkitscan
Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan den Rechner neu starten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt # 2: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Wie läuft dein Rechner derzeit?
Gibt es irgendwelche Probleme? Wenn ja, beschreibe diese bitte so gut es geht.

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile von GMER,
die beiden Logfiles von OTL (OTL.txt und Extras.txt) und
die Beantwortung der gestellten Fragen.

Deathkid535 · 30.06.2011, 11:14

Hallo M-K-D-B,
Und hier wieder einige Leseübungen

Das Logfile von GMER:

Code:

ATTFilter

GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-30 11:59:08
Windows 6.1.7600  Harddisk0\DR0 -> \Device\00000058 ST925031 rev.0010
Running: drv0czgm.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwdirpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                     82C46569 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C6B092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x8DC21000, 0x2CB104, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[3144] kernel32.dll!SetUnhandledExceptionFilter                76463162 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                   halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x49 0x5E 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x2C 0x57 0xED 0x1D ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xEC 0x14 0x3A 0x79 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xCE 0x5D 0x98 0x04 ...
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                      
Reg             HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x6D 0x3B 0x58 0x6E ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files\DAEMON Tools Pro\
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x49 0x5E 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x2C 0x57 0xED 0x1D ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xEC 0x14 0x3A 0x79 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xCE 0x5D 0x98 0x04 ...
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)  
Reg             HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x6D 0x3B 0x58 0x6E ...

---- EOF - GMER 1.0.15 ----

Das OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 30.06.2011 12:04:20 - Run 4
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,49% Memory free
6,98 Gb Paging File | 5,43 Gb Available in Paging File | 77,71% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 47,83 Gb Free Space | 31,12% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 6,18 Gb Free Space | 7,93% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Administrator\AppData\Local\Apps\2.0\W55HJDXV.742\KR5R0CNL.RO1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe (Curse)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PEVSystemStart) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Programme\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pwdirpog) -- C:\pwdirpog.sys (GMER)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SRS_AudioFusion_Service) -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CFA) -- C:\Windows\System32\drivers\SaiK0CFA.sys (Saitek)
DRV - (SaiU0CFA) -- C:\Windows\System32\drivers\SaiU0CFA.sys (Saitek)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SaiK0728) -- C:\Windows\System32\drivers\SaiK0728.sys (Saitek)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 5B 60 61 79 69 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.28 20:56:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.28 20:55:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.28 20:56:19 | 000,000,000 | ---D | M]
 
[2010.10.14 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011.06.27 19:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions
[2011.05.22 20:40:15 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.06.23 13:09:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.07 08:23:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\battlefieldplay4free@ea.com
[2010.12.16 13:56:14 | 000,000,931 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\conduit.xml
[2010.10.14 20:01:12 | 000,010,017 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\mywebsearch.xml
[2011.05.20 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
File not found (No name found) -- 
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2011.04.28 20:56:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 18:13:26 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.27 21:45:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.30 09:05:29 | 000,100,736 | ---- | C] (GMER) -- C:\pwdirpog.sys
[2011.06.29 12:25:32 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 12:25:31 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 12:25:30 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 12:25:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 12:25:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 12:25:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.28 21:16:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.06.28 21:15:18 | 004,128,671 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.06.28 16:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.28 16:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.28 16:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.28 15:05:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.28 15:01:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2011.06.28 15:00:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.27 21:06:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.27 20:55:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.06.27 20:55:07 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2011.06.27 19:18:41 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RealUI 0612
[2011.06.27 12:09:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.26 22:50:35 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.06.26 21:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\bL28601DaMcK28601
[2011.06.24 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.06.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RIFT
[2011.06.22 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011.06.22 19:34:45 | 000,000,000 | ---D | C] -- C:\Programme\RIFT Game
[2011.06.22 07:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.20 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\LeilaUI 3.13
[2011.06.18 09:43:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.17 14:37:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.17 14:37:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.17 14:37:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.17 14:37:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.17 14:37:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.17 14:37:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.17 14:37:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.17 14:37:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.17 14:37:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.17 14:37:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.17 14:37:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2011.06.11 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.06.11 22:46:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 22:46:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 22:46:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:36 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011.06.10 21:15:36 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2011.06.10 21:15:36 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011.06.10 21:15:36 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011.06.10 21:15:36 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SYSINFO.OCX
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Programme\chessimo
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\8 x 8 Media AG
[2011.06.10 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011.06.07 13:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.06.07 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.30 11:19:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.30 11:16:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.06.30 11:09:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000UA.job
[2011.06.30 09:05:29 | 000,100,736 | ---- | M] (GMER) -- C:\pwdirpog.sys
[2011.06.30 09:03:59 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.30 08:30:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.29 21:58:15 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.29 21:58:15 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.29 21:50:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.29 21:50:08 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2011.06.29 21:49:26 | 1406,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.29 21:29:22 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.06.29 20:09:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000Core.job
[2011.06.29 17:08:02 | 000,449,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.28 21:14:38 | 004,128,671 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.06.28 08:02:33 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 21:45:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.06.27 20:55:08 | 000,001,222 | ---- | M] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 19:19:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:13:38 | 000,027,484 | ---- | M] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:26 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:09:21 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.27 12:05:08 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:12:02 | 001,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 10:05:41 | 000,518,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Unbenannt.PNG
[2011.06.24 10:38:56 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.20 19:12:48 | 000,095,049 | ---- | M] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.20 14:12:59 | 000,949,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.20 14:12:59 | 000,704,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.20 14:12:59 | 000,222,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.20 14:12:59 | 000,189,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.11 18:58:04 | 000,004,107 | ---- | M] () -- C:\Windows\wininit.ini
[2011.06.11 14:11:05 | 000,001,246 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.06.11 10:49:21 | 000,166,400 | RHS- | M] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog2.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.10 19:08:58 | 000,000,129 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat
[2011.06.10 19:07:59 | 000,000,034 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences.dat
[2011.06.07 13:06:07 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
 
========== Files Created - No Company Name ==========
 
[2011.06.30 09:03:58 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.28 16:12:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.28 16:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.28 16:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.28 16:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.28 16:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.27 22:34:59 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 20:55:08 | 000,001,222 | ---- | C] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 13:13:38 | 000,027,484 | ---- | C] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:18 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:04:42 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:02 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:11:45 | 001,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 09:56:45 | 000,095,049 | ---- | C] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.24 10:38:56 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track05.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track04.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track03.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track02.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track01.cda
[2011.06.11 14:33:23 | 000,004,107 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.11 10:49:21 | 000,166,400 | RHS- | C] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.10 21:16:36 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog2.dll
[2011.06.10 21:16:28 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.07 13:06:07 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.06.07 12:56:17 | 000,001,246 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.05.31 15:51:36 | 013,322,449 | ---- | C] () -- C:\Users\Administrator\Desktop\wowszene.de_Hoerspiel-Pinkcraft_01.mp3
[2011.05.07 12:12:25 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.07 12:12:24 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011.05.07 12:11:54 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.05.07 12:11:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.13 20:14:06 | 000,390,944 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys
[2010.12.01 10:06:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 20:58:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.14 20:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.01 20:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.01 20:10:06 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010.07.01 20:02:18 | 000,006,088 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.10.22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.07.14 10:47:43 | 000,949,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,222,136 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,449,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,704,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,189,032 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.09 10:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

Das OTL Extralogfile:

Code:

ATTFilter

OTL Extras logfile created on: 30.06.2011 12:04:20 - Run 4
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,49% Memory free
6,98 Gb Paging File | 5,43 Gb Available in Paging File | 77,71% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 47,83 Gb Free Space | 31,12% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 6,18 Gb Free Space | 7,93% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ACD183-EAEC-82C8-F71E-8FF0B6143D7B}" = CCC Help Portuguese
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{063BBC11-7F75-3BBA-02AA-A1B5FC0E17AC}" = CCC Help Polish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11C39430-2BC0-4C47-4541-B6C8150D4A65}" = Catalyst Control Center InstallProxy
"{1375616C-B818-9FC7-0BE3-AE9AC45F1188}" = CCC Help Chinese Standard
"{14AEA387-7A94-575A-4328-07BE82BD7F32}" = ATI Catalyst Install Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3253AC2A-EC76-DC6C-6ED1-EBA5E67A79A1}" = ccc-utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36B38C30-94C1-2B9C-B973-59B2FB37CCB0}" = CCC Help Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3931705A-D653-44A8-9BB5-759B7965BE99}_is1" = YABOT Build Order Editor version 1.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1FB742-A73A-2403-639F-C8CD64A70449}" = CCC Help Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{417CE154-54E7-3655-0C24-34FBFCA5163C}" = CCC Help Finnish
"{420F882E-36E5-9C3B-BF07-B0C1911F4739}" = CCC Help Italian
"{460495AF-988E-CDD4-591D-7E75AC1CAF4A}" = Catalyst Control Center Core Implementation
"{46E8BDC8-F7BD-3F44-8DA1-9B26DAB62205}" = CCC Help Swedish
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4E0BEC25-51C6-30AE-348D-AA208ABA3400}" = CCC Help Japanese
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6128B845-A2F4-283F-92B8-C02B393373A4}" = CCC Help Hungarian
"{613B9AA5-33A3-B2BB-D87D-BF7B1C02315E}" = Catalyst Control Center Localization All
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65C743AF-D881-B71D-A753-A95C5219E78B}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{836180C6-4998-B1EE-782A-EF196850A98F}" = CCC Help Turkish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84738B59-F709-5737-524D-CAC71D74C23F}" = CCC Help English
"{848249FC-EA31-81CC-914B-7401C37B03CE}" = CCC Help Russian
"{8518ECC0-0DE4-4475-D0C1-C8114A8F0C0B}" = CCC Help French
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA1963A-5234-BECC-B5E7-7469ABBC6514}" = Catalyst Control Center Graphics Light
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D540B8F-1325-CF57-0C84-B59B03B153FB}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93ABEBEB-EEE0-4AB9-A925-2F2EC791A4CE}" = Smart Technology Programming Software 7.0.2.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96CC86A2-997F-46BF-9ADF-3857DB648765}" = chessimo 3.42
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3D7DCF8-A79C-882D-1B6F-2A5106053F9B}" = CCC Help Danish
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B569783D-389B-BA36-6A8E-1457C12E77F1}" = CCC Help Thai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BDAFF03F-3E7D-427B-A658-3807C4C58B0C}" = Goldfinger 8
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C9A3120D-C729-875A-AD54-C3AE3F9C826B}" = CCC Help Korean
"{CA050D8C-770A-41A7-B966-0056456EA27E}" = Razer StarCraft II
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF051DB4-9E13-0A5B-314D-B0AC3B3BF9D9}" = CCC Help German
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8EDD457-B59B-FFC6-7E6B-749734E71D03}" = Catalyst Control Center Graphics Previews Common
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28FD821-1863-4BC0-8B8C-959EEE805FDE}" = SRS AudioFusion
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAADF6C-CB48-DE4C-C934-1A9C11F1D7AE}" = ccc-core-static
"{EF1D891C-1616-C383-AD0B-6C8B0A8F8CC9}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F231A12D-5C87-6201-DF65-25106365399D}" = Catalyst Control Center Graphics Full New
"{F25E99CD-A296-85C2-BF1A-9E6BCDE8FA4A}" = CCC Help Greek
"{F3DCF8E5-F5BA-492B-8113-7FAAED125BE0}" = capella 1200
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCB7CDF-534B-3297-8B3E-2E7587A4AE1A}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"CABAL Online: Episode IV_is1" = Cabal Online Europe - Episode IV
"Camtasia Studio 3" = Camtasia Studio 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube Download_is1" = Free YouTube Download 2.6
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"Game Maker 8.0" = Game Maker 8.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Notepad++" = Notepad++
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"RocketDock_is1" = RocketDock 1.3.5
"SC2 Replay Catcher_is1" = SC2 Replay Catcher version 0.1.0.3a
"Smart Defrag_is1" = Smart Defrag
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StarCraft II" = StarCraft II
"Stardock MyColors" = Stardock MyColors
"SW-Tukupdater_is1" = SW-TukUpdater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Uninstall_is1" = Uninstall 1.0.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"ccb6737a8af9d4ff" = Lenovo Driver Download Manager
"UnityWebPlayer" = Unity Web Player
"WinPump" = WinPump
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2011 02:14:03 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.06.2011 07:10:46 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pev.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d334d98  Name des fehlerhaften Moduls: ADVAPI32.dll_unloaded, Version: 0.0.0.0,
 Zeitstempel: 0x4a5bd97e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7785b663  ID des fehlerhaften
 Prozesses: 0x10ec  Startzeit der fehlerhaften Anwendung: 0x01cc34badcb26d09  Pfad der
 fehlerhaften Anwendung: C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX4\pev.exe  Pfad
 des fehlerhaften Moduls: ADVAPI32.dll  Berichtskennung: 1a9c5f98-a0ae-11e0-b70a-705ab65c33b2
 
Error - 27.06.2011 15:11:42 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.24.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e98    Startzeit: 
01cc34fd433820d1    Endzeit: 15    Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID:
 4791b746-a0f1-11e0-b9c2-705ab65c33b2  
 
Error - 27.06.2011 15:17:00 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.24.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d74    Startzeit: 
01cc34feaf5feadb    Endzeit: 0    Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID:
 05a386d6-a0f2-11e0-b7a3-705ab65c33b2  
 
Error - 29.06.2011 02:53:30 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 29.06.2011 02:56:44 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.06.2011 03:02:24 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.06.2011 04:22:35 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 30.06.2011 04:25:11 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.06.2011 04:30:19 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 28.03.2011 07:25:42 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:41 - Fehler beim Herstellen der Internetverbindung.  13:25:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.03.2011 07:25:55 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:49 - Fehler beim Herstellen der Internetverbindung.  13:25:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 04:34:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:34:44 - Fehler beim Herstellen der Internetverbindung.  10:34:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 04:35:36 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:35:14 - Fehler beim Herstellen der Internetverbindung.  10:35:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 06:37:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:37:45 - Fehler beim Herstellen der Internetverbindung.  12:37:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 06:38:25 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:38:14 - Fehler beim Herstellen der Internetverbindung.  12:38:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.04.2011 03:57:10 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 09:54:53 - Directory konnte nicht abgerufen werden (Fehler: Die Anfrage
 wurde abgebrochen: Die Anfrage wurde abgebrochen..)  
 
Error - 24.04.2011 04:16:26 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 - MCESpotlight konnte nicht abgerufen werden (Fehler: Invalid
 security token.)  
 
[ OSession Events ]
Error - 28.09.2010 15:26:09 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3436
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 15:37:15 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1278
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 25.11.2010 16:24:56 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10330
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2010 16:19:25 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8119
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.06.2011 11:07:00 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 11:07:09 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 11:07:09 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 11:07:56 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 29.06.2011 11:12:44 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
 
Error - 29.06.2011 15:49:23 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 15:49:24 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 15:49:31 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 15:49:31 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 15:49:43 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >

Zu den Fragen: Wie läuft dein Rechner derzeit? Er läuft eigentlich so wie immer.
Gibt es irgendwelche Probleme? Wenn ja, beschreibe diese bitte so gut es geht. Wenn ich auf Google einen Link anklicke, leitet er mich manchmal auf falsche Seiten um. Zuerst kommt so ein "goingnearth" dann irgendeine Werbeseite. Bemerkt habe ich das gestern.

Grüße,
Deathkid

M-K-D-B · 30.06.2011, 19:24

Hallo Deathkid,

Schritt # 1: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.

Schließe alle laufenden Programme.
Trenne dich von Internet.
Deaktiviere deine AntiViren Software.
Starte TDSSkiller.exe mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Drücke auf Start scan.
Mache während dem Scan nichts am Rechner
1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
  Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
Bitte poste mir den Inhalt hier in deinen Thread.

Schritt # 2: Benutzerdefinierter Scan mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

C:\ComboFix /S
C:\Qoobox /S
C:\ProgramData\bL28601DaMcK28601 /S
C:\Windows\PIF /S
/md5start
atapi.sys
volsnap.sys
/md5stop

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Nichts und danach den Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Schau mal bitte auf das Laufwerk C. Findet sich dort ein Logfile ComboFix.txt?

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des TDSS Killers,
das neue Logfile von OTL (OTL.txt) und
die Beantwortung der gestellten Fragen.

Deathkid535 · 01.07.2011, 08:45

Hallo M-K-D-B,

Das Logfile von TDSS-Killer(nichts gefunden):

Code:

ATTFilter

2011/07/01 09:24:22.0083 5396	TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/01 09:24:22.0125 5396	================================================================================
2011/07/01 09:24:22.0125 5396	SystemInfo:
2011/07/01 09:24:22.0125 5396	
2011/07/01 09:24:22.0126 5396	OS Version: 6.1.7600 ServicePack: 0.0
2011/07/01 09:24:22.0126 5396	Product type: Workstation
2011/07/01 09:24:22.0126 5396	ComputerName: DENNIS-PC
2011/07/01 09:24:22.0126 5396	UserName: Administrator
2011/07/01 09:24:22.0126 5396	Windows directory: C:\Windows
2011/07/01 09:24:22.0126 5396	System windows directory: C:\Windows
2011/07/01 09:24:22.0126 5396	Processor architecture: Intel x86
2011/07/01 09:24:22.0126 5396	Number of processors: 2
2011/07/01 09:24:22.0126 5396	Page size: 0x1000
2011/07/01 09:24:22.0126 5396	Boot type: Normal boot
2011/07/01 09:24:22.0126 5396	================================================================================
2011/07/01 09:24:28.0258 5396	Initialize success
2011/07/01 09:24:39.0439 5348	================================================================================
2011/07/01 09:24:39.0439 5348	Scan started
2011/07/01 09:24:39.0439 5348	Mode: Manual; 
2011/07/01 09:24:39.0439 5348	================================================================================
2011/07/01 09:24:45.0097 5348	1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/01 09:24:45.0606 5348	ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/01 09:24:46.0214 5348	AcpiPmi         (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/01 09:24:46.0978 5348	ACPIVPC         (5508e9f55799c6551d54dfbc4a068b68) C:\Windows\system32\DRIVERS\AcpiVpc.sys
2011/07/01 09:24:47.0777 5348	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/01 09:24:47.0884 5348	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/01 09:24:47.0962 5348	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/01 09:24:48.0067 5348	AFD             (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/01 09:24:48.0120 5348	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/01 09:24:48.0194 5348	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/01 09:24:48.0308 5348	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/01 09:24:48.0391 5348	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/01 09:24:48.0480 5348	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/01 09:24:48.0549 5348	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/01 09:24:48.0648 5348	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/01 09:24:48.0731 5348	amdsata         (6f64c768a9a48fab7c6d6cee1b30f97f) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/01 09:24:48.0808 5348	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/01 09:24:48.0860 5348	amdxata         (e27866684780606bcce640a57937d88a) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/01 09:24:48.0968 5348	ApfiltrService  (fd6d4bc1cf7d1fec5a17588007ecafb5) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/01 09:24:49.0043 5348	AppID           (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/01 09:24:49.0234 5348	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/01 09:24:49.0288 5348	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/01 09:24:49.0344 5348	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/01 09:24:49.0635 5348	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/01 09:24:49.0883 5348	atikmdag        (fcd4c95b1cb2a7dfbf8df5609c74734a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/01 09:24:50.0142 5348	AtiPcie         (aca01c43d065e546c6dc88ea669ceca6) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/07/01 09:24:50.0226 5348	avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/01 09:24:50.0345 5348	avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/01 09:24:50.0689 5348	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/01 09:24:50.0912 5348	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/01 09:24:51.0054 5348	BCM43XX         (61351a6aac26257f333d77ef738f3f3e) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/01 09:24:51.0228 5348	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/01 09:24:51.0286 5348	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/01 09:24:51.0349 5348	bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/01 09:24:51.0395 5348	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/01 09:24:51.0508 5348	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/01 09:24:51.0585 5348	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/01 09:24:51.0665 5348	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/01 09:24:51.0711 5348	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/01 09:24:51.0743 5348	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/01 09:24:51.0771 5348	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/01 09:24:51.0916 5348	Cam5607         (760ea3827049d8aa59de8e413b40dfb6) C:\Windows\system32\Drivers\BisonC07.sys
2011/07/01 09:24:52.0120 5348	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/01 09:24:52.0176 5348	cdrom           (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/01 09:24:52.0225 5348	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/01 09:24:52.0285 5348	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/01 09:24:52.0409 5348	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/01 09:24:52.0464 5348	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/01 09:24:52.0527 5348	CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/01 09:24:52.0596 5348	CnxtHdAudService (bd1dc6fa3689ab875eedbf0548393900) C:\Windows\system32\drivers\CHDRT32.sys
2011/07/01 09:24:52.0716 5348	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/01 09:24:52.0765 5348	CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/01 09:24:52.0818 5348	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/01 09:24:52.0925 5348	DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/01 09:24:52.0992 5348	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/01 09:24:53.0025 5348	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/01 09:24:53.0115 5348	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/01 09:24:53.0182 5348	DXGKrnl         (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/01 09:24:53.0334 5348	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/01 09:24:53.0578 5348	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/01 09:24:53.0697 5348	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/01 09:24:53.0784 5348	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/01 09:24:53.0869 5348	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/01 09:24:53.0963 5348	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/01 09:24:54.0066 5348	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/01 09:24:54.0091 5348	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/01 09:24:54.0191 5348	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/01 09:24:54.0258 5348	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/01 09:24:54.0335 5348	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/01 09:24:54.0413 5348	fssfltr         (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/01 09:24:54.0462 5348	Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/01 09:24:54.0521 5348	fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/01 09:24:54.0639 5348	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/01 09:24:54.0794 5348	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/01 09:24:54.0957 5348	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/01 09:24:55.0031 5348	HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/01 09:24:55.0085 5348	HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/01 09:24:55.0135 5348	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/01 09:24:55.0235 5348	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/01 09:24:55.0314 5348	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/01 09:24:55.0390 5348	HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/01 09:24:55.0670 5348	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/01 09:24:55.0725 5348	HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/01 09:24:55.0757 5348	hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/01 09:24:55.0781 5348	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/01 09:24:55.0862 5348	iaStorV         (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/07/01 09:24:56.0067 5348	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/01 09:24:56.0152 5348	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/01 09:24:56.0223 5348	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/01 09:24:56.0302 5348	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/01 09:24:56.0354 5348	IPMIDRV         (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/01 09:24:56.0403 5348	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/01 09:24:56.0550 5348	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/01 09:24:56.0595 5348	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/01 09:24:56.0679 5348	iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/01 09:24:56.0764 5348	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/01 09:24:56.0811 5348	kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/01 09:24:56.0856 5348	KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/01 09:24:56.0906 5348	KSecPkg         (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/01 09:24:56.0968 5348	L1C             (3705b2273e8efc9a707864ab7324b614) C:\Windows\system32\DRIVERS\L1C62x86.sys
2011/07/01 09:24:57.0077 5348	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/01 09:24:57.0167 5348	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/01 09:24:57.0201 5348	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/01 09:24:57.0252 5348	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/01 09:24:57.0291 5348	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/01 09:24:57.0344 5348	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/01 09:24:57.0429 5348	MBAMProtector   (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/01 09:24:57.0564 5348	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/01 09:24:57.0677 5348	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/01 09:24:57.0827 5348	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/01 09:24:57.0920 5348	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/01 09:24:57.0980 5348	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/01 09:24:58.0036 5348	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/01 09:24:58.0093 5348	mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/01 09:24:58.0141 5348	mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/01 09:24:58.0185 5348	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/01 09:24:58.0232 5348	MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/01 09:24:58.0295 5348	mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/01 09:24:58.0332 5348	mrxsmb10        (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/01 09:24:58.0369 5348	mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/01 09:24:58.0413 5348	msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/01 09:24:58.0458 5348	msdsm           (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/01 09:24:58.0499 5348	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/01 09:24:58.0541 5348	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/01 09:24:58.0579 5348	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/01 09:24:58.0718 5348	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/01 09:24:58.0800 5348	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/01 09:24:58.0841 5348	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/01 09:24:58.0891 5348	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/01 09:24:58.0932 5348	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/01 09:24:58.0971 5348	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/01 09:24:59.0007 5348	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/01 09:24:59.0032 5348	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/01 09:24:59.0116 5348	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/01 09:24:59.0181 5348	NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/07/01 09:24:59.0242 5348	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/01 09:24:59.0300 5348	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/01 09:24:59.0386 5348	Ndisuio         (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/01 09:24:59.0492 5348	NdisWan         (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/01 09:24:59.0538 5348	NDProxy         (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/01 09:24:59.0582 5348	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/01 09:24:59.0648 5348	NetBT           (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/01 09:24:59.0808 5348	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/01 09:24:59.0900 5348	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/01 09:25:00.0050 5348	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/01 09:25:00.0148 5348	Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/07/01 09:25:00.0233 5348	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/01 09:25:00.0291 5348	nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/07/01 09:25:00.0367 5348	nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/07/01 09:25:00.0495 5348	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/01 09:25:00.0571 5348	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/01 09:25:00.0734 5348	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/01 09:25:00.0770 5348	partmgr         (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/01 09:25:00.0816 5348	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/01 09:25:00.0871 5348	pci             (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/01 09:25:00.0926 5348	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/01 09:25:00.0959 5348	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/01 09:25:01.0003 5348	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/01 09:25:01.0047 5348	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/01 09:25:01.0544 5348	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/01 09:25:01.0602 5348	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/01 09:25:01.0702 5348	psadd           (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
2011/07/01 09:25:01.0756 5348	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/01 09:25:01.0843 5348	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/01 09:25:01.0923 5348	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/01 09:25:01.0969 5348	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/01 09:25:02.0010 5348	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/01 09:25:02.0076 5348	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/01 09:25:02.0128 5348	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/01 09:25:02.0191 5348	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/01 09:25:02.0223 5348	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/01 09:25:02.0263 5348	rdbss           (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/01 09:25:02.0312 5348	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/01 09:25:02.0350 5348	RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/01 09:25:02.0397 5348	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/01 09:25:02.0435 5348	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/01 09:25:02.0477 5348	RDPWD           (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/01 09:25:02.0529 5348	rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/01 09:25:02.0593 5348	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/01 09:25:02.0697 5348	RSUSBSTOR       (83f7a29b659771e60cd71999ef57aa0c) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/01 09:25:02.0782 5348	SaiK0728        (3c487b02017a5dd97e4a6b6032a3693b) C:\Windows\system32\DRIVERS\SaiK0728.sys
2011/07/01 09:25:02.0857 5348	SaiK0CFA        (f394d70aac064bdf56ccaa3ebb63db77) C:\Windows\system32\DRIVERS\SaiK0CFA.sys
2011/07/01 09:25:02.0939 5348	SaiMini         (c16d95bd9fdb381689053cb5ecac9e40) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/07/01 09:25:02.0989 5348	SaiNtBus        (e549bf8b944a6cc6356b322cbb83c796) C:\Windows\system32\drivers\SaiBus.sys
2011/07/01 09:25:03.0047 5348	SaiU0CFA        (3ae01d8d88d1f360b6a1ecd50522b6f3) C:\Windows\system32\DRIVERS\SaiU0CFA.sys
2011/07/01 09:25:03.0114 5348	sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/01 09:25:03.0262 5348	SCDEmu          (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/01 09:25:03.0307 5348	scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/01 09:25:03.0388 5348	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/01 09:25:03.0448 5348	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/01 09:25:03.0531 5348	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/01 09:25:03.0580 5348	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/01 09:25:03.0650 5348	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/01 09:25:03.0677 5348	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/01 09:25:03.0715 5348	sffp_sd         (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/01 09:25:03.0741 5348	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/01 09:25:03.0784 5348	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/01 09:25:03.0837 5348	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/01 09:25:03.0871 5348	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/01 09:25:03.0930 5348	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/01 09:25:03.0993 5348	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/01 09:25:04.0094 5348	sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\System32\Drivers\sptd.sys
2011/07/01 09:25:04.0190 5348	SRS_AudioFusion_Service (959f0206d46ce43f1eb0a5b4d508b35f) C:\Windows\system32\drivers\SRS_AudioFusion_i386.sys
2011/07/01 09:25:04.0250 5348	srv             (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/07/01 09:25:04.0309 5348	srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/01 09:25:04.0371 5348	srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/01 09:25:04.0443 5348	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/01 09:25:04.0529 5348	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/01 09:25:04.0680 5348	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/01 09:25:04.0836 5348	Tcpip           (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/07/01 09:25:04.0991 5348	TCPIP6          (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/01 09:25:05.0073 5348	tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/01 09:25:05.0127 5348	TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/01 09:25:05.0169 5348	TDTCP           (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/01 09:25:05.0193 5348	tdx             (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/01 09:25:05.0230 5348	TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/01 09:25:05.0290 5348	tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/01 09:25:05.0337 5348	tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/01 09:25:05.0380 5348	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/01 09:25:05.0459 5348	udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/01 09:25:05.0534 5348	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/01 09:25:05.0574 5348	umbus           (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/01 09:25:05.0660 5348	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/01 09:25:05.0846 5348	usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/07/01 09:25:05.0899 5348	usbccgp         (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/01 09:25:05.0948 5348	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/01 09:25:06.0003 5348	usbehci         (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/01 09:25:06.0067 5348	usbfilter       (2fed4ba0fde5eb4b624f20b629f8f9e2) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/07/01 09:25:06.0120 5348	usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/01 09:25:06.0159 5348	usbohci         (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/01 09:25:06.0222 5348	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/01 09:25:06.0283 5348	usbscan         (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/01 09:25:06.0333 5348	USBSTOR         (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/01 09:25:06.0408 5348	usbuhci         (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/07/01 09:25:06.0463 5348	usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/01 09:25:06.0535 5348	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/01 09:25:06.0791 5348	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/01 09:25:06.0828 5348	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/01 09:25:06.0877 5348	vhdmp           (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/01 09:25:06.0940 5348	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/01 09:25:06.0971 5348	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/01 09:25:07.0011 5348	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/01 09:25:07.0054 5348	volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/01 09:25:07.0093 5348	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/01 09:25:07.0129 5348	volsnap         (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/01 09:25:07.0216 5348	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/01 09:25:07.0264 5348	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/01 09:25:07.0305 5348	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/01 09:25:07.0361 5348	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/01 09:25:07.0384 5348	WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/01 09:25:07.0471 5348	Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/01 09:25:07.0571 5348	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/01 09:25:07.0656 5348	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/01 09:25:07.0772 5348	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/01 09:25:07.0838 5348	WimFltr         (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/01 09:25:07.0880 5348	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/01 09:25:08.0035 5348	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/01 09:25:08.0117 5348	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/01 09:25:08.0265 5348	wsvd            (baedc491374defd5e76336901d6d397d) C:\Windows\system32\DRIVERS\wsvd.sys
2011/07/01 09:25:08.0327 5348	WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/01 09:25:08.0384 5348	WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/01 09:25:08.0467 5348	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/01 09:25:08.0491 5348	Boot (0x1200)   (78ecc471e9908d9a489543a6f808b587) \Device\Harddisk0\DR0\Partition0
2011/07/01 09:25:08.0516 5348	Boot (0x1200)   (d2a26fbfb5b4009f6ba433bc7e8fbebc) \Device\Harddisk0\DR0\Partition1
2011/07/01 09:25:08.0551 5348	Boot (0x1200)   (c692a074ffaf54aeae7042934a2ff5f8) \Device\Harddisk0\DR0\Partition2
2011/07/01 09:25:08.0557 5348	================================================================================
2011/07/01 09:25:08.0557 5348	Scan finished
2011/07/01 09:25:08.0557 5348	================================================================================
2011/07/01 09:25:08.0572 1580	Detected object count: 0
2011/07/01 09:25:08.0572 1580	Actual detected object count: 0
2011/07/01 09:26:10.0178 5068	Deinitialize success

Das OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.07.2011 09:28:25 - Run 5
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 55,63% Memory free
6,98 Gb Paging File | 5,98 Gb Available in Paging File | 85,61% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 47,85 Gb Free Space | 31,14% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 6,15 Gb Free Space | 7,88% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
 
< C:\ComboFix /S >
 
< C:\Qoobox /S >
 
< C:\ProgramData\bL28601DaMcK28601 /S >
[2011.06.26 22:58:36 | 000,000,192 | ---- | M] () -- C:\ProgramData\bL28601DaMcK28601\bL28601DaMcK28601
 
< C:\Windows\PIF /S >
 
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: VOLSNAP.SYS  >
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< End of report >

Fragen: Schau mal bitte auf das Laufwerk C. Findet sich dort ein Logfile ComboFix.txt? Nein

Grüße,
Deathkid

M-K-D-B · 01.07.2011, 10:49

Hallo Deathkid535,

Vielleicht bringen wir ComboFix zum Laufen, wenn wir vorher Avira deinstallieren.

Schritt # 1: Deinstallation von Programmen

Folge folgendem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- Avira AntiVir
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.

Achte darauf, dass du ComboFix mit Rechtsklick als Administrator ausführst!
Lösche die ComboFix.exe zuvor von deinem Desktop!

Schritt # 2: ComboFix ausführen

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Schritt # 3: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile von ComboFix.

Deathkid535 · 01.07.2011, 13:19

Hallo M-K-D-B,
Ich habe Avira deinstalliert, Computer neugestartet, aber Combofik bleibt bei "... kann sich die Zeit verdoppeln" hängen. Ich habe auch schon versucht, ComboFix über die Befehlszeile auszuführen. Ausserdem jammert das Programm noich immer rum, dass AntiVir Desktop aktiv ist.

M-K-D-B · 01.07.2011, 16:03

Hallo Deathkid535,

Wenns nicht will, dann wills halt nicht.

Wir machen so weiter:

Schritt # 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
SRV - (PEVSystemStart) --  File not found
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
[2010.12.16 13:56:14 | 000,000,931 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\conduit.xml
[2010.10.14 20:01:12 | 000,010,017 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\mywebsearch.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
[2011.06.26 21:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\bL28601DaMcK28601
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1

:commands
[Emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt # 3: Scan mit SuperAntiSpyware (SAS)
Downloade Dir bitte SUPERAntiSpyware FREE Edition

Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
Schließe alle Anwendungen inkl. Browser.
Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
Bitte kopiere diesen Bericht hier in den Thread.

Schritt # 4: Rootkitscan mit Rootkit Unhooker (RKU)
Downloade Dir bitte RKUnhookerLE
und speichere die Datei auf deinem Desktop.

Trenne dich vom Internet ( Wlan nicht vergessen ), deaktiviere alle Hintergrundwächter, besonders den deiner Anti-Viren Software.
Schließe alle offenen Programme.
Starte die RKUnhookerLE.exe
Windows Vista und Windows 7 mit Rechtsklick "Als Administrator ausführen"
Klicke rechts auf Report und anschließend auf den Scan Button.
Setze ein Häkchen vor
- Drivers
- Stealth Code
- Code Hooks
Entferne alle anderen Haken.
Bestätige mit Ok.
Wenn Du gefragt wirst, welcher Bereich gescannt werden soll, gehe sicher das dein Systemlaufwerk ( meistens C: ) angehakt ist. Deaktiviere alle anderen Laufwerke. Bestätige wieder mit Ok.
Das Tool scannt nun deinen Rechner. Hab Geduld.
Wenn der Scan beendet ist, klicke auf File -> Save Report
Speichere die Datei als RKU.txt auf deinem Desktop.
Klicke auf Close und bestätige mit Ja.
Poste das Logfile mit deiner nächsten Antwort.

Hinweis: Solltest Du folgende Warnung bekommen

Zitat:

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"

Klicke auf OK

Schritt # 5: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 6: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Wirst du immer noch auf Google-Suchen umgeleitet?
Wenn ja, tritt das Problem mit dem Internet Explorer und Firefox auf? Teste und berichte bitte.

Schritt # 7: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des OTL-Fix,
das Logfile von MBAM,
das Logfile von SAS,
das Logfile von RKU,
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt) und
die Beantwortung der gestellten Fragen.

Deathkid535 · 01.07.2011, 21:34

Hallo M-K-D-B,[LIST=1][*]Das OTL Fixfile:

Code:

ATTFilter

All processes killed
========== OTL ==========
Error: No service named PEVSystemStart was found to stop!
Service\Driver key PEVSystemStart not found.
File   File not found not found.
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" removed from keyword.URL
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\conduit.xml moved successfully.
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\mywebsearch.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{872B5B88-9DB5-4310-BDD0-AC189557E5F5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HideSCAHealth deleted successfully.
Folder C:\ProgramData\bL28601DaMcK28601\ not found.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 1300062 bytes
->Temporary Internet Files folder emptied: 1913495 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 118129490 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 3025 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dennis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6043 bytes
RecycleBin emptied: 31299 bytes
 
Total Files Cleaned = 116,00 mb
 
 
OTL by OldTimer - Version 3.2.24.1 log created on 07012011_173215

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[*]Das Logfile von MBAM

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6994

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

01.07.2011 17:47:28
mbam-log-2011-07-01 (17-47-28).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 174446
Laufzeit: 6 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

[*]Das File von SAS

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 07/01/2011 at 06:45 PM

Application Version : 4.55.1000

Core Rules Database Version : 7363
Trace Rules Database Version: 5175

Scan type       : Complete Scan
Total Scan Time : 00:50:52

Memory items scanned      : 680
Memory threats detected   : 0
Registry items scanned    : 9512
Registry threats detected : 0
File items scanned        : 34598
File threats detected     : 501

Adware.Tracking Cookie
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@clicksor[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.glispa[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.kukori[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adsrv1.admediate[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@xm.xtendmedia[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adserver.adtechus[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@find.10topsearches[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adserving.versaneeds[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.ad-srv[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@online-tracking[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www3.sentinelclean-strong.findhere[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@myroitracking[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@webmasterplan[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.zanox[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@komtrack[3].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@liveperson[3].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@komtrack[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.adserverplus[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www.matrix-media[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adfarm1.adition[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adxpose[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.cpxcenter[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@invitemedia[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.gamersmedia[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad2.adfarm1.adition[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.adk2[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@audit.median[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@advertise[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@harrenmedianetwork[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@server.lon.liveperson[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.inextmedia[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.247activemedia[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@zanox-affiliate[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www.zanox-affiliate[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@servedby.adxpower[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@mediabrandsww[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@collective-media[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad1.adfarm1.adition[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.harrenmedianetwork[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@da-tracking[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@zanox[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@liveperson[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tracking1.aleadpay[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@click-lastminute[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@bidtraffic[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@m1.mediasrv[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@fidelity.rotator.hadj7.adjuggler[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.ad4game[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad.adc-serv[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@vidasco.rotator.hadj7.adjuggler[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad4.adfarm1.adition[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adultfriendfinder[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.intergi[1].txt
	de.sitestat.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.im.banner.t-online.de [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zanox.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.zanox.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.zanox.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traffictrack.de [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traffictrack.de [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mm.chitika.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.track.parse.ly [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@advertise[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www3.sentinelclean-strong.findhere[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www3.army-internet-personal.findhere[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.gamersmedia[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@bidtraffic[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.inextmedia[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@www.matrix-media[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad4.adfarm1.adition[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@gamersmedia[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adserving.versaneeds[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ad2.adfarm1.adition[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@m1.mediasrv[1].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@myroitracking[2].txt
	C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@xm.xtendmedia[1].txt
	.vodafonegroup.122.2o7.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.elitepvpers.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver.adtechus.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	de.sitestat.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.lfstmedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adverticum.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	audit.median.hu [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tribalfusion.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	track.effiliation.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.eyewonder.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.eyewonder.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adverticum.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adverticum.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.etargetnet.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.etargetnet.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.etargetnet.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tns-counter.ru [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	d.jambomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.a.revenuemax.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.apmebf.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediaplex.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adtech.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	statse.webtrendslive.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.imrworldwide.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.imrworldwide.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media.xfire.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media.xfire.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.im.banner.t-online.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.crackfound.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.crackfound.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.crackfound.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.tldadserv.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.xiti.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.edsa.122.2o7.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.paypal.112.2o7.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	eas.apm.emediate.eu [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.divx.112.2o7.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.kontera.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.burstnet.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	gr.burstnet.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.euros4click.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adxpose.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.etracker.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.casalemedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adserver2.spele.nl [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.game-advertising-online.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.yieldmanager.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.blogcounter.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.pro-market.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	fl01.ct2.comclick.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.pro-market.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ru4.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ru4.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.legolas-media.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adtech.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.yadro.ru [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	m1.webstats.motigo.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.zanox.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.etracker.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.etracker.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.etracker.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.smartadserver.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.gostats.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.gostats.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.komtrack.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.komtrack.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.komtrack.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.dyntracker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.at.atwola.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.clickaider.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	eas.apm.emediate.eu [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.www.qitracking.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adviva.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adviva.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.invitemedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	fidelity.rotator.hadj7.adjuggler.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adserver1.mokono.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	in.getclicky.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver1.mokono.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver1.mokono.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adserver1.mokono.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.etracker.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	s03.flagcounter.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	s2.trafficmaxx.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	track.effiliation.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	track.effiliation.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	track.effiliation.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	track.effiliation.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rotator.adjuggler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rotator.adjuggler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	tracking.mlsat02.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adsrv.admediate.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adsrv.admediate.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rotator.adjuggler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adsrv.admediate.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.googleadservices.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rts.pgmediaserve.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rts.pgmediaserve.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rts.pgmediaserve.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	eas.apm.emediate.eu [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adserver.adreactor.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tacoda.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tacoda.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tacoda.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tacoda.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.at.atwola.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.at.atwola.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traffictrack.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traffictrack.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ice.112.2o7.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	s03.flagcounter.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.mediafire.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.mediafire.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediafire.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.account.frogster-online.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	user.lucidmedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	tracking.gameforge.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.ez-tracks.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.ez-tracks.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ez-tracks.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ez-tracks.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ez-tracks.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ez-tracks.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.encyclomedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ez-tracks.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.ez-tracks.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.zanox-affiliate.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zanox-affiliate.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.media6degrees.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.doubleclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.lfstmedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.lfstmedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.warcraftscreensavers.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.warcraftscreensavers.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.legolas-media.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.legolas-media.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.legolas-media.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.kontera.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ww251.smartadserver.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.warcraftscreensavers.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.warcraftscreensavers.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.warcraftscreensavers.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.warcraftscreensavers.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.warcraftscreensavers.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.warcraftscreensavers.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.kontera.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.kontera.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.googleadservices.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	media.fragster.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.technoratimedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.legolas-media.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.chitika.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ssl.clickbank.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ssl.clickbank.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ssl.clickbank.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adinterax.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adinterax.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adscendmedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adscendmedia.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.statcounter.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.statcounter.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	click.mediadome.ru [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	click.mediadome.ru [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	click.mediadome.ru [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.himedia.individuad.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.himedia.individuad.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	fl01.ct2.comclick.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	fl01.ct2.comclick.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	delivery.atkmedia.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.gametracker.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.web-stat.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.web-stat.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.web-stat.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	cn.clickable.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	cn.clickable.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adfarm1.adition.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adx.chip.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.clickbank.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.elitepvpers.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.elitepvpers.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.elitepvpers.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zanox.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adserver.mmoga.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adserver.mmoga.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adserver.mmoga.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.smartadserver.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.smartadserver.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.smartadserver.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.smartadserver.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.smartadserver.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad3.adfarm1.adition.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad4.adfarm1.adition.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tracking.quisma.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tracking.hannoversche.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediaplex.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.bs.serving-sys.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adtech.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	s2.trafficmaxx.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.crackssite.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.content.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.content.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adserver.unitedcolo.de [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.crackssite.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.crackssite.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	eas4.emediate.eu [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	eas4.emediate.eu [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adbrite.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediabrandsww.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adecn.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	click2go.org [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.azjmp.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.azjmp.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.azjmp.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adfarm1.adition.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad2.adfarm1.adition.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.zanox.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\Dennis\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@atdmt[2].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@www.elitepvpers[2].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@server.cpmstar[2].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@adserver.adtechus[4].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@ads.intergi[1].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@imrworldwide[2].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@mywebsearch[1].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@adserver.adtechus[2].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@serving-sys[1].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@adserver.adtechus[1].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@atdmt[1].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@fastclick[2].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@doubleclick[2].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\dennis@fastclick[1].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis@doubleclick[1].txt
	C:\Users\Dennis\AppData\Roaming\Microsoft\Windows\Cookies\Low\dennis@mywebsearch[2].txt
	.tribalfusion.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.imrworldwide.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.adserver.adtechus.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.doubleclick.net [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad.adserver01.de [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.apmebf.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.fastclick.net [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.zanox.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.zanox-affiliate.de [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	adfarm1.adition.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad2.adfarm1.adition.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.adfarm1.adition.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.tradedoubler.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.content.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	ad.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.mediaplex.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.mediaplex.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.adxpose.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.content.yieldmanager.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.xm.xtendmedia.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.partypoker.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.partypoker.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.partypoker.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.invitemedia.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	www.zanox-affiliate.de [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.webmasterplan.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]
	.server.cpmstar.com [ C:\Users\Dennis\AppData\Roaming\Mozilla\Firefox\Profiles\8up7pvxa.default\cookies.sqlite ]

Trojan.System32
	C:\PROGRAM FILES\AXBX\VIRUSKEEPER 2011 PRO PROBEVERSION\QUARANTAINE\SYSTEM32.EXE

Trojan.Agent/Gen-Bancos
	C:\PROGRAM FILES\WEBOCTON - SCRIPTLY\ORIGINALS\PLUGINS\WYSIWYG_EDITOR.DLL
	C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\WEBOCTON - SCRIPTLY\PLUGINS\WYSIWYG_EDITOR.DLL

Trojan.Agent/Gen-FakeAlert[Local]
	C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\8 X 8 MEDIA AG\CHESSIMO\ENGINES\CRAFTY\WCRAFTY.EXE

[*]Das RKU Logfile:

Code:

ATTFilter

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Drivers
==============================================
0x8E82F000 C:\Windows\system32\DRIVERS\atikmdag.sys 5468160 bytes (ATI Technologies Inc., ATI Radeon Kernel Mode Driver)
0x82C05000 C:\Windows\system32\ntkrnlpa.exe 4259840 bytes (Microsoft Corporation, NT Kernel & System)
0x82C05000 PnpManager 4259840 bytes
0x82C05000 RAW 4259840 bytes
0x82C05000 WMIxWDM 4259840 bytes
0x8F43D000 C:\Windows\system32\DRIVERS\bcmwl6.sys 2510848 bytes (Broadcom Corporation, Broadcom 802.11 Network Adapter wireless driver)
0x96C40000 Win32k 2404352 bytes
0x96C40000 C:\Windows\System32\win32k.sys 2404352 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0x88636000 C:\Windows\System32\drivers\tcpip.sys 1347584 bytes (Microsoft Corporation, TCP/IP-Treiber)
0x8241D000 C:\Windows\System32\Drivers\BisonC07.sys 1257472 bytes (Bison Electronics. Inc. , Universal Serial Bus Camera Driver)
0x88209000 C:\Windows\System32\Drivers\Ntfs.sys 1241088 bytes (Microsoft Corporation, NT-Dateisystemtreiber)
0x8E605000 C:\Windows\System32\drivers\dxgkrnl.sys 749568 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0x88429000 C:\Windows\system32\drivers\ndis.sys 749568 bytes (Microsoft Corporation, NDIS 6.20-Treiber)
0x8327B000 C:\Windows\system32\CI.dll 700416 bytes (Microsoft Corporation, Codeintegritätsmodul)
0x98352000 C:\Windows\system32\drivers\peauth.sys 618496 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x98211000 C:\Windows\system32\drivers\HTTP.sys 544768 bytes (Microsoft Corporation, HTTP-Protokollstapel)
0x9100F000 C:\Windows\system32\drivers\CHDRT32.sys 528384 bytes (Conexant Systems Inc., High Definition Audio Function Driver)
0x83326000 C:\Windows\system32\drivers\Wdf01000.sys 462848 bytes (Microsoft Corporation, Kernelmodustreiber-Frameworklaufzeit)
0x8E6F5000 C:\Windows\system32\drivers\SRS_AudioFusion_i386.sys 450560 bytes (-, SRS Premium Sound driver)
0x99AB8000 C:\Windows\system32\drivers\spsys.sys 434176 bytes (Microsoft Corporation, security processor)
0x88376000 C:\Windows\System32\Drivers\cng.sys 380928 bytes (Microsoft Corporation, Kernel Cryptography, Next Generation)
0x8D83F000 C:\Windows\system32\drivers\afd.sys 368640 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x99A62000 C:\Windows\System32\DRIVERS\srv.sys 335872 bytes (Microsoft Corporation, Server driver)
0x99A13000 C:\Windows\System32\DRIVERS\srv2.sys 323584 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x8F6CE000 C:\Windows\system32\DRIVERS\USBPORT.SYS 307200 bytes (Microsoft Corporation, USB 1.1 & 2.0-Porttreiber)
0x8808D000 C:\Windows\System32\drivers\volmgrx.sys 307200 bytes (Microsoft Corporation, Treiber für Erweiterung des Volume-Managers)
0x833A5000 C:\Windows\system32\DRIVERS\ACPI.sys 294912 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0x88143000 C:\Windows\system32\DRIVERS\storport.sys 290816 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x91153000 C:\Windows\system32\DRIVERS\nwifi.sys 286720 bytes (Microsoft Corporation, Systemeigener WiFi-Miniporttreiber)
0x8ED66000 C:\Windows\system32\DRIVERS\usbhub.sys 278528 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x83239000 C:\Windows\system32\CLFS.SYS 270336 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D969000 C:\Windows\system32\DRIVERS\rdbss.sys 266240 bytes (Microsoft Corporation, Subsystemtreiber für Pufferung des umgeleiteten Laufwerks)
0x887B0000 C:\Windows\system32\DRIVERS\volsnap.sys 258048 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0x884E0000 C:\Windows\system32\drivers\NETIO.SYS 253952 bytes (Microsoft Corporation, Network I/O Subsystem)
0x982E4000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 241664 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x8F774000 C:\Windows\system32\DRIVERS\Apfiltr.sys 233472 bytes (Alps Electric Co., Ltd., Alps Touch Pad Driver)
0x8E6BC000 C:\Windows\System32\drivers\dxgmms1.sys 233472 bytes (Microsoft Corporation, DirectX Graphics MMS)
0x83015000 ACPI_HAL 225280 bytes
0x83015000 C:\Windows\system32\halmacpi.dll 225280 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0x88193000 C:\Windows\system32\drivers\fltmgr.sys 212992 bytes (Microsoft Corporation, Microsoft Dateisystem-Filter-Manager)
0x8F400000 C:\Windows\system32\drivers\ks.sys 212992 bytes (Microsoft Corporation, Kernel CSA Library)
0x88553000 C:\Windows\System32\DRIVERS\fvevol.sys 204800 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8D899000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8877F000 C:\Windows\System32\drivers\fwpkclnt.sys 200704 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x91090000 C:\Windows\system32\drivers\portcls.sys 192512 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x88600000 C:\Windows\System32\drivers\rdyboost.sys 184320 bytes (Microsoft Corporation, ReadyBoost Driver)
0x88338000 C:\Windows\System32\Drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8802F000 C:\Windows\system32\DRIVERS\pci.sys 172032 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0x88596000 C:\Windows\system32\DRIVERS\CLASSPNP.SYS 151552 bytes (Microsoft Corporation, SCSI Class System Dll)
0x8851E000 C:\Windows\System32\Drivers\ksecpkg.sys 151552 bytes (Microsoft Corporation, Kernel Security Support Provider Interface Packages)
0x82562000 C:\Windows\system32\DRIVERS\SaiK0CFA.sys 151552 bytes (Saitek, Saitek Hid Driver)
0x880F7000 C:\Windows\system32\DRIVERS\ataport.SYS 143360 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x982C1000 C:\Windows\system32\DRIVERS\mrxsmb.sys 143360 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x8E76E000 C:\Windows\system32\DRIVERS\ndiswan.sys 139264 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x8D941000 C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 139264 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASKUTIL.SYS)
0x91199000 C:\Windows\System32\DRIVERS\srvnet.sys 135168 bytes (Microsoft Corporation, Server Network driver)
0x8D800000 C:\Windows\system32\DRIVERS\tunnel.sys 135168 bytes (Microsoft Corporation, Microsoft-Tunnelschnittstellentreiber)
0x881D8000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x885D5000 C:\Windows\system32\DRIVERS\cdrom.sys 126976 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0x8F730000 C:\Windows\system32\DRIVERS\HDAudBus.sys 126976 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8D8D2000 C:\Windows\system32\DRIVERS\pacer.sys 126976 bytes (Microsoft Corporation, QoS-Paketplaner)
0x96ED0000 C:\Windows\System32\cdd.dll 122880 bytes (Microsoft Corporation, Canonical Display Driver)
0x91135000 C:\Windows\system32\DRIVERS\SaiK0728.sys 122880 bytes (Saitek, Saitek Hid Driver)
0x8259B000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA-Filtertreiber zur Dateivirtualisierung)
0x9831F000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 110592 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x825B6000 C:\Windows\system32\drivers\WudfPf.sys 106496 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0x98296000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x910BF000 C:\Windows\system32\drivers\drmk.sys 102400 bytes (Microsoft Corporation, Microsoft Trusted Audio Drivers)
0x8D9CA000 C:\Windows\System32\Drivers\dfsc.sys 98304 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8F74F000 C:\Windows\system32\DRIVERS\i8042prt.sys 98304 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0x8F7E0000 C:\Windows\system32\DRIVERS\rasl2tp.sys 98304 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0x8E790000 C:\Windows\system32\DRIVERS\raspppoe.sys 98304 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8E7A8000 C:\Windows\system32\DRIVERS\raspptp.sys 94208 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8E7BF000 C:\Windows\system32\DRIVERS\rassstp.sys 94208 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x8800E000 C:\Windows\system32\DRIVERS\tdx.sys 94208 bytes (Microsoft Corporation, TDI Translation Driver)
0x91113000 C:\Windows\system32\DRIVERS\usbccgp.sys 94208 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0x880D8000 C:\Windows\System32\drivers\mountmgr.sys 90112 bytes (Microsoft Corporation, Bereitstellungspunkt-Manager)
0x82587000 C:\Windows\system32\drivers\usbaudio.sys 81920 bytes (Microsoft Corporation, USB Audio Class Driver)
0x8EDAA000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 77824 bytes (Microsoft Corporation, Hid Class Library)
0x88363000 C:\Windows\System32\Drivers\ksecdd.sys 77824 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x82400000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x8D910000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x8F7CE000 C:\Windows\system32\DRIVERS\AgileVpn.sys 73728 bytes (Microsoft Corporation, RAS Agile Vpn Miniport Call Manager)
0x8F6AC000 C:\Windows\system32\DRIVERS\L1C62x86.sys 73728 bytes (Atheros Communications, Inc., Atheros L1c PCI-E Gigabit Ethernet Controller)
0x982AF000 C:\Windows\System32\drivers\mpsdrv.sys 73728 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x8D821000 C:\Windows\system32\DRIVERS\amdppm.sys 69632 bytes (Microsoft Corporation, Processor Device Driver)
0x88132000 C:\Windows\system32\DRIVERS\amdsata.sys 69632 bytes (Advanced Micro Devices, AHCI 1.2 Device Driver)
0x88585000 C:\Windows\system32\DRIVERS\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x881C7000 C:\Windows\system32\drivers\fileinfo.sys 69632 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8E7EE000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x88059000 C:\Windows\System32\drivers\partmgr.sys 69632 bytes (Microsoft Corporation, Partition Management Driver)
0x83220000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Plattformspezifischer Hardwarefehlertreiber)
0x8D8F1000 C:\Windows\system32\DRIVERS\vwififlt.sys 69632 bytes (Microsoft Corporation, Virtual WiFi Filter Driver)
0x825D0000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x88543000 C:\Windows\System32\Drivers\mup.sys 65536 bytes (Microsoft Corporation, Multiple UNC Provider Driver)
0x825E0000 C:\Windows\system32\DRIVERS\ndisuio.sys 65536 bytes (Microsoft Corporation, E/A-Treiber für NDIS-Benutzermodus)
0x8D923000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Remote Desktop Server Driver)
0x8807D000 C:\Windows\system32\DRIVERS\volmgr.sys 65536 bytes (Microsoft Corporation, Volume Manager Driver)
0x8F721000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x8D9E2000 C:\Windows\system32\DRIVERS\blbdrive.sys 57344 bytes (Microsoft Corporation, BLB Drive Driver)
0x8D902000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x88000000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x88124000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x883D3000 C:\Windows\System32\drivers\pcw.sys 57344 bytes (Microsoft Corporation, Performance Counters for Windows Driver)
0x8D933000 C:\Windows\System32\Drivers\SCDEmu.SYS 57344 bytes (PowerISO Computing, Inc., PowerISO Virtual Drive)
0x8E7E0000 C:\Windows\system32\DRIVERS\umbus.sys 57344 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x83397000 C:\Windows\system32\drivers\WDFLDR.SYS 57344 bytes (Microsoft Corporation, Kernel Mode Driver Framework Loader)
0x8F7C1000 C:\Windows\system32\DRIVERS\CompositeBus.sys 53248 bytes (Microsoft Corporation, Multi-Transport Composite Bus Enumerator)
0x8F767000 C:\Windows\system32\DRIVERS\kbdclass.sys 53248 bytes (Microsoft Corporation, Tastaturklassentreiber)
0x8F7AD000 C:\Windows\system32\DRIVERS\mouclass.sys 53248 bytes (Microsoft Corporation, Mausklassentreiber)
0x983F3000 C:\Windows\System32\drivers\tcpipreg.sys 53248 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0x88413000 C:\Windows\System32\drivers\watchdog.sys 53248 bytes (Microsoft Corporation, Watchdog Driver)
0x8D9BE000 C:\Windows\System32\drivers\discache.sys 49152 bytes (Microsoft Corporation, System Indexer/Cache Driver)
0x910D8000 C:\Windows\system32\DRIVERS\kbdhid.sys 49152 bytes (Microsoft Corporation, HID-Tastaturfiltertreiber)
0x88407000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x88072000 C:\Windows\system32\DRIVERS\BATTC.SYS 45056 bytes (Microsoft Corporation, Battery Class Driver)
0x9112A000 C:\Windows\system32\DRIVERS\hidusb.sys 45056 bytes (Microsoft Corporation, USB Miniport Driver for Input Devices)
0x83215000 C:\Windows\system32\mcupdate_AuthenticAMD.dll 45056 bytes (Microsoft Corporation, AMD Microcode Update Library)
0x82550000 C:\Windows\system32\DRIVERS\monitor.sys 45056 bytes (Microsoft Corporation, Monitor Driver)
0x910E4000 C:\Windows\system32\DRIVERS\mouhid.sys 45056 bytes (Microsoft Corporation, HID-Mausfiltertreiber)
0x883EA000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8E763000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x883F5000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0x83200000 C:\Windows\system32\DRIVERS\vdrvroot.sys 45056 bytes (Microsoft Corporation, Stammenumerator für virtuelles Laufwerk)
0x910EF000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8811A000 C:\Windows\system32\DRIVERS\msahci.sys 40960 bytes (Microsoft Corporation, MS AHCI 1.0 Standard Driver)
0x8D9B4000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x8D9AA000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0x8E7D6000 C:\Windows\system32\drivers\SaiBus.sys 40960 bytes (Saitek, Smart Technology Helpers)
0x983E9000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0x8F6C4000 C:\Windows\system32\DRIVERS\usbohci.sys 40960 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0x8F6A2000 C:\Windows\system32\DRIVERS\vwifibus.sys 40960 bytes (Microsoft Corporation, Virtueller WiFi-Bustreiber)
0x8818A000 C:\Windows\system32\DRIVERS\amdxata.sys 36864 bytes (Advanced Micro Devices, Stor Filter Driver)
0x99B22000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0x880EE000 C:\Windows\system32\DRIVERS\atapi.sys 36864 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x99B2B000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x883E1000 C:\Windows\System32\Drivers\Fs_Rec.sys 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x96EA0000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x833ED000 C:\Windows\system32\DRIVERS\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x887F7000 C:\Windows\system32\DRIVERS\AtiPcie.sys 32768 bytes (Advanced Micro Devices Inc., AMD PCIE Filter Driver for ATI PCIE chipset)
0x83231000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0x8806A000 C:\Windows\system32\DRIVERS\compbatt.sys 32768 bytes (Microsoft Corporation, Composite Battery Driver)
0x8862D000 C:\Windows\System32\drivers\hwpolicy.sys 32768 bytes (Microsoft Corporation, Hardware Policy Driver)
0x80BBB000 C:\Windows\system32\kdcom.dll 32768 bytes (Microsoft Corporation, Serial Kernel Debugger)
0x833F6000 C:\Windows\system32\DRIVERS\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x88420000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x885BB000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Encoder Miniport)
0x885C3000 C:\Windows\system32\drivers\rdprefmp.sys 32768 bytes (Microsoft Corporation, RDP Reflector Driver Miniport)
0x887EF000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x88400000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8EDBD000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x885F4000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x8255B000 C:\Windows\system32\DRIVERS\SaiU0CFA.sys 28672 bytes (Saitek, Saitek Usb Driver)
0x8D8CB000 C:\Windows\system32\DRIVERS\wfplwf.sys 28672 bytes (Microsoft Corporation, WFP NDIS 6.20 Lightweight Filter Driver)
0x8F6BE000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8F7F8000 C:\Windows\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0x8D963000 C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 24576 bytes (SUPERAdBlocker.com and SUPERAntiSpyware.com, SASDIFSV.SYS)
0x8F719000 C:\Windows\system32\DRIVERS\usbfilter.sys 24576 bytes (Advanced Micro Devices, AMD USB Filter Driver)
0x8F7BA000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x99AB4000 C:\Windows\system32\drivers\mbam.sys 16384 bytes (Malwarebytes Corporation, Malwarebytes' Anti-Malware)
0x8F434000 C:\Windows\system32\DRIVERS\SaiMini.sys 16384 bytes (Saitek, Saitek Magic Mini Driver)
0x8F7BE000 C:\Windows\system32\DRIVERS\AcpiVpc.sys 12288 bytes (Lenovo Corporation, ACPI Virtual Power Controller Driver)
0x8F7FE000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8F71F000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
==============================================
>Hooks
==============================================
[1668]rundll32.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C617B8-->752A5E25 [apphelp.dll]
[1668]rundll32.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B14EC-->752A5E25 [apphelp.dll]
[1668]rundll32.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B611B8-->752A5E25 [apphelp.dll]
[1668]rundll32.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D114E0-->752A5E25 [apphelp.dll]
[1668]rundll32.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71201454-->752A5E25 [apphelp.dll]
[2720]realsched.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: Inline - PushRet 0x76FC3162-->EC810004 [unknown_code_page]

Deathkid535 · 01.07.2011, 21:37

Das OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 01.07.2011 19:29:27 - Run 6
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 45,37% Memory free
6,98 Gb Paging File | 5,79 Gb Available in Paging File | 82,92% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 71,14 Gb Free Space | 46,29% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 35,76 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Administrator\AppData\Local\Apps\2.0\W55HJDXV.742\KR5R0CNL.RO1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe (Curse)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Programme\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SRS_AudioFusion_Service) -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CFA) -- C:\Windows\System32\drivers\SaiK0CFA.sys (Saitek)
DRV - (SaiU0CFA) -- C:\Windows\System32\drivers\SaiU0CFA.sys (Saitek)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SaiK0728) -- C:\Windows\System32\drivers\SaiK0728.sys (Saitek)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 5B 60 61 79 69 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.28 20:56:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.28 20:55:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.28 20:56:19 | 000,000,000 | ---D | M]
 
[2010.10.14 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011.07.01 13:22:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions
[2011.05.22 20:40:15 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.06.23 13:09:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.07 08:23:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\battlefieldplay4free@ea.com
[2011.05.20 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
File not found (No name found) -- 
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2011.04.28 20:56:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 18:13:26 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.27 21:45:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.01 17:51:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.01 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.07.01 17:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.07.01 17:50:14 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.07.01 14:17:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.07.01 09:21:05 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2011.06.30 09:05:29 | 000,100,736 | ---- | C] (GMER) -- C:\pwdirpog.sys
[2011.06.29 12:25:32 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 12:25:31 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 12:25:30 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 12:25:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 12:25:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 12:25:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.28 21:15:18 | 004,130,198 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.06.28 16:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.28 16:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.28 16:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.28 15:05:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.28 15:00:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.27 21:06:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.27 20:55:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.06.27 20:55:07 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2011.06.27 19:18:41 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RealUI 0612
[2011.06.27 12:09:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.26 22:50:35 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.06.26 21:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\bL28601DaMcK28601
[2011.06.24 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.06.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RIFT
[2011.06.22 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011.06.22 19:34:45 | 000,000,000 | ---D | C] -- C:\Programme\RIFT Game
[2011.06.22 07:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.20 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\LeilaUI 3.13
[2011.06.18 09:43:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.17 14:37:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.17 14:37:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.17 14:37:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.17 14:37:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.17 14:37:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.17 14:37:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.17 14:37:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.17 14:37:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.17 14:37:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.17 14:37:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.17 14:37:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2011.06.11 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.06.11 22:46:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 22:46:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 22:46:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:36 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011.06.10 21:15:36 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2011.06.10 21:15:36 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011.06.10 21:15:36 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011.06.10 21:15:36 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SYSINFO.OCX
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Programme\chessimo
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\8 x 8 Media AG
[2011.06.10 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011.06.07 13:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.06.07 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.01 19:25:38 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.01 19:25:37 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.01 19:22:12 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.07.01 19:21:43 | 000,139,264 | ---- | M] () -- C:\Users\Administrator\Desktop\RKUnhookerLE.EXE
[2011.07.01 19:19:42 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.07.01 19:19:04 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.01 19:17:15 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.01 19:17:14 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2011.07.01 19:17:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.01 19:16:59 | 1406,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.01 19:09:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000UA.job
[2011.07.01 17:50:19 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.01 13:42:05 | 004,130,198 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.07.01 09:21:11 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2011.06.30 09:05:29 | 000,100,736 | ---- | M] (GMER) -- C:\pwdirpog.sys
[2011.06.30 09:03:59 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.29 20:09:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000Core.job
[2011.06.29 17:08:02 | 000,449,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.28 08:02:33 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 21:45:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.06.27 20:55:08 | 000,001,222 | ---- | M] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 19:19:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:13:38 | 000,027,484 | ---- | M] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:26 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:09:21 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.27 12:05:08 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:12:02 | 001,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 10:05:41 | 000,518,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Unbenannt.PNG
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011.06.24 10:38:56 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.20 19:12:48 | 000,095,049 | ---- | M] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.20 14:12:59 | 000,949,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.20 14:12:59 | 000,704,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.20 14:12:59 | 000,222,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.20 14:12:59 | 000,189,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.11 18:58:04 | 000,004,107 | ---- | M] () -- C:\Windows\wininit.ini
[2011.06.11 14:11:05 | 000,001,246 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.06.11 10:49:21 | 000,166,400 | RHS- | M] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog2.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.10 19:08:58 | 000,000,129 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat
[2011.06.10 19:07:59 | 000,000,034 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences.dat
[2011.06.07 13:06:07 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
 
========== Files Created - No Company Name ==========
 
[2011.07.01 19:21:40 | 000,139,264 | ---- | C] () -- C:\Users\Administrator\Desktop\RKUnhookerLE.EXE
[2011.07.01 17:50:19 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.06.30 09:03:58 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.28 16:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.28 16:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.28 16:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.28 16:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.28 16:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.27 22:34:59 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 20:55:08 | 000,001,222 | ---- | C] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 13:13:38 | 000,027,484 | ---- | C] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:18 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:04:42 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:02 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:11:45 | 001,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 09:56:45 | 000,095,049 | ---- | C] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.24 10:38:56 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track05.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track04.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track03.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track02.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track01.cda
[2011.06.11 14:33:23 | 000,004,107 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.11 10:49:21 | 000,166,400 | RHS- | C] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.10 21:16:36 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog2.dll
[2011.06.10 21:16:28 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.07 13:06:07 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.06.07 12:56:17 | 000,001,246 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.05.07 12:12:25 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.07 12:12:24 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011.05.07 12:11:54 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.05.07 12:11:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.13 20:14:06 | 000,390,944 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys
[2010.12.01 10:06:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 20:58:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.14 20:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.01 20:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.01 20:10:06 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010.07.01 20:02:18 | 000,006,088 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.10.22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.07.14 10:47:43 | 000,949,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,222,136 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,449,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,704,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,189,032 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.09 10:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

< End of report >

[*]Das OTL Extrascanfile:

Code:

ATTFilter

OTL Extras logfile created on: 01.07.2011 19:29:27 - Run 6
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,79 Gb Available Physical Memory | 45,37% Memory free
6,98 Gb Paging File | 5,79 Gb Available in Paging File | 82,92% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 71,14 Gb Free Space | 46,29% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 35,76 Gb Free Space | 45,84% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ACD183-EAEC-82C8-F71E-8FF0B6143D7B}" = CCC Help Portuguese
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{063BBC11-7F75-3BBA-02AA-A1B5FC0E17AC}" = CCC Help Polish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11C39430-2BC0-4C47-4541-B6C8150D4A65}" = Catalyst Control Center InstallProxy
"{1375616C-B818-9FC7-0BE3-AE9AC45F1188}" = CCC Help Chinese Standard
"{14AEA387-7A94-575A-4328-07BE82BD7F32}" = ATI Catalyst Install Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3253AC2A-EC76-DC6C-6ED1-EBA5E67A79A1}" = ccc-utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36B38C30-94C1-2B9C-B973-59B2FB37CCB0}" = CCC Help Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3931705A-D653-44A8-9BB5-759B7965BE99}_is1" = YABOT Build Order Editor version 1.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1FB742-A73A-2403-639F-C8CD64A70449}" = CCC Help Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{417CE154-54E7-3655-0C24-34FBFCA5163C}" = CCC Help Finnish
"{420F882E-36E5-9C3B-BF07-B0C1911F4739}" = CCC Help Italian
"{460495AF-988E-CDD4-591D-7E75AC1CAF4A}" = Catalyst Control Center Core Implementation
"{46E8BDC8-F7BD-3F44-8DA1-9B26DAB62205}" = CCC Help Swedish
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4E0BEC25-51C6-30AE-348D-AA208ABA3400}" = CCC Help Japanese
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6128B845-A2F4-283F-92B8-C02B393373A4}" = CCC Help Hungarian
"{613B9AA5-33A3-B2BB-D87D-BF7B1C02315E}" = Catalyst Control Center Localization All
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65C743AF-D881-B71D-A753-A95C5219E78B}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{836180C6-4998-B1EE-782A-EF196850A98F}" = CCC Help Turkish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84738B59-F709-5737-524D-CAC71D74C23F}" = CCC Help English
"{848249FC-EA31-81CC-914B-7401C37B03CE}" = CCC Help Russian
"{8518ECC0-0DE4-4475-D0C1-C8114A8F0C0B}" = CCC Help French
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA1963A-5234-BECC-B5E7-7469ABBC6514}" = Catalyst Control Center Graphics Light
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D540B8F-1325-CF57-0C84-B59B03B153FB}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93ABEBEB-EEE0-4AB9-A925-2F2EC791A4CE}" = Smart Technology Programming Software 7.0.2.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96CC86A2-997F-46BF-9ADF-3857DB648765}" = chessimo 3.42
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3D7DCF8-A79C-882D-1B6F-2A5106053F9B}" = CCC Help Danish
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B569783D-389B-BA36-6A8E-1457C12E77F1}" = CCC Help Thai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BDAFF03F-3E7D-427B-A658-3807C4C58B0C}" = Goldfinger 8
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C9A3120D-C729-875A-AD54-C3AE3F9C826B}" = CCC Help Korean
"{CA050D8C-770A-41A7-B966-0056456EA27E}" = Razer StarCraft II
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF051DB4-9E13-0A5B-314D-B0AC3B3BF9D9}" = CCC Help German
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8EDD457-B59B-FFC6-7E6B-749734E71D03}" = Catalyst Control Center Graphics Previews Common
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28FD821-1863-4BC0-8B8C-959EEE805FDE}" = SRS AudioFusion
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAADF6C-CB48-DE4C-C934-1A9C11F1D7AE}" = ccc-core-static
"{EF1D891C-1616-C383-AD0B-6C8B0A8F8CC9}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F231A12D-5C87-6201-DF65-25106365399D}" = Catalyst Control Center Graphics Full New
"{F25E99CD-A296-85C2-BF1A-9E6BCDE8FA4A}" = CCC Help Greek
"{F3DCF8E5-F5BA-492B-8113-7FAAED125BE0}" = capella 1200
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCB7CDF-534B-3297-8B3E-2E7587A4AE1A}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Babylon" = Babylon
"CABAL Online: Episode IV_is1" = Cabal Online Europe - Episode IV
"Camtasia Studio 3" = Camtasia Studio 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube Download_is1" = Free YouTube Download 2.6
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"Game Maker 8.0" = Game Maker 8.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Notepad++" = Notepad++
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"RocketDock_is1" = RocketDock 1.3.5
"SC2 Replay Catcher_is1" = SC2 Replay Catcher version 0.1.0.3a
"Smart Defrag_is1" = Smart Defrag
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StarCraft II" = StarCraft II
"Stardock MyColors" = Stardock MyColors
"SW-Tukupdater_is1" = SW-TukUpdater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Uninstall_is1" = Uninstall 1.0.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"ccb6737a8af9d4ff" = Lenovo Driver Download Manager
"UnityWebPlayer" = Unity Web Player
"WinPump" = WinPump
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2011 02:14:03 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.06.2011 07:10:46 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pev.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d334d98  Name des fehlerhaften Moduls: ADVAPI32.dll_unloaded, Version: 0.0.0.0,
 Zeitstempel: 0x4a5bd97e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7785b663  ID des fehlerhaften
 Prozesses: 0x10ec  Startzeit der fehlerhaften Anwendung: 0x01cc34badcb26d09  Pfad der
 fehlerhaften Anwendung: C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX4\pev.exe  Pfad
 des fehlerhaften Moduls: ADVAPI32.dll  Berichtskennung: 1a9c5f98-a0ae-11e0-b70a-705ab65c33b2
 
Error - 27.06.2011 15:11:42 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.24.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e98    Startzeit: 
01cc34fd433820d1    Endzeit: 15    Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID:
 4791b746-a0f1-11e0-b9c2-705ab65c33b2  
 
Error - 27.06.2011 15:17:00 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.24.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d74    Startzeit: 
01cc34feaf5feadb    Endzeit: 0    Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID:
 05a386d6-a0f2-11e0-b7a3-705ab65c33b2  
 
Error - 29.06.2011 02:53:30 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 29.06.2011 02:56:44 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.06.2011 03:02:24 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.06.2011 04:22:35 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 30.06.2011 04:25:11 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.06.2011 04:30:19 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 28.03.2011 07:25:42 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:41 - Fehler beim Herstellen der Internetverbindung.  13:25:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.03.2011 07:25:55 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:49 - Fehler beim Herstellen der Internetverbindung.  13:25:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 04:34:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:34:44 - Fehler beim Herstellen der Internetverbindung.  10:34:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 04:35:36 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:35:14 - Fehler beim Herstellen der Internetverbindung.  10:35:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 06:37:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:37:45 - Fehler beim Herstellen der Internetverbindung.  12:37:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 06:38:25 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:38:14 - Fehler beim Herstellen der Internetverbindung.  12:38:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.04.2011 03:57:10 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 09:54:53 - Directory konnte nicht abgerufen werden (Fehler: Die Anfrage
 wurde abgebrochen: Die Anfrage wurde abgebrochen..)  
 
Error - 24.04.2011 04:16:26 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 - MCESpotlight konnte nicht abgerufen werden (Fehler: Invalid
 security token.)  
 
[ OSession Events ]
Error - 28.09.2010 15:26:09 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3436
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 15:37:15 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1278
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 25.11.2010 16:24:56 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10330
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2010 16:19:25 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8119
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 01.07.2011 11:34:21 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2011 11:34:22 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2011 11:34:29 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2011 11:34:29 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2011 11:34:36 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 01.07.2011 13:16:55 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2011 13:16:55 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2011 13:17:02 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2011 13:17:02 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 01.07.2011 13:17:09 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >

[*]Fragen: Wirst du immer noch auf Google-Suchen umgeleitet? Ja
Wenn ja, tritt das Problem mit dem Internet Explorer und Firefox auf? Teste und berichte bitte. Ja[/LIST]Achja, darf ich Avira wieder Installieren oder wäre das eher nicht empfehlenswert?
Sry, dass ich das ganze in 2 Seiten Posten musste, nicht genügend Schriftzeichenplätze :P
MFG,
Deathkid

M-K-D-B · 02.07.2011, 13:29

Hallo Deathkid,

Aufgrund der Umleitungen vermute ich ein Rootkit. Wir müssen es möglichst schnell finden:

Schritt # 1: AV Programm installieren
Wenn du bei Avira bleiben möchtest, kannst du es wieder installieren.
Wir empfehlen seit kurzem Avira nicht mehr. Den Grund dafür findest du hier: aviras neue partner: uniblue und ask

Wir empfehlen nur noch Avast! Free und Microsoft Security Essentials. Solltest du dich dennoch für Avira entscheiden, so empfehle ich dir bei der Installation die vorgeschlagene Toolbar nicht mit zu installieren.

Schritt # 2: Kontrolle mit VirusTotal
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen
Kopiere nun folgendes in die Suchleiste.
Code:
ATTFilter
```
C:\Windows\System32\drivers\volsnap.sys
         
```
und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Schritt # 3: Benutzerdefinierter Scan mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

C:\ProgramData\bL28601DaMcK28601\bL28601DaMcK28601\* /S
C:\Qoobox\* /s

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Nichts und danach den Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 4: Stoppen von Treibern mit Defogger

Starte das Tool mit Doppelklick.
Vista und Windows 7 User: Bitte mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.

Schritt # 5: aswMBR.exe ausführen

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

den Link zum Ergebnis von VirusTotal,
das Logfile von OTL (OTL.txt),
das Logfile von Defogger und
das Logfile von aswMBR.

Deathkid535 · 03.07.2011, 17:31

Hallo M-K-D-B,
Hier die benötigten Infromationen:

hxxp://www.virustotal.com/file-scan/report.html?id=c77d7be83cf1c0dec80429c5a519e794fd2e8c1e6dad6f5c92b5eb5694ceb8ea-1309616936

Das Logfile von OTL:

Code:

ATTFilter

OTL logfile created on: 03.07.2011 11:29:20 - Run 7
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 49,88% Memory free
6,98 Gb Paging File | 5,87 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 70,74 Gb Free Space | 46,03% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 35,64 Gb Free Space | 45,68% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
 
< C:\ProgramData\bL28601DaMcK28601\bL28601DaMcK28601 /S >
[2011.06.26 22:58:36 | 000,000,192 | ---- | M] () -- C:\ProgramData\bL28601DaMcK28601\bL28601DaMcK28601
 
< C:\Qoobox /s >

< End of report >

Das Logfile von Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:39 on 03/07/2011 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

Das Logfile von awsMBR:

Code:

ATTFilter

aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-03 17:39:22
-----------------------------
17:39:22.779    OS Version: Windows 6.1.7600 
17:39:22.779    Number of processors: 2 586 0x602
17:39:22.787    ComputerName: DENNIS-PC  UserName: 
17:39:53.175    Initialize success
17:39:54.833    AVAST engine defs: 11070300
17:40:07.063    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
17:40:07.069    Disk 0 Vendor: ST925031 0010 Size: 238475MB BusType: 11
17:40:09.160    Disk 0 MBR read successfully
17:40:09.168    Disk 0 MBR scan
17:40:09.208    Disk 0 Windows 7 default MBR code
17:40:11.322    Disk 0 scanning sectors +488397168
17:40:11.333    Disk 0 scanning C:\Windows\system32\drivers
17:40:28.867    Service scanning
17:40:30.924    Disk 0 trace - called modules:
17:40:31.076    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys 
17:40:31.087    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859937c8]
17:40:31.100    3 CLASSPNP.SYS[8857959e] -> nt!IofCallDriver -> [0x85968020]
17:40:31.113    5 amdxata.sys[881807b6] -> nt!IofCallDriver -> [0x85960908]
17:40:31.134    7 ACPI.sys[833a03b2] -> nt!IofCallDriver -> \Device\0000005b[0x8584f238]
17:40:35.819    AVAST engine scan C:\Windows
17:51:01.092    Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
17:51:01.164    The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-03 17:53:00
-----------------------------
17:53:00.818    OS Version: Windows 6.1.7600 
17:53:00.818    Number of processors: 2 586 0x602
17:53:00.821    ComputerName: DENNIS-PC  UserName: 
17:53:35.981    Initialize success
17:53:36.638    AVAST engine defs: 11070300
17:55:13.754    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
17:55:13.759    Disk 0 Vendor: ST925031 0010 Size: 238475MB BusType: 11
17:55:15.844    Disk 0 MBR read successfully
17:55:17.869    Disk 0 MBR scan
17:55:17.939    Disk 0 Windows 601 MBR fixed successfully
17:55:17.872    Disk 0 Windows 7 default MBR code
17:55:20.012    Disk 0 scanning sectors +488397168
17:55:20.031    Disk 0 scanning C:\Windows\system32\drivers
17:55:36.279    Service scanning
17:55:38.284    Disk 0 trace - called modules:
17:55:38.471    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys 
17:55:38.483    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859937c8]
17:55:38.496    3 CLASSPNP.SYS[8857959e] -> nt!IofCallDriver -> [0x85968020]
17:55:38.518    5 amdxata.sys[881807b6] -> nt!IofCallDriver -> [0x85960908]
17:55:38.529    7 ACPI.sys[833a03b2] -> nt!IofCallDriver -> \Device\0000005b[0x8584f238]
17:55:44.254    AVAST engine scan C:\Windows
18:22:11.747    Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
18:22:11.832    The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

Grüße,
Deathkid

M-K-D-B · 03.07.2011, 20:26

Hallo deathkid,

Schritt # 1: FixTDSS ausführen
Downloade dir bitte FixTDSS.exe und speichere die Datei am Desktop.

Beende alle laufenden Programme und schließe alle offenen Fenster.
Starte die FixTDSS.exe.
Windows Vista und 7 Nutzer mit Rechtsklick "Als Administrator ausführen"
Akzeptiere die Nutzungsbedingungen.
Klicke anschließend auf Proceed und bestätige mit Ok.
Das Tool wird dein Rechner neu starten.
Gegebenenfalls musst du die Ausführung von FixTDSS.exe nochmals erlauben.
Anschließend wird das Tool automatisch den Suchlauf starten.
Nach Ende des Suchlaufs erscheint ein kleines Fenster von FixTDSS mit einer Nachricht.
Poste diese mit deiner nächsten Antwort.
Starte deinen Rechner zum Abschluss neu auf.

Schritt # 2: Batch Datei ausführen
Drücke bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

@echo off
cd \
set log=%userprofile%\Desktop\ergebnis.txt
if exist %log% del %log%
rd /s /q "C:\ProgramData\bL28601DaMcK28601" >> %log% 2>&1
notepad "%userprofile%\Desktop\ergebnis.txt"
del %0

Wähle Datei --> Speichern unter
Dateiname: fix1.bat
Dateityp: Wähle Alle Dateien (*.*)
Speichere die Datei auf deinem Desktop.
Es sollte nun ungefähr so aussehen
Starte die fix1.bat.
Vista und Win7 User: Mit Rechtsklick "als Administrator starten"
Es öffnet sich die Textdatei ergebnis.txt. Diese Datei befindet sich auch auf deinem Desktop.

Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Wirst du immer noch auf Seiten umgeleitet, wenn du über Google nach etwas suchst?
Hast du bei dem Tool aswMBR auf den Button Fix oder FixMBR gedrückt? Ich frage wegen dieser Zeile:

Zitat:

17:55:17.939 Disk 0 Windows 601 MBR fixed successfully

Soweit ich weiß, fixt das Tool den MBR nicht von alleine.

Schritt # 4: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

die Nachricht von FixTDSS,
das Ergebnis der Batch Datei,
die Beantwortung der gestellten Fragen und
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

Deathkid535 · 03.07.2011, 22:25

Hallo M-K-D-B,

Die Nachricht von fixTDSS:

Code:

ATTFilter

Backdoor.Tidserv has not been found on your computer

Ergebnis.txt:

Code:

ATTFilter

Das System kann die angegebene Datei nicht finden.

Fragen:Wirst du immer noch auf Seiten umgeleitet, wenn du über Google nach etwas suchst? Ja.
Hast du bei dem Tool aswMBR auf den Button Fix oder FixMBR gedrückt? Nicht, dass ich wüsste, vielleicht hab ich mich verklickt..

Das OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 03.07.2011 22:47:54 - Run 8
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 45,66% Memory free
6,98 Gb Paging File | 5,74 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 70,08 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 35,21 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Administrator\AppData\Local\Apps\2.0\W55HJDXV.742\KR5R0CNL.RO1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe (Curse)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\Programme\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Programme\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SRS_AudioFusion_Service) -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CFA) -- C:\Windows\System32\drivers\SaiK0CFA.sys (Saitek)
DRV - (SaiU0CFA) -- C:\Windows\System32\drivers\SaiU0CFA.sys (Saitek)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SaiK0728) -- C:\Windows\System32\drivers\SaiK0728.sys (Saitek)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 5B 60 61 79 69 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.28 20:56:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.02 16:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.28 20:55:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.28 20:56:19 | 000,000,000 | ---D | M]
 
[2010.10.14 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011.07.03 13:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions
[2011.05.22 20:40:15 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.06.23 13:09:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.07 08:23:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\battlefieldplay4free@ea.com
[2011.05.20 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
File not found (No name found) -- 
[2011.07.02 16:23:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2011.04.28 20:56:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 18:13:26 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.27 21:45:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.03 22:15:02 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixTDSS.exe
[2011.07.02 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.07.02 16:24:39 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.07.02 16:24:38 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.02 16:24:29 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.02 16:24:28 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.02 16:24:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.02 16:24:21 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.02 16:23:54 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.02 16:23:53 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.02 16:23:44 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.07.02 16:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.07.01 19:33:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\!BugGrabber
[2011.07.01 17:51:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.01 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.07.01 17:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.07.01 17:50:14 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.07.01 14:17:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.07.01 09:21:05 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2011.06.30 09:05:29 | 000,100,736 | ---- | C] (GMER) -- C:\pwdirpog.sys
[2011.06.29 12:25:32 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 12:25:31 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 12:25:30 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 12:25:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 12:25:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 12:25:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.28 21:15:18 | 004,130,198 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.06.28 16:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.28 16:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.28 16:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.28 15:05:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.28 15:00:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.27 21:06:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.27 20:55:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.06.27 20:55:07 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2011.06.27 19:18:41 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RealUI 0612
[2011.06.27 12:09:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.26 22:50:35 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.06.24 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.06.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RIFT
[2011.06.22 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011.06.22 19:34:45 | 000,000,000 | ---D | C] -- C:\Programme\RIFT Game
[2011.06.22 07:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.20 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\LeilaUI 3.13
[2011.06.18 09:43:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.17 14:37:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.17 14:37:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.17 14:37:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.17 14:37:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.17 14:37:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.17 14:37:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.17 14:37:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.17 14:37:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.17 14:37:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.17 14:37:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.17 14:37:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2011.06.11 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.06.11 22:46:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 22:46:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 22:46:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:36 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011.06.10 21:15:36 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2011.06.10 21:15:36 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011.06.10 21:15:36 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011.06.10 21:15:36 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SYSINFO.OCX
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Programme\chessimo
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\8 x 8 Media AG
[2011.06.10 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011.06.07 13:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.06.07 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.03 22:48:28 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.03 22:48:28 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.03 22:42:14 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.07.03 22:39:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.03 22:39:56 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2011.07.03 22:39:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.03 22:39:35 | 1406,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.03 22:19:13 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.03 22:15:34 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixTDSS.exe
[2011.07.03 22:09:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000UA.job
[2011.07.03 22:00:27 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011.07.03 20:49:05 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.07.03 20:09:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000Core.job
[2011.07.03 18:22:11 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011.07.02 16:24:41 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.02 16:24:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.07.01 19:21:43 | 000,139,264 | ---- | M] () -- C:\Users\Administrator\Desktop\RKUnhookerLE.EXE
[2011.07.01 17:50:19 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.01 13:42:05 | 004,130,198 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.07.01 09:21:11 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2011.06.30 09:05:29 | 000,100,736 | ---- | M] (GMER) -- C:\pwdirpog.sys
[2011.06.30 09:03:59 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.29 17:08:02 | 000,449,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.27 21:45:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.06.27 20:55:08 | 000,001,222 | ---- | M] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 19:19:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:13:38 | 000,027,484 | ---- | M] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:26 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:09:21 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.27 12:05:08 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:12:02 | 001,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 10:05:41 | 000,518,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Unbenannt.PNG
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011.06.24 10:38:56 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.20 19:12:48 | 000,095,049 | ---- | M] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.20 14:12:59 | 000,949,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.20 14:12:59 | 000,704,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.20 14:12:59 | 000,222,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.20 14:12:59 | 000,189,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.11 18:58:04 | 000,004,107 | ---- | M] () -- C:\Windows\wininit.ini
[2011.06.11 14:11:05 | 000,001,246 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.06.11 10:49:21 | 000,166,400 | RHS- | M] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog2.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.10 19:08:58 | 000,000,129 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat
[2011.06.10 19:07:59 | 000,000,034 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences.dat
[2011.06.07 13:06:07 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
 
========== Files Created - No Company Name ==========
 
[2011.07.03 18:22:11 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011.07.02 16:24:41 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.01 19:21:40 | 000,139,264 | ---- | C] () -- C:\Users\Administrator\Desktop\RKUnhookerLE.EXE
[2011.07.01 17:50:19 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.06.30 09:03:58 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.28 16:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.28 16:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.28 16:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.28 16:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.28 16:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.27 22:34:59 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 20:55:08 | 000,001,222 | ---- | C] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 13:13:38 | 000,027,484 | ---- | C] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:18 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:04:42 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:02 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:11:45 | 001,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 09:56:45 | 000,095,049 | ---- | C] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.24 10:38:56 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track05.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track04.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track03.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track02.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track01.cda
[2011.06.11 14:33:23 | 000,004,107 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.11 10:49:21 | 000,166,400 | RHS- | C] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.10 21:16:36 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog2.dll
[2011.06.10 21:16:28 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.07 13:06:07 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.06.07 12:56:17 | 000,001,246 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.05.07 12:12:25 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.07 12:12:24 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011.05.07 12:11:54 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.05.07 12:11:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.13 20:14:06 | 000,390,944 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys
[2010.12.01 10:06:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 20:58:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.14 20:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.01 20:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.01 20:10:06 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010.07.01 20:02:18 | 000,006,088 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.10.22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.07.14 10:47:43 | 000,949,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,222,136 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,449,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,704,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,189,032 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.09 10:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

< End of report >

--- --- ---

Das OTL Extrafile:

Code:

ATTFilter

OTL Extras logfile created on: 03.07.2011 22:47:54 - Run 8
OTL by OldTimer - Version 3.2.24.1     Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 45,66% Memory free
6,98 Gb Paging File | 5,74 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 70,08 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 35,21 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ACD183-EAEC-82C8-F71E-8FF0B6143D7B}" = CCC Help Portuguese
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{063BBC11-7F75-3BBA-02AA-A1B5FC0E17AC}" = CCC Help Polish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11C39430-2BC0-4C47-4541-B6C8150D4A65}" = Catalyst Control Center InstallProxy
"{1375616C-B818-9FC7-0BE3-AE9AC45F1188}" = CCC Help Chinese Standard
"{14AEA387-7A94-575A-4328-07BE82BD7F32}" = ATI Catalyst Install Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3253AC2A-EC76-DC6C-6ED1-EBA5E67A79A1}" = ccc-utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36B38C30-94C1-2B9C-B973-59B2FB37CCB0}" = CCC Help Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3931705A-D653-44A8-9BB5-759B7965BE99}_is1" = YABOT Build Order Editor version 1.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1FB742-A73A-2403-639F-C8CD64A70449}" = CCC Help Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{417CE154-54E7-3655-0C24-34FBFCA5163C}" = CCC Help Finnish
"{420F882E-36E5-9C3B-BF07-B0C1911F4739}" = CCC Help Italian
"{460495AF-988E-CDD4-591D-7E75AC1CAF4A}" = Catalyst Control Center Core Implementation
"{46E8BDC8-F7BD-3F44-8DA1-9B26DAB62205}" = CCC Help Swedish
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4E0BEC25-51C6-30AE-348D-AA208ABA3400}" = CCC Help Japanese
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6128B845-A2F4-283F-92B8-C02B393373A4}" = CCC Help Hungarian
"{613B9AA5-33A3-B2BB-D87D-BF7B1C02315E}" = Catalyst Control Center Localization All
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65C743AF-D881-B71D-A753-A95C5219E78B}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{836180C6-4998-B1EE-782A-EF196850A98F}" = CCC Help Turkish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84738B59-F709-5737-524D-CAC71D74C23F}" = CCC Help English
"{848249FC-EA31-81CC-914B-7401C37B03CE}" = CCC Help Russian
"{8518ECC0-0DE4-4475-D0C1-C8114A8F0C0B}" = CCC Help French
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA1963A-5234-BECC-B5E7-7469ABBC6514}" = Catalyst Control Center Graphics Light
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D540B8F-1325-CF57-0C84-B59B03B153FB}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93ABEBEB-EEE0-4AB9-A925-2F2EC791A4CE}" = Smart Technology Programming Software 7.0.2.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96CC86A2-997F-46BF-9ADF-3857DB648765}" = chessimo 3.42
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3D7DCF8-A79C-882D-1B6F-2A5106053F9B}" = CCC Help Danish
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B569783D-389B-BA36-6A8E-1457C12E77F1}" = CCC Help Thai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BDAFF03F-3E7D-427B-A658-3807C4C58B0C}" = Goldfinger 8
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C9A3120D-C729-875A-AD54-C3AE3F9C826B}" = CCC Help Korean
"{CA050D8C-770A-41A7-B966-0056456EA27E}" = Razer StarCraft II
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF051DB4-9E13-0A5B-314D-B0AC3B3BF9D9}" = CCC Help German
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8EDD457-B59B-FFC6-7E6B-749734E71D03}" = Catalyst Control Center Graphics Previews Common
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28FD821-1863-4BC0-8B8C-959EEE805FDE}" = SRS AudioFusion
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAADF6C-CB48-DE4C-C934-1A9C11F1D7AE}" = ccc-core-static
"{EF1D891C-1616-C383-AD0B-6C8B0A8F8CC9}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F231A12D-5C87-6201-DF65-25106365399D}" = Catalyst Control Center Graphics Full New
"{F25E99CD-A296-85C2-BF1A-9E6BCDE8FA4A}" = CCC Help Greek
"{F3DCF8E5-F5BA-492B-8113-7FAAED125BE0}" = capella 1200
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCB7CDF-534B-3297-8B3E-2E7587A4AE1A}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Babylon" = Babylon
"CABAL Online: Episode IV_is1" = Cabal Online Europe - Episode IV
"Camtasia Studio 3" = Camtasia Studio 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube Download_is1" = Free YouTube Download 2.6
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"Game Maker 8.0" = Game Maker 8.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Notepad++" = Notepad++
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"RocketDock_is1" = RocketDock 1.3.5
"SC2 Replay Catcher_is1" = SC2 Replay Catcher version 0.1.0.3a
"Smart Defrag_is1" = Smart Defrag
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StarCraft II" = StarCraft II
"Stardock MyColors" = Stardock MyColors
"SW-Tukupdater_is1" = SW-TukUpdater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Uninstall_is1" = Uninstall 1.0.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"ccb6737a8af9d4ff" = Lenovo Driver Download Manager
"UnityWebPlayer" = Unity Web Player
"WinPump" = WinPump
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2011 03:02:24 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.06.2011 04:22:35 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 30.06.2011 04:25:11 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.06.2011 04:30:19 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.07.2011 14:08:08 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 01.07.2011 14:11:12 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.07.2011 14:15:51 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.07.2011 18:31:47 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 01.07.2011 18:33:15 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.07.2011 18:35:33 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 28.03.2011 07:25:42 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:41 - Fehler beim Herstellen der Internetverbindung.  13:25:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 28.03.2011 07:25:55 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:49 - Fehler beim Herstellen der Internetverbindung.  13:25:49 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 04:34:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:34:44 - Fehler beim Herstellen der Internetverbindung.  10:34:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 04:35:36 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:35:14 - Fehler beim Herstellen der Internetverbindung.  10:35:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 06:37:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:37:45 - Fehler beim Herstellen der Internetverbindung.  12:37:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 16.04.2011 06:38:25 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:38:14 - Fehler beim Herstellen der Internetverbindung.  12:38:14 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 24.04.2011 03:57:10 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 09:54:53 - Directory konnte nicht abgerufen werden (Fehler: Die Anfrage
 wurde abgebrochen: Die Anfrage wurde abgebrochen..)  
 
Error - 24.04.2011 04:16:26 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 - MCESpotlight konnte nicht abgerufen werden (Fehler: Invalid
 security token.)  
 
[ OSession Events ]
Error - 28.09.2010 15:26:09 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3436
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 15:37:15 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1278
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 25.11.2010 16:24:56 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10330
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2010 16:19:25 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8119
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.07.2011 16:25:51 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:25:52 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:26:00 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:26:00 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:26:21 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 03.07.2011 16:39:31 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:39:31 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:39:37 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:39:37 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:39:56 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc" 
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
 
< End of report >

--- --- ---

Greetz,
Deathkid

M-K-D-B · 04.07.2011, 14:17

Hallo Deathkid,

Habe mich intern mit Mitgliedern des Teams unterhalten. Wir machen folgendes:

Mit der Installation von Avast! waren wir etwas voreilig. Entferne als erstes bitte Avast über die Systemsteuerung von deinem Rechner. Anschließend entfernen wir noch die Reste von Avira.
Es ist zu riskant, nur den RegistryCleaner von Avira zu verwenden, da dieser auch Einträge von Avast! anzeigt, die dann evtl. fälschlicherweise gelöscht werden.

So gehts also für dich weiter:

Schritt # 1: Deinstallation von Programmen

Folge folgendem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- Avast! Free Antivirus
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.

Schritt # 2: Avira RegistryCleaner
Downloade dir bitte Avira RegistryCleaner auf den Desktop.

Starte das Tool mit einem Doppelklick.
Windows Vista und 7 Benutzer mit Rechtsklick "Als Administrator ausführen"
Klicke auf Keys auslesen.
Setze einen Haken bei alle auswählen.
Klicke auf Löschen.
Schließe den Avira RegistryCleaner nach dem Löschvorgang.
Starte deinen Rechner neu auf.

Schritt # 3: Windows im abgesicherten Modus starten
Starte deinen Rechner nach dieser Anleitung im abgesicherten Modus mit Netzwerktreibern.
Surfe dort mit dem IE und FF im Internet. Wirst du auch hierbei umgeleitet?
Starte anschließend deinen Rechner wieder normal auf.

Schritt # 4: ComboFix neu herunterladen
Lösche die vorhandene ComboFix.exe von deinem Desktop.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

Führe ComboFix nicht aus!

Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

eine Rückmeldung bezüglich der Deinstallation von Avast,
eine Rückmeldung bezüglich der Entfernung von Avira und
die Beantwortung der gestellten Fragen.

Deathkid535 · 04.07.2011, 16:23

Hallo M-K-D-B,

Alles Planmäßig verlaufen
Siehe nummer 1
Fragen: Wirst du auch hierbei umgeleitet? Nein

Grüße,
Deathkid

01.07.2011, 13:19	#21
Deathkid535 /// Malwareteam	MS removal Tool vollständig entfernen Hallo M-K-D-B, Ich habe Avira deinstalliert, Computer neugestartet, aber Combofik bleibt bei "... kann sich die Zeit verdoppeln" hängen. Ich habe auch schon versucht, ComboFix über die Befehlszeile auszuführen. Ausserdem jammert das Programm noich immer rum, dass AntiVir Desktop aktiv ist.

04.07.2011, 16:23	#30
Deathkid535 /// Malwareteam	MS removal Tool vollständig entfernen Hallo M-K-D-B, Alles Planmäßig verlaufen Siehe nummer 1 Fragen: Wirst du auch hierbei umgeleitet? Nein Grüße, Deathkid

MS removal Tool vollständig entfernen

Log-Analyse und Auswertung: MS removal Tool vollständig entfernen