Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Virus der google anfragen auf unbekannte webseiten weiterleitet

Virus der google anfragen auf unbekannte webseiten weiterleitet


Plagegeister aller Art und deren Bekämpfung: Virus der google anfragen auf unbekannte webseiten weiterleitet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 14.07.2011, 22:37   #1
rudak
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


Guten Abend.

und zwar hab ich heute mir anscheinend einen kleinen aber nervigen virus eingefangen.

und zwar spielt dieser in unregelmäßigen zeiten immer iwelche musik im hinter grund. und fast alle suchanfragen werden auf iwelche webseiten weitergeleitet die ich gar nicht kenne. auch ist bei mir das windows sicherheitscenter deaktiviert und wird auch deaktiviert wnen ich es manuell wieder aktiviere oder auf automatisch einstelle.

also ein ähnliches problem wie in diesem thread: http://www.trojaner-board.de/100199-...te-weiter.html


ich denke mal es hilft schon mal wenn ich hier den ersten schritt genau so mache mit dem otl tool. mit den gleichen ersten einstellungen wie da beschrieben ist.





Danke schon mal.

(OTL und OTL2 gehören zusammmen. in einer datei wars leider zu groß :/ )

Alt 14.07.2011, 23:27   #2
Swisstreasure
/// Malwareteam
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet




Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.


Schritt 2
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop
  • Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
  • Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
  • ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
  • Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.
**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.



Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:



Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.
__________________
Alt 14.07.2011, 23:59   #3
rudak
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


hier die beiden logs

Zitat:
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7141

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.07.2011 00:37:26
mbam-log-2011-07-15 (00-37-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166737
Laufzeit: 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8DDYX0ZBPZ (Trojan.FakeAlert.SA) -> Value: 8DDYX0ZBPZ -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NtWqIVLZEWZU (Trojan.FakeAlert) -> Value: NtWqIVLZEWZU -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\administrator\AppData\Local\Temp\wf0.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\wfw.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\wfx.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Users\administrator\AppData\Local\Temp\wfz.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Windows\whymia.exe.vir (Trojan.FraudPack.Gen) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{810401e2-dde0-454e-b0e2-aa89c9e5967c}.job (Trojan.FraudPack) -> Quarantined and deleted successfully.




Combofix Logfile:
Code:
ATTFilter
ComboFix 11-07-14.05 - Administrator 15.07.2011   0:52.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.6135.4457 [GMT 2:00]
ausgeführt von:: c:\users\Administrator\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\{90ED5FBF-CDA6-4F4C-8D01-C90D5B04C395}.xps
c:\users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E26E66D4-F2FF-4FA1-BB3B-8259AA609A1B}.xps
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-14 bis 2011-07-14  ))))))))))))))))))))))))))))))
.
.
2011-07-14 22:56 . 2011-07-14 22:56	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-07-14 22:33 . 2011-07-14 22:33	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Malwarebytes
2011-07-14 22:33 . 2011-07-06 17:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-14 22:33 . 2011-07-14 22:33	--------	d-----w-	c:\programdata\Malwarebytes
2011-07-14 22:33 . 2011-07-14 22:34	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-07-14 22:33 . 2011-07-06 17:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-14 20:20 . 2011-07-14 20:20	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-14 16:52 . 2011-07-14 16:52	--------	d-----w-	c:\programdata\EA Logs
2011-07-14 15:28 . 2011-07-14 15:28	64000	--sha-r-	c:\windows\SysWow64\srdelayedc.dll
2011-07-14 15:26 . 2011-07-14 15:26	--------	d-----w-	c:\programdata\UAB
2011-07-14 15:26 . 2011-07-14 15:26	--------	d-----w-	c:\users\Administrator\AppData\Local\PC_Drivers_Headquarters
2011-07-14 15:26 . 2011-07-14 15:26	--------	d-----w-	c:\programdata\Easy Driver Pro
2011-07-14 15:25 . 2011-07-14 15:25	--------	d-----w-	c:\program files (x86)\Easy Driver Pro
2011-07-14 15:17 . 2011-07-14 15:17	--------	d-----w-	c:\users\Administrator\AppData\Roaming\MotioninJoy
2011-07-14 15:17 . 2010-05-03 14:12	328712	----a-w-	c:\windows\system32\MijFrc.dll
2011-07-14 15:17 . 2011-07-14 15:17	--------	d-----w-	c:\program files\MotioninJoy
2011-07-13 20:24 . 2011-06-02 06:45	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-07-13 20:24 . 2011-06-02 06:45	243200	----a-w-	c:\windows\system32\wow64.dll
2011-07-13 20:24 . 2011-06-02 06:45	13312	----a-w-	c:\windows\system32\wow64cpu.dll
2011-07-13 20:24 . 2011-06-02 06:44	214528	----a-w-	c:\windows\system32\winsrv.dll
2011-07-13 20:24 . 2011-06-02 06:42	16384	----a-w-	c:\windows\system32\ntvdm64.dll
2011-07-13 20:24 . 2011-06-02 06:35	338944	----a-w-	c:\windows\system32\conhost.exe
2011-07-13 20:24 . 2011-06-02 05:59	14336	----a-w-	c:\windows\SysWow64\ntvdm64.dll
2011-07-13 20:24 . 2011-06-02 05:56	25600	----a-w-	c:\windows\SysWow64\setup16.exe
2011-07-13 20:24 . 2011-06-02 05:54	5120	----a-w-	c:\windows\SysWow64\wow32.dll
2011-07-13 20:24 . 2011-06-02 03:51	7680	----a-w-	c:\windows\SysWow64\instnm.exe
2011-07-13 20:24 . 2011-06-02 03:50	2048	----a-w-	c:\windows\SysWow64\user.exe
2011-07-11 23:55 . 2011-07-11 23:55	--------	d-----w-	c:\users\Administrator\AppData\Local\CrashRpt
2011-07-11 23:45 . 2011-07-11 23:54	--------	d--h--w-	c:\windows\msdownld.tmp
2011-07-11 23:00 . 2011-07-11 23:00	--------	d-----w-	c:\program files (x86)\Atari
2011-07-10 14:10 . 2011-07-14 22:42	--------	d-----w-	c:\users\Administrator\AppData\Local\Htc
2011-07-10 14:09 . 2011-07-10 14:10	--------	d-----w-	c:\users\Administrator\AppData\Roaming\HTC
2011-07-10 14:09 . 2011-07-10 14:09	--------	d-----w-	c:\users\Administrator\AppData\Local\Downloaded Installations
2011-07-10 14:08 . 2011-07-10 14:08	--------	d-----w-	c:\program files (x86)\Spirent Communications
2011-07-10 14:08 . 2011-07-10 14:09	--------	d-----w-	c:\program files (x86)\HTC
2011-07-09 13:04 . 2011-07-14 16:59	--------	d-----w-	c:\users\Administrator\AppData\Roaming\MudTV
2011-07-09 12:10 . 2011-07-09 12:10	--------	d-----w-	c:\users\Administrator\AppData\Roaming\CorsixTH
2011-07-08 20:51 . 2011-07-08 20:51	--------	d-----w-	c:\users\Administrator\AppData\Local\PowerChallenge
2011-07-07 21:40 . 2011-07-07 21:40	--------	d-----w-	c:\users\Administrator\AppData\Local\Quadriga Games
2011-07-07 21:33 . 2011-07-07 21:33	--------	d-----w-	c:\program files (x86)\Quadriga Games
2011-07-06 19:32 . 2011-07-06 19:32	--------	d-----w-	c:\program files (x86)\Apple Software Update
2011-07-02 16:13 . 2011-07-02 16:13	--------	d-----w-	c:\windows\CheckSur
2011-07-02 14:57 . 2011-07-02 14:57	--------	d-----w-	c:\users\Administrator\AppData\Roaming\KoshyJohn.com
2011-06-30 10:00 . 2011-06-30 11:22	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Tropico 3
2011-06-29 04:46 . 2011-05-24 11:21	404992	----a-w-	c:\windows\system32\umpnpmgr.dll
2011-06-29 04:46 . 2011-05-24 10:34	64512	----a-w-	c:\windows\SysWow64\devobj.dll
2011-06-29 04:46 . 2011-05-24 10:34	44544	----a-w-	c:\windows\SysWow64\devrtl.dll
2011-06-29 04:46 . 2011-05-24 10:34	145920	----a-w-	c:\windows\SysWow64\cfgmgr32.dll
2011-06-29 04:46 . 2011-05-24 10:32	252928	----a-w-	c:\windows\SysWow64\drvinst.exe
2011-06-27 20:49 . 2011-06-27 20:49	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Lionhead Studios
2011-06-26 10:28 . 2011-06-26 10:28	--------	d-----w-	c:\users\Administrator\Arschloch 2.0
2011-06-22 13:12 . 2011-06-22 13:12	--------	d-----w-	c:\users\Administrator\AppData\Local\PhotoDose
2011-06-22 13:12 . 2011-06-22 13:12	--------	d-----w-	c:\programdata\PhotoDose
2011-06-22 13:12 . 2011-06-22 13:12	--------	d-----w-	c:\program files (x86)\PhotoDose
2011-06-15 07:31 . 2011-04-27 02:57	102400	----a-w-	c:\windows\system32\drivers\dfsc.sys
2011-06-15 07:31 . 2011-04-25 05:32	1896832	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-06-15 07:31 . 2011-04-25 02:44	499712	----a-w-	c:\windows\system32\drivers\afd.sys
2011-06-15 07:31 . 2011-04-29 05:47	1110528	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 07:31 . 2011-04-29 05:08	759296	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2011-06-15 07:31 . 2011-05-04 02:51	287744	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 07:31 . 2011-05-04 02:51	157696	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 07:31 . 2011-05-04 02:51	126464	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-29 08:46 . 2010-06-25 15:12	607232	----a-w-	C:\MUtils.dll
2011-06-29 08:46 . 2010-06-25 15:12	2392576	----a-w-	C:\MUIUtils.dll
2011-06-29 08:46 . 2010-06-25 15:12	943104	----a-w-	C:\MUIMessage.dll
2011-06-29 08:46 . 2010-06-25 15:12	785920	----a-w-	C:\MUICoreLib.dll
2011-06-29 08:46 . 2010-06-25 15:12	2581504	----a-w-	C:\MUICore.dll
2011-06-29 08:46 . 2010-06-25 15:12	91136	----a-w-	C:\MReport.dll
2011-06-29 08:46 . 2010-06-25 15:12	859648	----a-w-	C:\MISB.dll
2011-06-29 08:46 . 2010-06-25 15:12	247296	----a-w-	C:\MKernel.dll
2011-06-29 08:46 . 2010-06-25 15:12	763392	----a-w-	C:\MDb.dll
2011-06-29 08:46 . 2010-06-25 15:12	147968	----a-w-	C:\MFacebook.dll
2011-06-29 08:46 . 2010-06-25 15:12	1432576	----a-w-	C:\MCore.dll
2011-06-29 08:46 . 2010-06-25 15:12	104448	----a-w-	C:\MCoreLib.dll
2011-06-29 08:46 . 2010-06-25 15:12	199168	----a-w-	C:\MBContainer.dll
2011-06-29 08:46 . 2010-06-25 15:12	149504	----a-w-	C:\MCompressLib.dll
2011-06-29 08:46 . 2010-06-25 15:11	124216	----a-w-	C:\ICQ.exe
2011-06-28 11:30 . 2010-10-23 07:38	88288	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-28 11:30 . 2010-10-23 07:38	123784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-27 20:50 . 2009-08-18 11:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2011-06-27 20:50 . 2009-08-18 10:24	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-02 05:56 . 2011-07-13 20:24	44032	----a-w-	c:\windows\apppatch\acwow64.dll
2011-05-04 02:52 . 2011-04-17 12:11	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-04-22 20:18 . 2011-05-25 04:36	27008	----a-w-	c:\windows\system32\drivers\Diskdump.sys
2011-04-16 10:34 . 2010-06-25 15:12	2560000	----a-w-	C:\sipXmediaLib.dll
2006-05-03 09:06	163328	--sh--r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 10:47	31232	--sh--r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 12:30	216064	--sh--r-	c:\windows\SysWOW64\nbDX.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
"Octoshape Streaming Services"="c:\users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"TomTomHOME.exe"="c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe" [2011-03-09 247728]
"RssReader"="c:\users\Administrator\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe" [2008-10-07 3084288]
"DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2010-10-02 92672]
"Copernic Desktop Search - Home"="c:\program files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe" [2010-06-15 1611264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-04-26 593920]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2011\mshaktuell.exe [2011-5-5 1224304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 ALSysIO;ALSysIO;c:\users\ADMINI~1\AppData\Local\Temp\ALSysIO64.sys [x]
R3 DfSdkS;Defragmentation-Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe [2009-08-24 544768]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 51727736]
R3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 StkCMini;Syntek AVStream USB2.0 VGA WebCam;c:\windows\system32\Drivers\StkCMini.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2009-10-14 11856]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 acthelper;Ashampoo CoreTuner Helper Service;c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe [2010-02-15 902488]
R4 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-04-16 173352]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2011-03-09 92592]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2010-05-10 1403208]
S0 oem-drv64;OEM-SLP2.1 Driver (HPD64);c:\windows\system32\DRIVERS\oem-drv64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2011-06-28 340136]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-06-28 428200]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-03-31 80896]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
S3 netr28ux;RT2870-USB-Drahtlos-LAN-Kartentreiber für Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-466614843-1103789956-2564716473-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-26 19:14]
.
2011-07-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-466614843-1103789956-2564716473-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-26 19:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1612880]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"Ashampoo Core Tuner"="c:\program files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe" [2010-02-15 428376]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-17 190472]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: An OneNote s&enden - c:\program files\Microsoft Office\Office14\ONBttnIE.dll/105
IE: Free YouTube to Mp3 Converter - c:\users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\program files\Microsoft Office\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\program files (x86)\MICROS~3\Office12\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: COMPUTERBILD-Abzockschutz: {d49175b3-3fd8-43b8-b28e-da5d47f3c398} - %profile%\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: FIFA Online Web Launcher: eafo3fflauncher@ea.com - %profile%\extensions\eafo3fflauncher@ea.com
FF - Ext: Verbindungzu Copernic Desktop Search - Home: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0} - c:\program files (x86)\Copernic Desktop Search - Home\Firefox36Connector
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.interval - 600000
FF - user.js: content.switch.threshold - 600000
FF - user.js: nglayout.initialpaint.delay - 600
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,a4,fe,a1,f0,c4,ee,48,83,7c,93,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,a4,fe,a1,f0,c4,ee,48,83,7c,93,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,14,a4,fe,a1,f0,c4,ee,48,83,7c,93,\
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\vlc.exe"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AIF\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASF\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AU\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cpt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\photoviewer.dll"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dll\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\notepad.exe"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ite"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itlp"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.key\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\avp.exe"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MID\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MP3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPE\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPG\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nfo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="nfo_auto_file"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pls"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RMI\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WAV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdseml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ThunderbirdEML"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WMA\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WMV\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\Software\SecuROM\License information*]
"datasecu"=hex:b9,a1,2c,03,be,ad,c9,de,59,3f,24,a7,55,ac,99,7e,cb,9c,12,bd,cd,
   ad,9e,86,a1,4b,a9,4d,77,23,9d,f9,41,39,f6,30,d1,14,ba,c5,a1,b3,78,f5,00,3c,\
"rkeysecu"=hex:9d,00,33,f3,5a,22,ff,38,d1,28,ef,a9,fc,74,e6,6f
.
[HKEY_USERS\S-1-5-21-466614843-1103789956-2564716473-500\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\DirectInput\VID_0079&PID_0006\Calibration\0\Type\Axes]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2011-07-15  00:58:13
ComboFix-quarantined-files.txt  2011-07-14 22:58
.
Vor Suchlauf: 15 Verzeichnis(se), 813.732.544.512 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 813.774.012.416 Bytes frei
.
- - End Of File - - 0D124D9804891C9833D0BCB6361B0BC1
--- --- ---
__________________
Alt 15.07.2011, 01:35   #4
Swisstreasure
/// Malwareteam
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


Schon ne Besserung?

Alt 15.07.2011, 09:20   #5
rudak
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


ja, also hab grad 20 google anfragen gemacht und alle kamen auf der richtigen seite an. musik kam auch keine und das sicherheitscenter ist seit dem start direkt wieder automatisch aktiv


Alt 15.07.2011, 22:16   #6
Swisstreasure
/// Malwareteam
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


Schritt 1

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
Alt 16.07.2011, 13:09   #7
rudak
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


okay. bei quick scan gibt er nur eine otl.txt aus


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 16.07.2011 14:05:43 - Run 3
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,84 Gb Available Physical Memory | 64,03% Memory free
11,98 Gb Paging File | 9,59 Gb Available in Paging File | 80,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,26 Gb Total Space | 757,89 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (StkSSrv) -- C:\Windows\SysNative\StkCSrv.exe (Syntek America Inc.)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (acthelper) -- C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe (Ashampoo Development GmbH & Co. KG)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (oem-drv64) OEM-SLP2.1 Driver (HPD64) -- C:\Windows\SysNative\drivers\oem-drv64.sys (secr9tos)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\drivers\StkCMini.sys (Syntek)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 F8 B1 D0 F9 F7 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29
FF - prefs.js..extensions.enabledItems: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.3.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ADMINI~1\AppData\LocalLow\PowerChallenge\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.25 13:06:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.25 13:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.15 22:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.17 14:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.06.22 13:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector [2010.07.02 11:18:26 | 000,000,000 | ---D | M]
 
[2010.06.06 17:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010.05.04 08:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.06 17:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.09.26 08:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions
[2010.05.04 07:57:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.04 07:57:43 | 000,000,000 | ---D | M] (kikin plugin (Murb.com Edition)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.08.02 13:22:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.19 10:35:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.26 05:40:24 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.09.23 06:43:51 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\DeviceDetection@logitech.com
[2010.08.28 13:14:59 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\eafo3fflauncher@ea.com
[2010.06.26 05:40:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\firefox@tvunetworks.com
[2010.05.04 07:57:22 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\NPDyyno@dyyno.com
[2010.05.04 07:57:23 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\OberonGameHost@OberonGames.com
[2008.12.14 17:02:10 | 000,000,681 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\searchplugins\ask.xml
[2010.09.21 13:23:45 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\searchplugins\icqplugin-1.xml
[2009.10.31 13:25:48 | 000,000,955 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\searchplugins\icqplugin.xml
[2009.03.22 15:54:00 | 000,003,915 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\searchplugins\sweetim.xml
[2011.06.22 18:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.04 11:44:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.17 14:11:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.22 18:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.07.02 11:18:26 | 000,000,000 | ---D | M] (Verbindung zu Copernic Desktop Search - Home) -- C:\PROGRAM FILES (X86)\COPERNIC DESKTOP SEARCH - HOME\FIREFOX36CONNECTOR
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.03 13:14:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.09.09 21:23:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 21:23:09 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.09 21:23:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.09 21:23:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.09 21:23:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.15 00:56:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000318.dll (Copernic Inc.)
O4:64bit: - HKLM..\Run: [Ashampoo Core Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe (Ashampoo Development GmbH & Co. KG)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [RssReader] C:\Users\Administrator\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe (QlikWorld BV)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.15 18:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.07.15 18:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.07.15 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.07.15 01:47:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.15 00:58:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.07.15 00:51:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.07.15 00:51:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.07.15 00:51:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.07.15 00:51:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.15 00:47:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.15 00:33:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.07.15 00:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.15 00:33:20 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.14 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2011.07.14 17:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011.07.14 17:26:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PC_Drivers_Headquarters
[2011.07.14 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy Driver Pro
[2011.07.14 17:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro
[2011.07.14 17:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Driver Pro
[2011.07.14 17:17:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MotioninJoy
[2011.07.14 17:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2011.07.14 17:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2011.07.12 01:56:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Eden Games
[2011.07.12 01:55:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashRpt
[2011.07.12 01:45:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011.07.12 01:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011.07.12 01:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2011.07.10 16:19:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings
[2011.07.10 16:11:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Photos
[2011.07.10 16:11:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Documents
[2011.07.10 16:10:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.10 16:10:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Htc
[2011.07.10 16:09:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HTC
[2011.07.10 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011.07.10 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Downloaded Installations
[2011.07.10 16:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011.07.10 16:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2011.07.10 16:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2011.07.09 15:04:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MudTV
[2011.07.09 14:10:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\CorsixTH
[2011.07.08 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PowerChallenge
[2011.07.07 23:40:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Quadriga Games
[2011.07.07 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Die Polizei
[2011.07.07 23:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quadriga Games
[2011.07.06 21:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.07.02 18:13:42 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.07.02 16:57:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
[2011.07.02 16:57:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\KoshyJohn.com
[2011.06.30 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tropico 3
[2011.06.27 22:49:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Lionhead Studios
[2011.06.26 12:28:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Arschloch 2.0
[2011.06.22 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PhotoDose
[2011.06.22 15:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoDose
[2011.06.22 15:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoDose
[2011.06.22 15:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoDose
[2011.06.16 15:41:03 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\Fotoheft Lilly, Benni,Lissi und Frida
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.16 13:34:00 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-466614843-1103789956-2564716473-500UA.job
[2011.07.16 09:06:48 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.16 09:06:48 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.16 09:02:29 | 001,497,950 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.16 09:02:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.16 09:02:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.16 09:02:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.16 09:02:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.16 08:57:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.16 08:57:48 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.15 18:56:11 | 000,905,178 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.15 00:56:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.07.14 23:34:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-466614843-1103789956-2564716473-500Core.job
[2011.07.14 22:43:51 | 000,000,484 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
[2011.07.14 22:16:51 | 000,358,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.14 18:34:51 | 000,002,438 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.07.14 17:28:25 | 000,064,000 | RHS- | M] () -- C:\Windows\SysWow64\srdelayedc.dll
[2011.07.14 17:25:34 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk
[2011.07.14 17:17:22 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011.07.14 17:09:23 | 000,001,292 | ---- | M] () -- C:\Users\Public\Desktop\Fire Patch 2011.lnk
[2011.07.12 01:17:40 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Test Drive Unlimited 2.lnk
[2011.07.10 16:09:43 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011.07.10 08:52:52 | 000,005,632 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.07 22:44:39 | 000,429,977 | ---- | M] () -- C:\Users\Administrator\Documents\Ihr_Versicherungsnachtrag.pdf
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.02 16:57:59 | 000,001,984 | ---- | M] () -- C:\Users\Administrator\Desktop\Memory Cleaner.lnk
[2011.06.29 10:46:36 | 000,607,232 | ---- | M] (ICQ, LLC.) -- C:\MUtils.dll
[2011.06.29 10:46:35 | 002,392,576 | ---- | M] (ICQ, LLC.) -- C:\MUIUtils.dll
[2011.06.29 10:46:31 | 000,943,104 | ---- | M] (ICQ, LLC.) -- C:\MUIMessage.dll
[2011.06.29 10:46:30 | 000,785,920 | ---- | M] (ICQ, LLC.) -- C:\MUICoreLib.dll
[2011.06.29 10:46:29 | 002,581,504 | ---- | M] (ICQ, LLC.) -- C:\MUICore.dll
[2011.06.29 10:46:26 | 000,859,648 | ---- | M] (ICQ, LLC.) -- C:\MISB.dll
[2011.06.29 10:46:26 | 000,247,296 | ---- | M] (ICQ, LLC.) -- C:\MKernel.dll
[2011.06.29 10:46:26 | 000,091,136 | ---- | M] (ICQ, LLC.) -- C:\MReport.dll
[2011.06.29 10:46:25 | 000,763,392 | ---- | M] (ICQ, LLC.) -- C:\MDb.dll
[2011.06.29 10:46:25 | 000,147,968 | ---- | M] (ICQ, LLC.) -- C:\MFacebook.dll
[2011.06.29 10:46:23 | 001,432,576 | ---- | M] (ICQ, LLC.) -- C:\MCore.dll
[2011.06.29 10:46:23 | 000,104,448 | ---- | M] (ICQ, LLC.) -- C:\MCoreLib.dll
[2011.06.29 10:46:21 | 000,199,168 | ---- | M] (ICQ, LLC.) -- C:\MBContainer.dll
[2011.06.29 10:46:21 | 000,149,504 | ---- | M] (ICQ, LLC.) -- C:\MCompressLib.dll
[2011.06.29 10:46:19 | 000,124,216 | ---- | M] (ICQ, LLC.) -- C:\ICQ.exe
[2011.06.28 13:30:35 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.06.28 13:30:35 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011.06.22 15:12:54 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\PhotoDose 4.2.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.15 18:56:05 | 000,905,178 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2011.07.15 00:51:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.15 00:51:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.15 00:51:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.15 00:51:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.15 00:51:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.07.14 22:43:51 | 000,000,484 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2011.07.14 17:28:25 | 000,064,000 | RHS- | C] () -- C:\Windows\SysWow64\srdelayedc.dll
[2011.07.14 17:25:34 | 000,002,323 | ---- | C] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk
[2011.07.14 17:17:22 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011.07.14 17:09:23 | 000,001,292 | ---- | C] () -- C:\Users\Public\Desktop\Fire Patch 2011.lnk
[2011.07.12 01:17:40 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Test Drive Unlimited 2.lnk
[2011.07.10 16:09:43 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011.07.07 22:44:39 | 000,429,977 | ---- | C] () -- C:\Users\Administrator\Documents\Ihr_Versicherungsnachtrag.pdf
[2011.07.03 11:11:21 | 005,440,160 | ---- | C] () -- C:\Users\Administrator\Desktop\DSC01402.JPG
[2011.07.02 16:57:59 | 000,001,984 | ---- | C] () -- C:\Users\Administrator\Desktop\Memory Cleaner.lnk
[2011.06.22 15:12:54 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\PhotoDose 4.2.lnk
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.05 12:33:06 | 000,000,732 | ---- | C] () -- C:\Windows\wiso.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.23 14:18:13 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.11.15 20:02:40 | 000,073,728 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010.10.21 18:01:30 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010.09.20 17:15:01 | 000,125,996 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.09.09 20:08:19 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.08.28 13:17:36 | 000,214,592 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.28 13:17:19 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.28 13:17:19 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.07.16 20:28:54 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010.05.25 18:40:27 | 000,005,632 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.04 11:47:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.05.03 22:03:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.03 13:25:43 | 000,035,130 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.05.03 13:25:23 | 000,024,169 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.05.03 13:16:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.03 13:12:25 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2010.05.03 13:12:25 | 000,052,836 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010.05.03 13:12:24 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2010.05.03 13:12:24 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2010.05.03 13:12:24 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat
[2010.05.03 13:12:13 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2010.05.03 13:12:13 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat
[2010.05.03 13:11:58 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2010.05.03 13:11:58 | 000,010,292 | ---- | C] () -- C:\Windows\unins000.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.04.16 13:12:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2011.04.26 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BlackBean
[2011.05.05 12:33:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Buhl Data Service
[2010.05.23 15:21:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe_Limited
[2010.07.02 11:19:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.07.02 11:17:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Copernic
[2011.07.09 14:10:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CorsixTH
[2010.05.04 08:08:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010.08.02 13:22:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.03 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EasySuite
[2010.08.03 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FOG Downloader
[2010.05.03 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit
[2011.07.10 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HTC
[2011.07.10 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.14 22:19:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2011.04.16 16:42:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2010.09.02 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Kalypso Media
[2011.07.02 16:57:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\KoshyJohn.com
[2010.05.04 09:04:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2011.06.27 22:49:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lionhead Studios
[2011.07.14 17:17:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MotioninJoy
[2011.07.14 18:59:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MudTV
[2010.08.03 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Need for Speed World
[2010.08.24 15:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2010.09.28 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Qlikworld
[2010.05.07 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2010.05.04 08:01:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2010.05.31 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tilted Mill
[2010.07.20 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom
[2011.06.30 13:22:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tropico 3
[2010.05.09 07:22:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2010.05.04 08:09:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010.06.23 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ubisoft
[2011.05.23 08:11:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.07.15 01:47:17 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.06.06 18:52:17 | 000,000,000 | ---D | M] -- C:\aaaaaaaaaaaaaaa
[2011.07.15 18:57:17 | 000,000,000 | ---D | M] -- C:\AMD
[2010.07.29 12:08:32 | 000,000,000 | ---D | M] -- C:\ATI
[2010.05.03 13:59:12 | 000,000,000 | ---D | M] -- C:\Boot
[2010.07.23 11:00:45 | 000,000,000 | ---D | M] -- C:\boxelyToolkit
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.03 13:06:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.08 18:19:50 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.10.23 11:12:57 | 000,000,000 | ---D | M] -- C:\Grand Prix Championship 2010
[2010.07.23 11:00:45 | 000,000,000 | ---D | M] -- C:\imApp
[2010.06.01 11:39:26 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.07.23 11:00:45 | 000,000,000 | ---D | M] -- C:\packages
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.14 17:17:21 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.15 18:57:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.07.15 18:57:35 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.05.03 13:06:45 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.15 00:58:15 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.05.03 13:06:45 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.01.06 07:28:42 | 000,000,000 | ---D | M] -- C:\sounds
[2011.07.16 14:06:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.05.03 13:06:51 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.16 05:28:55 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.15 00:09:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2009.10.15 00:09:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.15 00:09:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2009.10.15 00:09:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2009.10.15 00:09:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2009.10.15 00:09:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.10.15 00:09:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2009.10.15 00:09:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
--- --- ---
Alt 17.07.2011, 09:33   #8
Swisstreasure
/// Malwareteam
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


Heute gehts weiter. Bin am arbeiten

Alt 17.07.2011, 11:57   #9
rudak
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


alles klar super vielen dank schon mal

Alt 17.07.2011, 18:38   #10
Swisstreasure
/// Malwareteam
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Alt 18.07.2011, 15:43   #11
rudak
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


uff dauerte länger als erwartet, aber hier das log.


Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=b14efa233c272544a9c19f3906e83496
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-18 02:39:37
# local_time=2011-07-18 04:39:37 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1792 16777215 100 0 23169081 23169081 0 0
# compatibility_mode=8192 67108863 100 0 22778 22778 0 0
# scanned=229025
# found=8
# cleaned=0
# scan_time=11417
C:\Program Files (x86)\CryptLoad_1.1.8\router\FRITZ!Box\voip.exe a variant of Win32/TrojanDownloader.Banload.QGL trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2011\pes2011-config.exe a variant of Win32/Packed.MoleboxVS.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2011\pes2011-jen.exe a variant of Win32/Packed.MoleboxVS.A application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Microsoft Games\Fable III\paul.dll.vir a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\7feec9b0-1bb94b48.vir multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Users\Administrator\Documents\Firstload Ikarus\FirstloadIkarus-Setup0.17.3018.0.exe probably a variant of Win32/Agent.HXMAPDO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Administrator\Downloads\icq_status_checker17\ICQ Status Checker 1.7 Setup.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Administrator\Downloads\Programme\W7ULTIV3X64\W7UV3X64\W7UV3X64.iso Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

Alt 19.07.2011, 10:47   #12
Swisstreasure
/// Malwareteam
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


Sind das Originalspiele?
Zitat:
Pro Evolution Soccer 2011
Fable III
Würde darauf verzichten. Entferne sie aus den Prgrammen:
Zitat:
Firstload Ikarus
icq_status_checker17
W7ULTIV3X64

Alt 19.07.2011, 12:05   #13
rudak
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


ja sind orginal spiele. sind nur auf beiden user patches drauf, also bei PES wegen bundesliga und so

ok die programme entferne ich direkt.

Alt 19.07.2011, 12:08   #14
Swisstreasure
/// Malwareteam
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
Alt 19.07.2011, 12:27   #15
rudak
 
Virus der google anfragen auf unbekannte webseiten weiterleitet - Standard

Virus der google anfragen auf unbekannte webseiten weiterleitet


ok...erledigt


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.07.2011 13:21:53 - Run 4
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Administrator\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,99 Gb Total Physical Memory | 3,94 Gb Available Physical Memory | 65,84% Memory free
11,98 Gb Paging File | 9,66 Gb Available in Paging File | 80,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1397,26 Gb Total Space | 848,28 Gb Free Space | 60,71% Space Free | Partition Type: NTFS
 
Computer Name: FIFU-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC -  File not found
PRC - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (StkSSrv) -- C:\Windows\SysNative\StkCSrv.exe (Syntek America Inc.)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (TomTomHOMEService) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (acthelper) -- C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\ACTHelperService.exe (Ashampoo Development GmbH & Co. KG)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (libusb-Win32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (oem-drv64) OEM-SLP2.1 Driver (HPD64) -- C:\Windows\SysNative\drivers\oem-drv64.sys (secr9tos)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.)
DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.)
DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.)
DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.)
DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (StkCMini) -- C:\Windows\SysNative\drivers\StkCMini.sys (Syntek)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 09 F8 B1 D0 F9 F7 CA 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.20.0.66
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.29
FF - prefs.js..extensions.enabledItems: {E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}:3.0.3.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
FF - HKCU\Software\MozillaPlugins\@powerchallenge.com/PowerLoader: C:\Users\ADMINI~1\AppData\LocalLow\PowerChallenge\nppowerloader.dll (Power Challenge Sweden AB)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.05.25 13:06:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.05.25 13:06:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.15 22:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.17 14:11:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.06.22 13:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector [2010.07.02 11:18:26 | 000,000,000 | ---D | M]
 
[2010.06.06 17:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2010.05.04 08:01:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.06.06 17:08:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.09.26 08:56:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions
[2010.05.04 07:57:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.04 07:57:43 | 000,000,000 | ---D | M] (kikin plugin (Murb.com Edition)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.08.02 13:22:54 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.08.19 10:35:16 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.06.26 05:40:24 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.09.23 06:43:51 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\DeviceDetection@logitech.com
[2010.08.28 13:14:59 | 000,000,000 | ---D | M] (FIFA Online Web Launcher) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\eafo3fflauncher@ea.com
[2010.06.26 05:40:25 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\firefox@tvunetworks.com
[2010.05.04 07:57:22 | 000,000,000 | ---D | M] (Simple Dyyno Launcher) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\NPDyyno@dyyno.com
[2010.05.04 07:57:23 | 000,000,000 | ---D | M] (Oberon Game Host) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\tgi1zjay.default\extensions\OberonGameHost@OberonGames.com
[2008.12.14 17:02:10 | 000,000,681 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\searchplugins\ask.xml
[2010.09.21 13:23:45 | 000,000,950 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\searchplugins\icqplugin-1.xml
[2009.10.31 13:25:48 | 000,000,955 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\searchplugins\icqplugin.xml
[2009.03.22 15:54:00 | 000,003,915 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\tgi1zjay.default\searchplugins\sweetim.xml
[2011.06.22 18:35:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.04 11:44:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2011.04.17 14:11:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.06.22 18:35:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2010.07.02 11:18:26 | 000,000,000 | ---D | M] (Verbindung zu Copernic Desktop Search - Home) -- C:\PROGRAM FILES (X86)\COPERNIC DESKTOP SEARCH - HOME\FIREFOX36CONNECTOR
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.05.03 13:14:34 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2010.09.09 21:23:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.09.09 21:23:09 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.09.09 21:23:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.09.09 21:23:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.09.09 21:23:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.07.15 00:56:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Symbolleiste für Copernic Desktop Search - Home) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000318.dll (Copernic Inc.)
O4:64bit: - HKLM..\Run: [Ashampoo Core Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe (Ashampoo Development GmbH & Co. KG)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Ashampoo Core Tuner] C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner\autostarter.exe (Ashampoo Development GmbH & Co. KG)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (MotioninJoy | Playstation 3|Xbox 360|Dualshock 3|Sixaxis|Game|Driver|)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Administrator\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [RssReader] C:\Users\Administrator\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe (QlikWorld BV)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.18 07:09:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.07.15 18:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011.07.15 18:57:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2011.07.15 18:56:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011.07.15 01:47:17 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.15 00:58:14 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.07.15 00:51:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.07.15 00:51:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.07.15 00:51:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.07.15 00:51:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.15 00:47:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.15 00:33:27 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.07.15 00:33:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.15 00:33:20 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.14 18:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2011.07.14 17:26:24 | 000,000,000 | ---D | C] -- C:\ProgramData\UAB
[2011.07.14 17:26:20 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PC_Drivers_Headquarters
[2011.07.14 17:26:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Easy Driver Pro
[2011.07.14 17:25:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Driver Pro
[2011.07.14 17:25:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Easy Driver Pro
[2011.07.14 17:17:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MotioninJoy
[2011.07.14 17:17:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MotioninJoy
[2011.07.14 17:17:21 | 000,000,000 | ---D | C] -- C:\Program Files\MotioninJoy
[2011.07.12 01:56:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\Eden Games
[2011.07.12 01:55:38 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\CrashRpt
[2011.07.12 01:45:12 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2011.07.12 01:17:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2011.07.12 01:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atari
[2011.07.10 16:19:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Local Settings
[2011.07.10 16:11:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Photos
[2011.07.10 16:11:37 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Documents\My Documents
[2011.07.10 16:10:30 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.10 16:10:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Htc
[2011.07.10 16:09:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\HTC
[2011.07.10 16:09:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC Sync
[2011.07.10 16:09:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Downloaded Installations
[2011.07.10 16:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
[2011.07.10 16:08:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spirent Communications
[2011.07.10 16:08:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HTC
[2011.07.09 15:04:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\MudTV
[2011.07.09 14:10:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\CorsixTH
[2011.07.08 22:51:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PowerChallenge
[2011.07.07 23:40:47 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Quadriga Games
[2011.07.07 23:38:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Die Polizei
[2011.07.07 23:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Quadriga Games
[2011.07.06 21:32:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011.07.02 18:13:42 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2011.07.02 16:57:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
[2011.07.02 16:57:57 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\KoshyJohn.com
[2011.06.30 12:00:18 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Tropico 3
[2011.06.27 22:49:23 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Lionhead Studios
[2011.06.26 12:28:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Arschloch 2.0
[2011.06.22 15:12:58 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\PhotoDose
[2011.06.22 15:12:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoDose
[2011.06.22 15:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\PhotoDose
[2011.06.22 15:12:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoDose
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.19 13:02:06 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.19 13:02:06 | 000,010,416 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.19 12:52:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.19 12:51:57 | 529,883,135 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.19 06:34:00 | 000,001,152 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-466614843-1103789956-2564716473-500UA.job
[2011.07.16 09:02:29 | 001,497,950 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.16 09:02:29 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.07.16 09:02:29 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.16 09:02:29 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.07.16 09:02:29 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.07.15 18:56:11 | 000,905,178 | -H-- | M] () -- C:\Windows\MEMORY.DMP
[2011.07.15 00:56:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.07.14 23:34:02 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-466614843-1103789956-2564716473-500Core.job
[2011.07.14 22:43:51 | 000,000,484 | RHS- | M] () -- C:\Users\Administrator\ntuser.pol
[2011.07.14 22:16:51 | 000,358,544 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.07.14 18:34:51 | 000,002,438 | ---- | M] () -- C:\Users\Administrator\Desktop\Google Chrome.lnk
[2011.07.14 17:28:25 | 000,064,000 | RHS- | M] () -- C:\Windows\SysWow64\srdelayedc.dll
[2011.07.14 17:25:34 | 000,002,323 | ---- | M] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk
[2011.07.14 17:17:22 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011.07.14 17:09:23 | 000,001,292 | ---- | M] () -- C:\Users\Public\Desktop\Fire Patch 2011.lnk
[2011.07.12 01:17:40 | 000,001,063 | ---- | M] () -- C:\Users\Public\Desktop\Test Drive Unlimited 2.lnk
[2011.07.10 16:09:43 | 000,001,058 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011.07.10 08:52:52 | 000,005,632 | ---- | M] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.07 22:44:39 | 000,429,977 | ---- | M] () -- C:\Users\Administrator\Documents\Ihr_Versicherungsnachtrag.pdf
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.02 16:57:59 | 000,001,984 | ---- | M] () -- C:\Users\Administrator\Desktop\Memory Cleaner.lnk
[2011.06.29 10:46:36 | 000,607,232 | ---- | M] (ICQ, LLC.) -- C:\MUtils.dll
[2011.06.29 10:46:35 | 002,392,576 | ---- | M] (ICQ, LLC.) -- C:\MUIUtils.dll
[2011.06.29 10:46:31 | 000,943,104 | ---- | M] (ICQ, LLC.) -- C:\MUIMessage.dll
[2011.06.29 10:46:30 | 000,785,920 | ---- | M] (ICQ, LLC.) -- C:\MUICoreLib.dll
[2011.06.29 10:46:29 | 002,581,504 | ---- | M] (ICQ, LLC.) -- C:\MUICore.dll
[2011.06.29 10:46:26 | 000,859,648 | ---- | M] (ICQ, LLC.) -- C:\MISB.dll
[2011.06.29 10:46:26 | 000,247,296 | ---- | M] (ICQ, LLC.) -- C:\MKernel.dll
[2011.06.29 10:46:26 | 000,091,136 | ---- | M] (ICQ, LLC.) -- C:\MReport.dll
[2011.06.29 10:46:25 | 000,763,392 | ---- | M] (ICQ, LLC.) -- C:\MDb.dll
[2011.06.29 10:46:25 | 000,147,968 | ---- | M] (ICQ, LLC.) -- C:\MFacebook.dll
[2011.06.29 10:46:23 | 001,432,576 | ---- | M] (ICQ, LLC.) -- C:\MCore.dll
[2011.06.29 10:46:23 | 000,104,448 | ---- | M] (ICQ, LLC.) -- C:\MCoreLib.dll
[2011.06.29 10:46:21 | 000,199,168 | ---- | M] (ICQ, LLC.) -- C:\MBContainer.dll
[2011.06.29 10:46:21 | 000,149,504 | ---- | M] (ICQ, LLC.) -- C:\MCompressLib.dll
[2011.06.29 10:46:19 | 000,124,216 | ---- | M] (ICQ, LLC.) -- C:\ICQ.exe
[2011.06.28 13:30:35 | 000,123,784 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.06.28 13:30:35 | 000,088,288 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011.06.22 15:12:54 | 000,000,972 | ---- | M] () -- C:\Users\Public\Desktop\PhotoDose 4.2.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.15 18:56:05 | 000,905,178 | -H-- | C] () -- C:\Windows\MEMORY.DMP
[2011.07.15 00:51:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.07.15 00:51:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.07.15 00:51:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.07.15 00:51:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.07.15 00:51:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.07.14 22:43:51 | 000,000,484 | RHS- | C] () -- C:\Users\Administrator\ntuser.pol
[2011.07.14 17:28:25 | 000,064,000 | RHS- | C] () -- C:\Windows\SysWow64\srdelayedc.dll
[2011.07.14 17:25:34 | 000,002,323 | ---- | C] () -- C:\Users\Public\Desktop\Easy Driver Pro.lnk
[2011.07.14 17:17:22 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\DS3 Tool.lnk
[2011.07.14 17:09:23 | 000,001,292 | ---- | C] () -- C:\Users\Public\Desktop\Fire Patch 2011.lnk
[2011.07.12 01:17:40 | 000,001,063 | ---- | C] () -- C:\Users\Public\Desktop\Test Drive Unlimited 2.lnk
[2011.07.10 16:09:43 | 000,001,058 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2011.07.07 22:44:39 | 000,429,977 | ---- | C] () -- C:\Users\Administrator\Documents\Ihr_Versicherungsnachtrag.pdf
[2011.07.03 11:11:21 | 005,440,160 | ---- | C] () -- C:\Users\Administrator\Desktop\DSC01402.JPG
[2011.07.02 16:57:59 | 000,001,984 | ---- | C] () -- C:\Users\Administrator\Desktop\Memory Cleaner.lnk
[2011.06.22 15:12:54 | 000,000,972 | ---- | C] () -- C:\Users\Public\Desktop\PhotoDose 4.2.lnk
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.05.05 12:33:06 | 000,000,732 | ---- | C] () -- C:\Windows\wiso.ini
[2011.04.09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.23 14:18:13 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2010.11.15 20:02:40 | 000,073,728 | ---- | C] () -- C:\Windows\StkUnist.exe
[2010.10.21 18:01:30 | 000,033,792 | ---- | C] () -- C:\Windows\SysWow64\drivers\libusb0.sys
[2010.09.20 17:15:01 | 000,125,996 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2010.09.09 20:08:19 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.08.28 13:17:36 | 000,214,592 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.28 13:17:19 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.08.28 13:17:19 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.07.16 20:28:54 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010.05.25 18:40:27 | 000,005,632 | ---- | C] () -- C:\Users\Administrator\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.04 11:47:03 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.05.03 22:03:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.05.03 13:25:43 | 000,035,130 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.05.03 13:25:23 | 000,024,169 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.05.03 13:16:23 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.05.03 13:12:25 | 000,162,304 | ---- | C] () -- C:\Windows\SysWow64\libpng13.dll
[2010.05.03 13:12:25 | 000,052,836 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2010.05.03 13:12:24 | 000,709,719 | ---- | C] () -- C:\Windows\unins002.exe
[2010.05.03 13:12:24 | 000,394,752 | ---- | C] () -- C:\Windows\SysWow64\cygwinb19.dll
[2010.05.03 13:12:24 | 000,004,184 | ---- | C] () -- C:\Windows\unins002.dat
[2010.05.03 13:12:13 | 000,709,719 | ---- | C] () -- C:\Windows\unins001.exe
[2010.05.03 13:12:13 | 000,007,965 | ---- | C] () -- C:\Windows\unins001.dat
[2010.05.03 13:11:58 | 000,709,724 | ---- | C] () -- C:\Windows\unins000.exe
[2010.05.03 13:11:58 | 000,010,292 | ---- | C] () -- C:\Windows\unins000.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2007.12.28 09:22:02 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== LOP Check ==========
 
[2011.04.16 13:12:47 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Autodesk
[2011.04.26 19:04:02 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\BlackBean
[2011.05.05 12:33:37 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Buhl Data Service
[2010.05.23 15:21:51 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Canneverbe_Limited
[2010.07.02 11:19:10 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\COMPUTERBILD-Abzockschutz
[2010.07.02 11:17:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Copernic
[2011.07.09 14:10:59 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CorsixTH
[2010.05.04 08:08:31 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DAEMON Tools Lite
[2010.08.02 13:22:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.05.03 21:15:48 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\EasySuite
[2010.08.03 21:21:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\FOG Downloader
[2010.05.03 13:14:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Foxit
[2011.07.10 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HTC
[2011.07.10 16:10:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.14 22:19:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\ICQ
[2011.04.16 16:42:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IrfanView
[2010.09.02 17:17:49 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Kalypso Media
[2011.07.02 16:57:57 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\KoshyJohn.com
[2010.05.04 09:04:20 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Leadertech
[2011.06.27 22:49:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Lionhead Studios
[2011.07.14 17:17:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MotioninJoy
[2011.07.14 18:59:56 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\MudTV
[2010.08.03 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Need for Speed World
[2010.08.24 15:50:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Octoshape
[2010.09.28 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Qlikworld
[2010.05.07 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TeamViewer
[2010.05.04 08:01:15 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Thunderbird
[2010.05.31 12:04:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tilted Mill
[2010.07.20 16:01:46 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TomTom
[2011.06.30 13:22:23 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Tropico 3
[2010.05.09 07:22:38 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2010.05.04 08:09:55 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2010.06.23 22:42:36 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Ubisoft
[2011.05.23 08:11:04 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.07.15 01:47:17 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2011.06.06 18:52:17 | 000,000,000 | ---D | M] -- C:\aaaaaaaaaaaaaaa
[2011.07.15 18:57:17 | 000,000,000 | ---D | M] -- C:\AMD
[2010.07.29 12:08:32 | 000,000,000 | ---D | M] -- C:\ATI
[2010.05.03 13:59:12 | 000,000,000 | ---D | M] -- C:\Boot
[2010.07.23 11:00:45 | 000,000,000 | ---D | M] -- C:\boxelyToolkit
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.05.03 13:06:45 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.05.08 18:19:50 | 000,000,000 | ---D | M] -- C:\Downloads
[2010.10.23 11:12:57 | 000,000,000 | ---D | M] -- C:\Grand Prix Championship 2010
[2010.07.23 11:00:45 | 000,000,000 | ---D | M] -- C:\imApp
[2010.06.01 11:39:26 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.07.23 11:00:45 | 000,000,000 | ---D | M] -- C:\packages
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.14 17:17:21 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.07.18 07:09:42 | 000,000,000 | ---D | M] -- C:\Program Files (x86)
[2011.07.15 18:57:35 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.05.03 13:06:45 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.07.15 00:58:15 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.05.03 13:06:45 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.01.06 07:28:42 | 000,000,000 | ---D | M] -- C:\sounds
[2011.07.19 13:22:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.05.03 13:06:51 | 000,000,000 | R--D | M] -- C:\Users
[2011.07.16 05:28:55 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\ERDNT\cache86\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\explorer.exe
[2011.02.26 08:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\SysWOW64\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2009.08.03 08:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.15 00:09:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2009.10.15 00:09:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=9880F8FADFF45A0175E0BBDFD9D31F5B -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\SMALL\Explorer.exe
[2009.10.31 08:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2009.10.15 00:09:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2009.10.15 00:09:38 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B29FCEEBEE938506FB23B8A9CE898B9C -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\BIG\Explorer.exe
[2009.10.15 00:09:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2009.10.15 00:09:38 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=B6365B1E0EB9191ED4D916B2A94EBA67 -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x64\BIG\Explorer.exe
[2009.10.31 08:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2009.10.15 00:09:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\ProgramData\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2009.10.15 00:09:40 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=D1FA2634386B7E4E96CFFB9063EE6833 -- C:\Users\All Users\TuneUp Software\TuneUp Utilities\WinStyler\VisualStyles\Explorer\x86\SMALL\Explorer.exe
[2011.02.26 08:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 08:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\ERDNT\cache86\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache86\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\ERDNT\cache64\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
--- --- ---
Antwort
Seite 1 von 2 1 2

Themen zu Virus der google anfragen auf unbekannte webseiten weiterleitet
automatisch, deaktiviert, einstellungen, fragen, heute, hijack.zones, musik, sicherheitscenter, thread, trojan.downloader, trojan.fakealert, trojan.fakealert.sa, trojan.fraudpack, trojan.fraudpack.gen, unbekannte, unregelmäßige, webseiten, weitergeleitet, windows sicherheitscenter deaktiviert


« Internetverbindung und Seitenaufbau extrem langsam | Windows 7 muss ca. alle 3 Tage recovert werden »


Ähnliche Themen: Virus der google anfragen auf unbekannte webseiten weiterleitet


  1. Win7 - WLAN Verbindungsabbrüche, Router flutet PC mit Anfragen über ARP Protokoll, Unbekannte Geräte im WLAN Repeater
    Plagegeister aller Art und deren Bekämpfung - 23.08.2015 (5)
  2. Windows 7 - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten
    Log-Analyse und Auswertung - 20.05.2015 (15)
  3. Windows 7 Home Premium - Werbeclips im Hintergrund und der Verlauf enthält unbekannte Webseiten
    Log-Analyse und Auswertung - 06.02.2015 (17)
  4. Windows 8.1 Websites laden erst nach 2. Klick, Google bekommt zuviele Anfragen von mir?
    Log-Analyse und Auswertung - 18.11.2013 (9)
  5. Rootkit Trojaner (Google-Anfragen werden weitergeleitet)
    Log-Analyse und Auswertung - 08.08.2013 (11)
  6. Google ergänzt Transparenzreport um FBI-Anfragen
    Nachrichten - 06.03.2013 (0)
  7. Browser spinnen (IE startet Startseite unaudhaltsam neu und FF und Google leiten Anfragen woanders hin...
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (1)
  8. Google will Verifizierung, zuviele Anfragen? obgleich gerade gestartet
    Plagegeister aller Art und deren Bekämpfung - 23.07.2012 (4)
  9. Unbekannte/Kuriose Webseiten in den blockierten Ausnahmen
    Plagegeister aller Art und deren Bekämpfung - 16.01.2012 (1)
  10. TR/Rootkit.gen3 - Google/Internet (?) leitet Anfragen auf seltsame URLs
    Log-Analyse und Auswertung - 19.06.2011 (1)
  11. Google-Anfragen werden umgeleitet
    Plagegeister aller Art und deren Bekämpfung - 06.01.2011 (43)
  12. Weiterleitung bei google Anfragen
    Plagegeister aller Art und deren Bekämpfung - 10.10.2010 (13)
  13. MalwareSite, die auf Google.com weiterleitet...
    Diskussionsforum - 28.03.2010 (2)
  14. Internet extrem langsam für beide PCs - Keine Google Anfragen möglich
    Plagegeister aller Art und deren Bekämpfung - 11.03.2010 (0)
  15. Unbekannte Malware? Läd sich per FTP in Webseiten
    Plagegeister aller Art und deren Bekämpfung - 17.06.2009 (1)
  16. Google-Anfragen werden umgeleitet (eMule etc.)
    Log-Analyse und Auswertung - 30.05.2009 (3)
  17. Umleitung von Google-Anfragen
    Mülltonne - 29.12.2008 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Virus der google anfragen auf unbekannte webseiten weiterleitet - Guten Abend. und zwar hab ich heute mir anscheinend einen kleinen aber nervigen virus eingefangen. und zwar spielt dieser in unregelmäßigen zeiten immer iwelche musik im hinter grund. und fast - Virus der google anfragen auf unbekannte webseiten weiterleitet...
Archiv
Du betrachtest: Virus der google anfragen auf unbekannte webseiten weiterleitet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55