Virtumonde.prx kann nicht entfernt werden

Anubiss · 07.08.2011, 19:32

Okay, hier das OTL:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nfitoba deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 405198 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 7003332 bytes
->Flash cache emptied: 456 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 46616 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08072011_201934

Files\Folders moved on Reboot...
File\Folder C:\Users\Max\AppData\Local\Temp\~DF22D3.tmp not found!
File\Folder C:\Users\Max\AppData\Local\Temp\~DF3FEA.tmp not found!
C:\Windows\temp\kvsqsb\setup.exe moved successfully.

Registry entries deleted on Reboot...

Anubiss · 07.08.2011, 19:36

Und hier das Bitdefender File:

QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Überprüfungsdatum: Sun Aug 07 20:27:53 2011
Computer ID: A8F31D43

C:\Windows\temp\kvsqsb\setup.exe - zugriff nicht möglich
--> Vorgang setup.exe (1820)

Keine Infizierungen gefunden.
-----------------------------

Prozesse
--------
AntiVir Desktop 2604 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
AntiVir Desktop 1860 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
AntiVir Desktop 1588 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
AVM AVMWlanService 1888 C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
AVM FRITZ!WLAN 2592 C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
Betriebssystem Microsoft® Windows® 3924 C:\Windows\SysWOW64\PING.EXE
Device Error Recovery SDK 1952 C:\Windows\SysWOW64\dgdersvc.exe
DivX Download Manager Service 2956 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
DivX Update 3016 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Firefox 4052 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 3300 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Kies TrayAgent 2076 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR 2324 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Microsoft Office 2003 2368 C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
Pando Media Booster 1200 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PnkBstrA.exe 2044 C:\Windows\SysWOW64\PnkBstrA.exe

Netzwerkaktivität
-----------------
Vorgang setup.exe (1820) verbunden mit Anschluss 3000 --> **.***.***.***
Vorgang plugin-container.exe (3300) verbunden mit Anschluss 80 (HTTP) --> **.**.***.**
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> **.***.***.***
Vorgang firefox.exe (4052) verbunden mit Anschluss 80 (HTTP) --> ***.**.***.***

Vorgang PMB.exe (1200) kontrolliert die Anschlüsse: 443 (HTTP over SSL), 563 (NNTP over SSL), 56735

Autoruns und kritische Dateien
------------------------------
AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
AVM FRITZ!WLAN C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
Betriebssystem Microsoft® Windows® c:\windows\system32\browseui.dll
Betriebssystem Microsoft® Windows® C:\Windows\system32\ssText3d.scr
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
DivX Download Manager Service C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
DivX Update C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
Kies C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
Kies TrayAgent C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
KiesPDLR C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Pando Media Booster C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
(verifiziert) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe
(verifiziert) Betriebssystem Microsoft® Windows® c:\windows\system32\userinit.exe
(verifiziert) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Browser Plugins
---------------
AcroIEHelper Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
DivX OVS Helper Plug-in C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
DivX Web Player c:\program files (x86)\divx\divx plus web player\npdivx32.dll
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
ICQ C:\Program Files (x86)\ICQ7.2\ICQ.exe
Microsoft Office 2003 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
nppdf32.DEU C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
Pando Web Plugin C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
Skype Toolbars c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
Widgi Toolbar c:\program files (x86)\youtube downloader toolbar\ie\4.5\youtubedownloadertoolbarie.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\mswsock.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\napinsp.dll
(verifiziert) Betriebssystem Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll
(verifiziert) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verifiziert) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

Überprüfen
----------
MD5: 3912f8e7a48a1446e054d1e79da355bc C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: 6159c95aa16e8b2a01b7a001b8c134c3 C:\Program Files (x86)\Avira\AntiVir Desktop\aecore.dll
MD5: ee0477f95aaf614c5cb14f324ca48c3d C:\Program Files (x86)\Avira\AntiVir Desktop\aeemu.dll
MD5: 99fc44836c9faa66d3dd7f6264c2996b C:\Program Files (x86)\Avira\AntiVir Desktop\aegen.dll
MD5: e1805cf3f4739be2311a50966ebe0ce7 C:\Program Files (x86)\Avira\AntiVir Desktop\aehelp.dll
MD5: 5d6d771cd7478365926dfe609824b060 C:\Program Files (x86)\Avira\AntiVir Desktop\aeheur.dll
MD5: 24af31feed98a2ba8f0649045c05c3bc C:\Program Files (x86)\Avira\AntiVir Desktop\aeoffice.dll
MD5: 1ca8605d69c9d53c837bd6ab57c9294b C:\Program Files (x86)\Avira\AntiVir Desktop\aepack.dll
MD5: 6510790b36f61d75948e9e001b6775ab C:\Program Files (x86)\Avira\AntiVir Desktop\aerdl.dll
MD5: ea8d2dcbadb11928df166a5683d7b524 C:\Program Files (x86)\Avira\AntiVir Desktop\aesbx.dll
MD5: 864e4cec9f60c25a8a93ad3784da2e64 C:\Program Files (x86)\Avira\AntiVir Desktop\aescn.dll
MD5: 3a0638167d746bcbe06494945943ad30 C:\Program Files (x86)\Avira\AntiVir Desktop\aescript.dll
MD5: 100caaf3542fb51feca9c09db1cb940d C:\Program Files (x86)\Avira\AntiVir Desktop\aevdf.dll
MD5: c55ee924474044ca64b473b356e9d080 C:\Program Files (x86)\Avira\AntiVir Desktop\avesvc.dll
MD5: 77cf51df00905f2312f41d181056cdcd C:\Program Files (x86)\Avira\AntiVir Desktop\avesvcr.dll
MD5: 4c3eed40c3f2a9fc9956b0511d431304 C:\Program Files (x86)\Avira\AntiVir Desktop\avevtlog.dll
MD5: 5ee5c132d47ba6f331099bff1d1db539 C:\Program Files (x86)\Avira\AntiVir Desktop\AVGIO.DLL
MD5: 61941d4566c3b09f377e0e1a97bd0d9a C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
MD5: 72d90e56563165984224493069c69ed4 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
MD5: 5252bb49a0b35e1127d3771e21c7af6d C:\Program Files (x86)\Avira\AntiVir Desktop\AVPREF.DLL
MD5: f7263b4e58e0346178cad70eac7f35e6 c:\program files (x86)\avira\antivir desktop\ccgen.dll
MD5: 99fadefb3e0cfe592c4cdaccdbae12e5 c:\program files (x86)\avira\antivir desktop\ccgenrc.dll
MD5: 86e162677d131e5fa32fb2bff60cfd05 c:\program files (x86)\avira\antivir desktop\ccgrdrc.dll
MD5: 4b3a4639dd281b709162a2120b3daefc c:\program files (x86)\avira\antivir desktop\ccguard.dll
MD5: c0245ed1f48397d41632cab0afa842ce c:\program files (x86)\avira\antivir desktop\cclic.dll
MD5: d17e73d08d3f9bf86778ca32bafea292 c:\program files (x86)\avira\antivir desktop\cclicrc.dll
MD5: 05be6a994e936dc58ee3940e0bb46e70 c:\program files (x86)\avira\antivir desktop\ccmainrc.dll
MD5: 98d551a16398529f181570a001843231 c:\program files (x86)\avira\antivir desktop\ccmsg.dll
MD5: d201762816e297d0eed3b7cf00d64c93 c:\program files (x86)\avira\antivir desktop\ccmsgrc.dll
MD5: bd655a8ecaf694c48684b89c745f52fa c:\program files (x86)\avira\antivir desktop\ccupdate.dll
MD5: 6bb82348cc5c8d0ac51090f2bf7e0a92 c:\program files (x86)\avira\antivir desktop\ccupdrc.dll
MD5: a0ef10de0d455e33adffc39948660899 c:\program files (x86)\avira\antivir desktop\ccupdw.dll
MD5: 0014339814c89abf148f49976146941c c:\program files (x86)\avira\antivir desktop\ccwgrd.dll
MD5: 3defa178843b7d2cd67f63c1e2119857 c:\program files (x86)\avira\antivir desktop\ccwgrdrc.dll
MD5: d41a02871f992a2c47b84a95c2a78b40 c:\program files (x86)\avira\antivir desktop\ccwgrdw.dll
MD5: 47766f6b79a25af04ed3f6f2b02aa4cb C:\Program Files (x86)\Avira\AntiVir Desktop\ccwkrlib.dll
MD5: d710a6d072bfb305ec0a92b9c79b7a32 C:\Program Files (x86)\Avira\AntiVir Desktop\guardmsg.dll
MD5: b54557b71a82e1f9bc914991328cef16 C:\Program Files (x86)\Avira\AntiVir Desktop\onlcfg.dll
MD5: befda36cc978316a4b31495364b7e786 C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
MD5: c27d46b06d340293670450fce9dfb166 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
MD5: 11f5a7193b32e6d7d8efe0c17271916c C:\Program Files (x86)\Avira\AntiVir Desktop\schedr.dll
MD5: 86fa1ecde6424cf93befd20ba4f2bc55 C:\Program Files (x86)\Avira\AntiVir Desktop\webcat.dll
MD5: 8d61c508ea68f9b032d21cc48adfaa8d C:\Program Files (x86)\avmwlanstick\avmsysnet.dll
MD5: 99d317ac2ba35b63a50aaafee4c760ed C:\Program Files (x86)\avmwlanstick\avmwlapi.dll
MD5: aaa66f4d2b2a0382926f306c5a99440a C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
MD5: 9bd46c1d2f33a890b7226edf543f18aa C:\Program Files (x86)\avmwlanstick\WLanNetService.exe
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 251c11444f614de5fa47ecf7275e7bf1 C:\Program Files (x86)\Common Files\Microsoft Shared\office11\mso.dll
MD5: 8caf5c1748401032efabb3d52e27c1be C:\Program Files (x86)\Common Files\Microsoft Shared\office11\riched20.dll
MD5: 89175c7a2984459c0f0b0778f85a2251 C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\1031\MSGR3EN.DLL
MD5: 971ffaf1206d101f2b7875698124ccbf C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\mslid.dll
MD5: 4ad532426cea90f59b5364f7be5f2a86 C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSSP3GE.DLL
MD5: f29a80f607703ca1fc5d25993cc7feda C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL
MD5: 5252198cf3f45114c6ca27bad1635da0 C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\1031\STINTL.DLL
MD5: deaa0f5ff041981e34ca79257ba44414 C:\Program Files (x86)\Common Files\microsoft shared\Smart Tag\FNAME.DLL
MD5: b5003cb6d91829e33997d7056a534872 C:\Program Files (x86)\Common Files\Steam\SteamService.exe
MD5: f4d62a129aaee4a619fce0c03b15e94c C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
MD5: 57d8c4ed26dfd7ef0e2cb196fb8bfb54 C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
MD5: 4b988e3393789572cdb143ddac3a2fc0 C:\Program Files (x86)\DivX\DivX Plus Web Player\DivXDownloadManager.dll
MD5: abb7a668b5d11bff77dd00cc2b6c8db0 c:\program files (x86)\divx\divx plus web player\npdivx32.dll
MD5: a58e05767687e1e636d160ecea9bc8ed C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MD5: 6031368292d5e8909fb088b31e183ec8 C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
MD5: 83ebccc27098b1d1f20f72e10d6bf309 C:\Program Files (x86)\ICQ7.2\ICQ.exe
MD5: 63397ff71c1bc450e3d07782dd0c2e0d C:\Program Files (x86)\Microsoft Office\OFFICE11\msostyle.dll
MD5: 1eea7dd2f1ea6efef380b99a90228d2f C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
MD5: b957b30090889aa4f887277916f76fe7 C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
MD5: 6c9cd3ecba6732661c8bbe37a877a2bd C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: cc5b1a70daa7a04fe15e6d7c54b55d02 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: ff4040da11ae0d13a0a7778e6022e728 C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: 96397535f6e4ca499dd659ce76c50746 C:\Program Files (x86)\Mozilla Firefox\MOZCPP19.dll
MD5: 411f23aaf331da8b9f0cfd1cada4b8b5 C:\Program Files (x86)\Mozilla Firefox\MOZCRT19.dll
MD5: 1919d815996470088d20a59e992a9695 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: fcd1d9ccc7096dc2210d3096fbdf92cc C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
MD5: c1bf9c9244996aa0607766199d226183 C:\Program Files (x86)\Mozilla Firefox\nspr4.dll
MD5: f030ff40b6afb777b9992525800de3ea C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: 6689b655ea803be040d95b8ea913249f C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 079155b0a7579652dcc2ec7908d9502a C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: fb4fc7ee2e516063e25887c2e170d893 C:\Program Files (x86)\Mozilla Firefox\nssutil3.dll
MD5: 4dfdfb82c4f60beaf88e3c13c01f124a C:\Program Files (x86)\Mozilla Firefox\plc4.dll
MD5: 5bff0a2260ab6bf8d9b829d947c5ef6c C:\Program Files (x86)\Mozilla Firefox\plds4.dll
MD5: 4486ad32bb05628967695fca1badd46e C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: 8b07628e389e72b83473383914333ad6 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
MD5: 1972e3168b6ba0a968a6a4b86e390b38 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU
MD5: 04af8bc83a89d9b71f7e0bcaf9fdd768 C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
MD5: cb2e646a69d347eb0437ab50785cf3bb C:\Program Files (x86)\Mozilla Firefox\smime3.dll
MD5: 363f20b791469048b0878dbdfd60e41b C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: b6a4cb50c2c0d7821a604c64a5058ed1 C:\Program Files (x86)\Mozilla Firefox\ssl3.dll
MD5: cd05ba08fd35ec561b82f6d1c905a445 C:\Program Files (x86)\Mozilla Firefox\xpcom.dll
MD5: 840e1ad2fdeedf482927d4369fb03dac C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 904f19d9b38895bd92b67738d8a1facf C:\Program Files (x86)\Pando Networks\Media Booster\BugSplat.dll
MD5: 244c2be6546609ee0a627b507ed57699 C:\Program Files (x86)\Pando Networks\Media Booster\freebl3.dll
MD5: 0ca99c5acf7d36b6ec8f504a1f11902b C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: 64f8d5047147c54fc5d524e4513ca327 C:\Program Files (x86)\Pando Networks\Media Booster\nspr4.dll
MD5: ac3e2a5b33a035827cb73a6e76d0fe96 C:\Program Files (x86)\Pando Networks\Media Booster\nss3.dll
MD5: 84ea29214303fecbae4fbd249d43c54d C:\Program Files (x86)\Pando Networks\Media Booster\plc4.dll
MD5: dcf946d365991221dfdd5db29c4bfdf7 C:\Program Files (x86)\Pando Networks\Media Booster\plds4.dll
MD5: ad58699da72fff9d87b7cae78964d127 C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MD5: 8a07ac5a1ec46972288dbd3dffb00cc4 C:\Program Files (x86)\Pando Networks\Media Booster\smime3.dll
MD5: 5bd6b446e028af843d9f01eea2185000 C:\Program Files (x86)\Pando Networks\Media Booster\softokn3.dll
MD5: 7392461e219cd8384ba07119b17a768c C:\Program Files (x86)\Pando Networks\Media Booster\ssl3.dll
MD5: 8793bea49c0aa4afa7800f3c3b3fefc8 C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
MD5: 0b8834334450ee1371ee824173af6c41 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MD5: a40a9388c4dd9a6d7ffe1b2901612761 C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
MD5: ef44b359e520b5b9528ac0b3de9f7dd5 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MD5: 590c4454a1d36f76da1f636fad139771 c:\program files (x86)\skype\toolbars\internet explorer\skypeieplugin.dll
MD5: 808ca0e4d7b62e5b3b2d5ac278d3bf8e c:\program files (x86)\youtube downloader toolbar\ie\4.5\youtubedownloadertoolbarie.dll
MD5: ab26aa5f24fa96fec4a7b0c70df5af27 C:\Users\Max\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: fd647ca82acf232dbe5f20345647b948 C:\Windows\AppPatch\AcGenral.DLL
MD5: 5a5dec75f662fbb8e48dd29b2d929473 C:\Windows\AppPatch\AcSpecfc.DLL
MD5: 2ce97833ba80e7c319390c4b071bda00 C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
MD5: 2d7617d3143493eb8bd38290e9d2e51a C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\ca8307311e87b234b2faa5ee08332722\PresentationCore.ni.dll
MD5: ed51ca800645080bbfdda92c1b172742 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\2250ddb1626087da27fb00f46a679ff5\PresentationFramework.ni.dll
MD5: 30a6abfdafc89976c52400665105e805 C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\b61b31d1f518e9663fc204e7de21215a\PresentationFramework.Aero.ni.dll
MD5: f61faa6504ef9939867bc4ca5f50f2c0 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\0d4cdd1b911d6e28b4fd5c43ab39f7ea\System.Core.ni.dll
MD5: 63c13a88fb0520a8e2d46fd529680f16 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
MD5: 647c58aa860262ab06c75fec8e3de286 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\76d7e84f5dca7908b45edba58bd12f48\System.Management.ni.dll
MD5: db5ea8b98004ec7e0adba7b4f9033d9f C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1419704737b7f46a48bc854aa2f5597d\System.Runtime.Remoting.ni.dll
MD5: 33101aaeff4e876d07f7ecb3616e68db C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
MD5: 2bc43a2c4b0b3bc7863fede5031a9037 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\19f85a4f6faaeb87a9055ccf23a9f8b7\System.Xaml.ni.dll
MD5: 6ac72593c1244399816bb40f21b41af6 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
MD5: 68f2e9e1ee53b6aa03ab6ec62c43f145 C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
MD5: cc16b7c2367f8c4762bf770286b0a0b1 C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\3154b66d01dcd674b256e03d5f359fac\WindowsBase.ni.dll
MD5: 632e0ce38fbcadeaae28077f4c9c45d5 C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
MD5: ce07a466201096f021cd09d631b21540 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
MD5: 749f5f8cedca70f2a512945325fc489d C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: bc5b0be5af3510b0fd8c140ee42c6d3e C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 1a11a757d613f8a815b8e30025522628 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clr.dll
MD5: 7b1028a754bb63bbfc75b6a94c3f47e5 C:\Windows\Microsoft.NET\Framework\v4.0.30319\clrjit.dll
MD5: 1986443c2f2c0e2a18e908dd241bf84d C:\Windows\Microsoft.NET\Framework\v4.0.30319\culture.dll
MD5: f711c8d93a8e4410c284d177b76c7f2b C:\Windows\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll
MD5: 9383d302f0d95db0802308cf250727f3 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\PresentationNative_v0400.dll
MD5: 56d16a44691c0337dd0ef3f3008a9977 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpfgfx_v0400.dll
MD5: ebc6332093aec6a4fbf2c3919d03877a C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\wpftxt_v0400.dll
MD5: 66328b08ef5a9305d8ede36b93930369 C:\Windows\servicing\TrustedInstaller.exe
MD5: 378e22d49bea659ef11e6829ed058fc7 C:\Windows\system32\atiumdag.dll
MD5: a184e7e06d4d9336ad5cb84e1d8dcb92 C:\Windows\system32\atiumdva.dll
MD5: da7478ba9e41b60b3d5da456e253002a C:\Windows\system32\audioeng.dll
MD5: 4acf748a8e576761e4c610acab67b1bc C:\Windows\system32\BCRYPT.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\system32\DNSAPI.dll
MD5: 3be1651c63954067940e7f473498ad70 C:\Windows\System32\drivers\dgderdrv.sys
MD5: 6843926aff733d46a04f9d4e1c1a6b14 C:\Windows\system32\dwrite.dll
MD5: a9542ff2e9a82cf100e5729ec79068f0 C:\Windows\system32\FLTLIB.DLL
MD5: dca3fa9f9dd103dc39c24c85ef073db1 C:\Windows\system32\ICMP.DLL
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\system32\IMM32.DLL
MD5: ba7c3e9dd6b1a632124c8659e8014028 C:\Windows\system32\Perfctrs.dll
MD5: ab530fdd34c67b497a20171d1234cfe9 C:\Windows\system32\RICHED32.DLL
MD5: c7230fbee14437716701c15be02c27b8 C:\Windows\System32\shsvcs.dll
MD5: 36a107e19010259fcac647ea2bf94b37 C:\Windows\system32\ssText3d.scr
MD5: bfa034aac103d8a6f591ac9364688339 C:\Windows\system32\t2embed.dll
MD5: 88b630f6aeb5a11f6ad064930b38c2c0 C:\Windows\system32\uxtheme.dll
MD5: f7f4ad3d174cb5ec3c12f04c99478b84 C:\Windows\system32\WindowsCodecs.dll
MD5: 2d1179cdec6b7400105e68f6ac9b4efe C:\Windows\system32\WINSPOOL.DRV
MD5: 367465dd8e2bffe4c5477c86c8217e8c C:\Windows\SysWOW64\dgderapi.dll
MD5: 10b8f89d146d0e20b1284d47bb4ec6c9 C:\Windows\SysWOW64\dgdersvc.exe
MD5: 1bd976dd77b31fe0f25708ad5c1351ae C:\Windows\SysWOW64\DIFXAPI.dll
MD5: 85e861d0b88db2b54acb0839654c09f7 C:\Windows\Syswow64\DNSAPI.dll
MD5: 05c8c8767e29163fc251164ff6839ea5 C:\Windows\syswow64\GDI32.dll
MD5: af3db1d3ac2ab52f910b2102447e3564 c:\windows\syswow64\ieframe.dll
MD5: 6419081f0f15cb860458515d1a52d560 C:\Windows\syswow64\iertutil.dll
MD5: b8fbe5f40b09f5d20e1e5ccfef893d62 C:\Windows\syswow64\IMM32.dll
MD5: 7f4caeac24592fa9f574e1f8cd1d0604 C:\Windows\syswow64\kernel32.dll
MD5: df37346ea13082e3e1b423b54014e641 C:\Windows\syswow64\LPK.DLL
MD5: 21a67095edc11a528f5434d28bb0ef3c C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: 56007cfc52167c26e4a3f899b8d29ccd C:\Windows\SysWOW64\ntdll.dll
MD5: 9586e7cb2255a8b097a7e4538202585e C:\Windows\syswow64\ole32.dll
MD5: de4cd76c254e143f40e62952788d3be7 C:\Windows\syswow64\OLEAUT32.dll
MD5: 0ed8727ea0172860f47258456c06caea C:\Windows\SysWow64\perfhost.exe
MD5: 015e1f472a5633520903353375f7e69d C:\Windows\SysWOW64\PING.EXE
MD5: 3a2bdd76e7d2a5f40a7174793d1ba794 C:\Windows\SysWOW64\PnkBstrA.exe
MD5: 0abe67004eb4c162f4456e64f90a11fd C:\Windows\syswow64\RPCRT4.dll
MD5: 2ab58991862153a248779174d4e4212b C:\Windows\SysWOW64\schannel.dll
MD5: 33ae914c24f546aabf281ba7b138186d C:\Windows\syswow64\SHELL32.dll
MD5: 9176285122b7b849fec2aa1b72a8f7a8 C:\Windows\syswow64\SHLWAPI.dll
MD5: 9188e90d47ba1e68e90c450473fadf5f C:\Windows\syswow64\urlmon.dll
MD5: d29fdb5dedbdc1bd882164dc6dc4dd53 C:\Windows\syswow64\USER32.dll
MD5: 80fff14f1757b9af8be9d314fc1ae88b C:\Windows\syswow64\USP10.dll
MD5: 17413ef7d95632d892b4c914cd7e66f9 C:\Windows\syswow64\WININET.dll
MD5: a55e7d0d873b2c97585b3b5926ac6ade C:\Windows\WindowsMobile\rapimgr.dll
MD5: 8bda6db43aa54e8bb5e0794541ddc209 C:\Windows\WindowsMobile\wcescomm.dll
MD5: 35acd5ea63d75e97dd0e9a1629e582b2 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6002.18305_none_88f3a38569c2c436\COMCTL32.dll
MD5: be3c082837866c4c291adaf163c10ea6 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MD5: b5b09091b0e33c396ceec8995515bd41 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll
MD5: 914a7156b0c0f10be645a02e13f576b2 D:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

Keine Dateien hochgeladen

Scan beendet - Kommunikation hat 1 Sek. gedauert
übertragene Daten - 0.02 MB gesendet, 0.63 KB empfangen
349 Dateien und Module geprüft - 19 seconds

==============================================================================

Swisstreasure · 07.08.2011, 20:22

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt der Folgenden Codebox in die Textbox.

Code:

ATTFilter

:OTL
PRC - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) -- C:\Windows\temp\kvsqsb\setup.exe
SRV - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) [Auto | Start_Pending] -- C:\Windows\TEMP\kvsqsb\setup.exe -- (AMService)
:files
C:\Windows\temp\kvsqsb
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Anubiss · 08.08.2011, 08:24

Hier das OTL:

All processes killed
========== OTL ==========
No active process named setup.exe was found!
Service AMService stopped successfully!
Service AMService deleted successfully!
File C:\Windows\TEMP\kvsqsb\setup.exe not found.
========== FILES ==========
C:\Windows\temp\kvsqsb folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 92508 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 6890003 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7192 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08082011_091917

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Swisstreasure · 08.08.2011, 08:31

Wie läuft das System?

Update Malwarebytes sund mache erneut einen Scan, poste das Log.

Anubiss · 08.08.2011, 15:00

Sieht gut aus, jetzt wird nur noch 1 Datei als Trojan Banker angezeigt
System läuft!

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7409

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

08.08.2011 15:55:54
mbam-log-2011-08-08 (15-55-04).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170667
Laufzeit: 1 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 5
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\youtube downloader toolbar\IE\4.5\youtubedownloadertoolbarie.dll (PUP.Dealio.TB) -> No action taken.

Anubiss · 09.08.2011, 09:00

Kann ich den Trojaner jetzt einfach mit Malwarebytes entfernen?

Swisstreasure · 09.08.2011, 13:07

Ja entferne alles.

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Anubiss · 09.08.2011, 13:50

So, hier das OTL. Malwarebytes findet nach dem entfernen der Dateien auch nix mehr. Dürfte jetzt clean sein oder?OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 09.08.2011 14:38:49 - Run 4
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Max\Desktop\Security
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,70 Gb Available Physical Memory | 67,60% Memory free
8,17 Gb Paging File | 6,65 Gb Available in Paging File | 81,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 32,19 Gb Free Space | 21,59% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 73,85 Gb Free Space | 24,62% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 16,96 Gb Free Space | 11,39% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive H: | 246,75 Mb Total Space | 246,73 Mb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
PRC - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.01 12:00:48 | 003,071,384 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2008.01.21 04:47:38 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006.12.28 01:00:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.30 16:38:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 16:38:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.12.30 19:05:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.09.30 16:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.22 15:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.02.09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.01.21 04:45:19 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010.09.06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 13:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.06 19:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
 
[2010.12.30 20:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.08.07 20:26:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions
[2011.01.01 15:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.08.07 20:26:37 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2011.01.05 22:38:26 | 000,002,094 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\searchplugins\ecosia.xml
[2011.08.09 14:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.30 19:47:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MAX\APPDATA\ROAMING\5016
() (No name found) -- C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJRC5BED.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011.06.24 13:26:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.06 19:49:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 19:49:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.06 19:49:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:49:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 19:49:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:49:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.07 20:26:53 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\QuickScan
[2011.08.07 16:55:54 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\World in Conflict
[2011.08.05 14:57:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.08.05 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.08.05 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Security
[2011.08.04 20:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.08.04 19:41:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.03 12:19:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.03 11:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.08.03 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\temp
[2011.08.03 11:08:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.03 11:08:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.03 11:08:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.03 11:08:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.03 11:07:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.02 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.08.02 20:36:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.02 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.02 20:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.02 20:36:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.02 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.02 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.02 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.07.31 13:15:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.07.30 11:23:52 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.30 11:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.07.30 11:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.07.28 15:15:27 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.28 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Samsung
[2011.07.28 15:12:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011.07.28 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.07.28 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Samsung
[2011.07.28 12:22:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2011.07.28 11:48:13 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2011.07.28 11:48:13 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2011.07.28 11:48:13 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2011.07.28 11:44:04 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011.07.28 11:44:04 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011.07.28 11:44:04 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011.07.28 11:41:37 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2011.07.28 11:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011.07.28 11:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.28 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2011.07.23 20:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.07.23 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.07.23 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.07.23 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.07.23 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HP
[2011.07.23 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\PunkBuster
[2011.07.22 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[2 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.09 14:38:25 | 001,733,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.09 14:38:25 | 000,736,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.09 14:38:25 | 000,684,882 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.09 14:38:25 | 000,172,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.09 14:38:25 | 000,139,160 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.09 14:31:31 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.09 14:31:14 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 14:31:14 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.09 14:31:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.09 14:29:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.09 14:24:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 11:16:36 | 000,074,240 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.02 14:57:20 | 000,000,321 | ---- | M] () -- C:\Windows\wininit.ini
[2011.08.02 13:58:12 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 13:55:14 | 000,250,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.02 13:42:59 | 000,000,732 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2011.08.02 11:35:15 | 000,000,120 | ---- | M] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.08.01 14:21:56 | 000,000,632 | ---- | M] () -- C:\Users\Max\Desktop\Gothic III - Forsaken Gods.lnk
[2011.08.01 13:22:43 | 000,000,559 | ---- | M] () -- C:\Users\Max\Desktop\Gothic III.lnk
[2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.28 13:29:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 13:22:25 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.07.25 23:14:40 | 000,001,356 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2011.07.23 20:58:50 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.03 11:08:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.03 11:08:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.03 11:08:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.03 11:08:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.03 11:08:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.02 13:57:56 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 12:24:53 | 000,000,321 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.02 11:35:15 | 000,000,120 | ---- | C] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.08.01 14:21:56 | 000,000,632 | ---- | C] () -- C:\Users\Max\Desktop\Gothic III - Forsaken Gods.lnk
[2011.08.01 13:22:43 | 000,000,559 | ---- | C] () -- C:\Users\Max\Desktop\Gothic III.lnk
[2011.07.28 15:05:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.07.28 15:04:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.07.28 13:29:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 11:38:18 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.07.23 20:59:23 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.07.23 20:58:50 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:25 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.06 12:37:12 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 12:37:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.05.01 19:09:37 | 000,000,091 | ---- | C] () -- C:\Users\Max\AppData\Local\fusioncache.dat
[2011.03.16 21:00:01 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 15:16:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.30 19:51:01 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.12.30 19:49:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.30 18:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 16:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.30 12:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.12.30 12:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.12.30 12:49:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.12.29 19:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.12.29 18:55:58 | 000,000,552 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d8caps.dat
[2010.12.29 18:55:00 | 000,001,356 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.12.29 18:53:24 | 000,074,240 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.29 17:01:01 | 001,762,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 14:14:00 | 000,000,732 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.31 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\25006
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\5016
[2010.12.30 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2011.07.30 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ
[2011.07.31 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\kock
[2011.07.06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.08.07 20:27:53 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\QuickScan
[2011.07.28 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.08 14:29:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2010.12.31 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TubeBox
[2011.07.23 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xmldm
[2011.08.09 14:29:57 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.03 12:19:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.30 16:49:48 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.30 14:52:07 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.29 15:01:44 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 05:01:21 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.23 20:55:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.09 14:34:29 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.02 20:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.03 11:22:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.08.09 14:39:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.28 15:33:09 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.30 17:07:15 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.09 14:33:27 | 000,000,000 | ---D | M] -- C:\Windows
[2011.08.04 19:41:32 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >

--- --- ---

08.08.2011, 08:31	#20
Swisstreasure /// Malwareteam	Virtumonde.prx kann nicht entfernt werden Wie läuft das System? Update Malwarebytes sund mache erneut einen Scan, poste das Log.

Virtumonde.prx kann nicht entfernt werden

Log-Analyse und Auswertung: Virtumonde.prx kann nicht entfernt werden