Virtumonde.prx kann nicht entfernt werden

Anubiss · 02.08.2011, 20:34

Hallo,

nachdem heute mit meinem Computer einige Probleme aufgetreten sind (Hänger im Internet, Programme werden nicht geöffnet, Fährt ohne Aufforderung herunter) habe ich einen Systemscan mit AntiVir und Spybot durchgeführt.
Beide zusammen fanden circa 4 Trojaner die ich durch druck auf den löschen/reparieren Button versuchte zu entfernen. Das lief anscheinend auch ganz gut bis ich mit Spybot einen zweiten Suchdurchlauf startete und dabei die besagte Virtumonde.prx datei angezeigt wurde während AntiVir meldete das alles sauber sei. Nach mehreren erfolglosen Versuchen mit Spybot den Trojaner zu entfernen und langer Suche im Internet wollte ich hier nun mal nach Hilfe suchen.

System: Windows Vista SP2

Nachdem beide Programme ihre Funde gemeldet hatten und ich mir die Beschreibung des Virtumonde Trojaners angesehen hatte entschied ich mich dazu die Internetverbindung meines PCs zu kappen (WLan) um Besuche weiterer von Virtumonde eingeladener Programme zu verhindern.

Hoffe sehr ihr könnt mir weiterhelfen, danke schonmal im Vorraus!

Update: Nach einem weiteren Spybotdurchlauf sind angeblich keine "Spione" mehr gefunden worden??? Allerdings hab ich nichts gemacht??

Beiliegend die Hijack und Malewarebyte Logfiles:

Swisstreasure · 02.08.2011, 23:59

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Schritt 2

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Anubiss · 03.08.2011, 21:36

Hi,

erst einmal danke für die Antwort und sorry das ich mich erst so spät wieder melde.

Zu Schritt 1:

Habe Combofix als Admin ausgeführt AVira etc. deaktiviert auf die exe geklickt dann kam nach kurzer Programmlauf Bluescreen + Fehlermeldung + Neustart.
Beim zweiten Versuch dasselbe nochmal, nachdem Neustart
erfolgte die Meldung das Rundll 32 nicht mehr mehr funktioniert.
Den dritten Versuch habe ich nach einer halbstündigen Wartezeit abgebrochen.
Aber dann: das vierte Mal hat anscheinend geklappt, allerdings mit etlichen Meldungen das PEV.cfxxe , GSAR.cfxxe , SED.cfxxe und viele andere nicht mehr funktionieren. (keinen Schimmer ob das Normal ist, das Programm löscht ja was)
Also hier das Logfile: (nicht als Anhang^^)

Combofix Logfile:

Code:

ATTFilter

ComboFix 11-08-03.01 - *** 03.08.2011  11:09:37.1.2 - x64
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.49.1031.18.4094.2770 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Recycle.Bin
c:\recycle.bin\config.bin
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}\chrome.manifest
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}\chrome\content\_cfg.js
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}\chrome\content\overlay.xul
c:\users\Max\AppData\Local\{50B97509-FFDD-4C46-979A-72A488292BA3}\install.rdf
c:\users\Max\AppData\Local\Temp\b01d42a6-0948-4bd0-8dea-54d68f50a791\CliSecureRT.dll
c:\users\Max\AppData\Roaming\Local
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\La.Bete.Die.Bestie.German.1975..avi.ddr
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\La.Bete.Die.Bestie.German.1975..avi.ddp
c:\users\Max\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx.ddp
c:\users\Max\AppData\Roaming\srvblck2.tmp
c:\users\Max\AppData\Roaming\Sun\cetw.txt
c:\users\Max\AppData\Roaming\Sun\cwnmw.dll
c:\users\Max\AppData\Roaming\Sun\cwnmw_shrd
c:\users\Max\AppData\Roaming\Sun\mvwpqn
c:\users\Max\AppData\Roaming\Sun\mxd1.txt
c:\users\Max\AppData\Roaming\Voyl
c:\users\Max\AppData\Roaming\Voyl\heawt.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-07-03 bis 2011-08-03  ))))))))))))))))))))))))))))))
.
.
2011-08-02 18:36 . 2011-08-02 18:36	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2011-08-02 18:36 . 2011-07-06 17:52	41272	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-02 18:36 . 2011-08-02 18:36	--------	d-----w-	c:\programdata\Malwarebytes
2011-08-02 18:36 . 2011-07-06 17:52	25912	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-08-02 18:36 . 2011-08-02 18:47	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-02 17:53 . 2011-08-02 17:53	388096	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-02 17:53 . 2011-08-02 17:53	--------	d-----w-	c:\program files (x86)\Trend Micro
2011-08-02 11:58 . 2011-08-02 11:58	0	---ha-w-	c:\users\***\AppData\Local\BIT38BA.tmp
2011-08-02 09:43 . 2011-08-02 09:43	--------	d-----w-	c:\users\***\AppData\Roaming\Yxwe
2011-08-02 09:43 . 2011-08-02 09:43	266752	----a-w-	c:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\cyno.exe
2011-08-02 09:35 . 2011-08-02 09:35	0	----a-w-	c:\users\***\AppData\Local\Tvefuse.bin
2011-08-02 08:23 . 2011-07-13 04:53	8578896	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{95AC577B-E186-4B91-BE2D-8CBE8B04301D}\mpengine.dll
2011-08-01 11:12 . 2011-08-01 11:12	--------	d-----w-	c:\program files (x86)\Common Files\InstallShield
2011-07-31 11:15 . 2011-07-31 11:15	--------	d-----w-	c:\users\***\AppData\Roaming\Jens Lorek
2011-07-30 10:07 . 2011-07-30 10:07	24540	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110730_120739.reg
2011-07-30 09:23 . 2011-07-30 09:23	254528	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-30 09:23 . 2011-07-30 09:23	--------	d-----w-	c:\program files (x86)\DAEMON Tools Lite
2011-07-28 13:15 . 2011-07-28 13:33	--------	d-----w-	C:\Temp
2011-07-28 13:13 . 2011-07-28 13:13	--------	d-----w-	c:\users\***\AppData\Local\Samsung
2011-07-28 13:12 . 2011-06-07 09:13	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2011-07-28 13:11 . 2011-07-28 13:11	--------	d-----w-	c:\program files (x86)\Samsung
2011-07-28 12:53 . 2009-09-10 02:07	3815424	----a-w-	c:\windows\system32\UIRibbon.dll
2011-07-28 12:53 . 2009-09-10 02:06	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-07-28 12:53 . 2009-09-10 02:05	103424	----a-w-	c:\windows\system32\UIAnimation.dll
2011-07-28 12:53 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\SysWow64\UIRibbon.dll
2011-07-28 12:53 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\SysWow64\UIRibbonRes.dll
2011-07-28 12:53 . 2009-09-10 02:00	92672	----a-w-	c:\windows\SysWow64\UIAnimation.dll
2011-07-28 11:21 . 2011-07-28 11:21	96704	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110728_132145.reg
2011-07-28 11:21 . 2011-07-28 11:21	170464	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110728_132132.reg
2011-07-28 10:31 . 2011-07-28 10:31	95878	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110728_123153.reg
2011-07-28 10:31 . 2011-07-28 10:31	171398	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110728_123136.reg
2011-07-28 10:22 . 2011-07-28 10:22	--------	d-----w-	c:\users\***\AppData\Local\Downloaded Installations
2011-07-28 10:22 . 2011-06-28 05:32	81122288	----a-w-	c:\users\***\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe
2011-07-28 09:48 . 2010-07-20 10:38	13800	----a-w-	c:\windows\system32\drivers\ssadwhnt.sys
2011-07-28 09:48 . 2010-07-20 10:38	13800	----a-w-	c:\windows\system32\drivers\ssadwh.sys
2011-07-28 09:48 . 2010-07-20 10:38	16872	----a-w-	c:\windows\system32\drivers\ssadmdfl.sys
2011-07-28 09:48 . 2010-07-20 10:38	159208	----a-w-	c:\windows\system32\drivers\ssadmdm.sys
2011-07-28 09:48 . 2010-07-20 10:38	13288	----a-w-	c:\windows\system32\drivers\ssadcmnt.sys
2011-07-28 09:48 . 2010-07-20 10:38	13288	----a-w-	c:\windows\system32\drivers\ssadcm.sys
2011-07-28 09:48 . 2010-07-20 10:38	125416	----a-w-	c:\windows\system32\drivers\ssadbus.sys
2011-07-28 09:44 . 2010-04-27 02:25	19016	----a-w-	c:\windows\system32\drivers\sscdmdfl.sys
2011-07-28 09:44 . 2010-04-27 02:25	172104	----a-w-	c:\windows\system32\drivers\sscdmdm.sys
2011-07-28 09:44 . 2010-04-27 02:25	15944	----a-w-	c:\windows\system32\drivers\sscdwhnt.sys
2011-07-28 09:44 . 2010-04-27 02:25	15944	----a-w-	c:\windows\system32\drivers\sscdwh.sys
2011-07-28 09:44 . 2010-04-27 02:25	15432	----a-w-	c:\windows\system32\drivers\sscdcmnt.sys
2011-07-28 09:44 . 2010-04-27 02:25	15432	----a-w-	c:\windows\system32\drivers\sscdcm.sys
2011-07-28 09:44 . 2010-04-27 02:25	136264	----a-w-	c:\windows\system32\drivers\sscdbus.sys
2011-07-28 09:41 . 2010-09-06 07:11	20480	----a-w-	c:\windows\SysWow64\FsExService64.Exe
2011-07-28 09:41 . 2010-09-06 07:11	16392	----a-w-	c:\windows\SysWow64\drivers\TFsExDisk.Sys
2011-07-28 09:41 . 2010-09-06 07:11	16392	----a-w-	c:\windows\system32\drivers\TFsExDisk.sys
2011-07-28 09:40 . 2011-07-28 11:24	--------	d-----w-	c:\program files (x86)\PC Connectivity Solution
2011-07-28 09:38 . 2011-07-28 13:10	--------	d-----w-	c:\users\***\AppData\Roaming\Samsung
2011-07-28 09:38 . 2011-07-28 09:38	--------	d-----w-	c:\program files (x86)\MarkAny
2011-07-28 09:38 . 2011-07-28 13:11	--------	d-----w-	c:\programdata\Samsung
2011-07-28 09:36 . 2011-07-28 11:22	--------	d-----w-	c:\program files (x86)\Common Files\Samsung
2011-07-23 18:58 . 2010-11-16 19:24	750440	------w-	c:\windows\system32\HPDiscoPM5512.dll
2011-07-23 18:56 . 2011-07-23 18:59	--------	d-----w-	c:\program files (x86)\HP
2011-07-23 18:55 . 2011-07-23 18:55	--------	d-----w-	c:\programdata\HP
2011-07-23 18:55 . 2011-07-23 18:55	--------	d-----w-	c:\program files\HP
2011-07-23 15:37 . 2011-07-23 19:23	--------	d-----w-	c:\users\***\AppData\Local\HP
2011-07-06 10:37 . 2011-07-06 10:37	--------	d-----w-	c:\users\***\AppData\Roaming\PunkBuster
2011-07-06 10:36 . 2011-07-06 10:36	--------	d-----w-	c:\program files (x86)\Ubisoft
2011-07-05 14:14 . 2011-07-05 14:14	2338	----a-w-	c:\programdata\Microsoft\Windows\Start Menu\Programs\CCleaner\cc_20110705_161440.reg
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 09:19 . 2011-08-03 09:19	0	---ha-w-	c:\users\***\AppData\Local\BITBB14.tmp
2011-06-30 14:38 . 2010-12-29 16:01	88288	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-30 14:38 . 2010-12-29 16:01	123784	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-16 14:10 . 2011-05-18 13:49	404640	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-07 09:13 . 2011-06-07 09:13	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-06-07 09:13 . 2011-06-07 09:13	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-06-07 09:13 . 2011-06-07 09:13	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-06-07 09:13 . 2011-06-07 09:13	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2011-06-05 13:27 . 2011-06-05 13:27	8192	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\IconD0B36BAF3.exe
2011-06-05 13:27 . 2011-06-05 13:27	6144	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon83F12F734.exe
2011-06-05 13:27 . 2011-06-05 13:27	11264	----a-r-	c:\users\***\AppData\Roaming\Microsoft\Installer\{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}\Icon8F99E711.exe
2011-05-24 17:14 . 2010-12-30 10:32	270720	------w-	c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2011-06-24 16:22	734048	----a-w-	c:\program files (x86)\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-05-01 3071384]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-06-24 941968]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-06-24 3373968]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-06-24 20880]
"Nfitoba"="c:\users\***\AppData\Local\cpiadp.dll" [2009-04-11 118784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2006-12-27 1454080]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-25 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files (x86)\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 136176]
R3 SetupNTGLM7X;SetupNTGLM7X;G:\NTGLM7X.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-09-06 16392]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
S2 dgdersvc;Device Error Recovery Service;c:\windows\SysWOW64\dgdersvc.exe [2010-09-06 95568]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-09-06 20552]
S3 hxctlflt;hxctlflt;c:\windows\system32\Drivers\hxctlflt.sys [x]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 18:09]
.
2011-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-21 18:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = fritz.box
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-lpc - c:\users\***\AppData\Roaming\Sun\cwnmw.dll
Wow6432Node-HKCU-Run-{5AD12481-385F-4256-8C58-A65E449AE26C} - c:\users\***\AppData\Roaming\Voyl\heawt.exe
Wow6432Node-HKU-Default-Run-{FC4FCE89-AE2B-4785-B6D7-6C5FF89BFDE3} - c:\windows\system32\sshnas21.dll
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2288271247-2219755011-2153533808-1000\Software\SecuROM\License information*]
"datasecu"=hex:a8,a5,c0,4d,8e,e4,0c,78,cf,a7,35,7e,98,29,e0,01,1c,b6,53,47,7f,
   dd,bf,14,18,b5,5a,d1,ee,18,f2,66,ad,bb,90,33,c4,6a,f5,75,29,fb,0b,9c,f9,7a,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\Syswow64\ping.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-08-03  11:22:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-08-03 09:22
.
Vor Suchlauf: 9 Verzeichnis(se), 46.142.373.888 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 45.997.735.936 Bytes frei
.
- - End Of File - - AB6ED1D9E491666E0DE7ABB1456A53B9

--- --- ---

Anubiss · 03.08.2011, 21:39

Hätte zwischendrin doch noch mal ne Frage, GMER scannt ja laut gesetzten Hacken nur die C Partition, allerdings fand ich heute einen Ordner in dem sich Virtumonde anscheinend festgesetzt hat auf meiner E Partition. Habe ich jetzt was falsch gemacht?

So, Schritt 2 lief Problemlos. Hier das Logfile:

GMER Logfile:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-08-03 12:31:55
Windows 6.0.6002 Service Pack 2 
Running: q3nogjyo.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                    771343423
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                    285507792
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                    1
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                      
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                   0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                   0
Reg  HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                0x23 0xDF 0x99 0xA8 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                       0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                       0
Reg  HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                    0x23 0xDF 0x99 0xA8 ...

---- EOF - GMER 1.0.15 ----

--- --- ---

Swisstreasure · 04.08.2011, 00:38

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Anubiss · 04.08.2011, 10:31

Hi

hier OTL.txtOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.08.2011 11:09:05 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Max\Desktop
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,17% Memory free
8,17 Gb Paging File | 6,74 Gb Available in Paging File | 82,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 41,19 Gb Free Space | 27,62% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 76,58 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 17,08 Gb Free Space | 11,46% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive I: | 246,75 Mb Total Space | 232,85 Mb Free Space | 94,36% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
PRC - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011.06.24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.05.01 12:00:48 | 003,071,384 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2008.01.21 04:47:38 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006.12.28 01:00:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.30 16:38:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 16:38:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.12.30 19:05:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.09.30 16:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.22 15:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.02.09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.01.21 04:45:19 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010.09.06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 13:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.06 19:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
 
[2010.12.30 20:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions
[2011.01.01 15:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.05 22:38:26 | 000,002,094 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\searchplugins\ecosia.xml
[2011.07.22 22:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.30 19:47:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
[2011.07.22 22:51:30 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011.07.22 22:51:31 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
File not found (No name found) -- C:\USERS\MAX\APPDATA\LOCAL\{50B97509-FFDD-4C46-979A-72A488292BA3}
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MAX\APPDATA\ROAMING\5016
() (No name found) -- C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJRC5BED.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011.06.24 13:26:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.06 19:49:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 19:49:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.06 19:49:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:49:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 19:49:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:49:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.03 11:17:26 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Nfitoba] C:\Users\Max\AppData\Local\cpiadp.dll (Axalto)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.04 11:07:55 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2011.08.03 12:19:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.03 11:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.08.03 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\temp
[2011.08.03 11:08:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.03 11:08:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.03 11:08:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.03 11:08:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.03 11:07:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.03 10:48:22 | 004,163,269 | R--- | C] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe
[2011.08.02 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.08.02 20:36:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.02 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.02 20:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.02 20:36:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.02 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.02 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.02 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.08.02 11:43:27 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Yxwe
[2011.08.01 14:23:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\gothic3
[2011.08.01 14:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JoWooD
[2011.08.01 13:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic III
[2011.08.01 13:12:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2011.07.31 13:15:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.07.30 11:23:52 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.30 11:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.07.30 11:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.07.28 15:15:27 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.28 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Samsung
[2011.07.28 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.07.28 15:12:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011.07.28 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.07.28 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Samsung
[2011.07.28 12:22:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2011.07.28 11:48:13 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2011.07.28 11:48:13 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2011.07.28 11:48:13 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2011.07.28 11:44:04 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011.07.28 11:44:04 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011.07.28 11:44:04 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011.07.28 11:41:37 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2011.07.28 11:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011.07.28 11:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.28 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2011.07.23 20:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.07.23 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.07.23 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.07.23 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.07.23 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HP
[2011.07.23 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\PunkBuster
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011.07.22 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[2011.07.08 14:25:35 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2011.07.06 12:39:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Ubisoft Game Launcher
[2011.07.06 12:37:09 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.07.06 12:36:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2010.12.30 12:50:14 | 000,118,784 | ---- | C] (Axalto) -- C:\Users\Max\AppData\Local\cpiadp.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.04 11:11:46 | 001,733,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.04 11:11:46 | 000,736,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.04 11:11:46 | 000,686,604 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.04 11:11:46 | 000,172,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.04 11:11:46 | 000,140,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.04 11:07:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.04 11:07:02 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.04 11:07:02 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.04 11:06:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe
[2011.08.03 23:47:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.03 23:24:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.03 11:17:26 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.08.03 10:54:52 | 490,543,131 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.03 10:39:56 | 000,302,592 | ---- | M] () -- C:\Users\Max\Desktop\q3nogjyo.exe
[2011.08.03 10:38:38 | 004,163,269 | R--- | M] (Swearware) -- C:\Users\Max\Desktop\ComboFix.exe
[2011.08.02 21:01:36 | 000,002,555 | ---- | M] () -- C:\Users\Max\Desktop\HiJackThis.lnk
[2011.08.02 20:36:07 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.02 14:57:20 | 000,000,321 | ---- | M] () -- C:\Windows\wininit.ini
[2011.08.02 13:58:12 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 13:55:14 | 000,250,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.02 13:42:59 | 000,000,732 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2011.08.02 11:35:17 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\Tvefuse.bin
[2011.08.02 11:35:15 | 000,000,120 | ---- | M] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.07.31 19:29:22 | 000,074,240 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.28 15:12:29 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.28 13:29:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 13:22:25 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.07.25 23:14:40 | 000,001,356 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2011.07.23 20:58:50 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.03 11:08:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.03 11:08:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.03 11:08:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.03 11:08:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.03 11:08:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.03 10:51:48 | 490,543,131 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.03 10:48:35 | 000,302,592 | ---- | C] () -- C:\Users\Max\Desktop\q3nogjyo.exe
[2011.08.02 20:36:07 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.08.02 19:53:36 | 000,002,555 | ---- | C] () -- C:\Users\Max\Desktop\HiJackThis.lnk
[2011.08.02 13:57:56 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 12:24:53 | 000,000,321 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.02 11:35:17 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\Tvefuse.bin
[2011.08.02 11:35:15 | 000,000,120 | ---- | C] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.07.28 15:12:29 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.28 15:05:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.07.28 15:04:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.07.28 13:29:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 11:38:18 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.07.23 20:59:23 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.07.23 20:58:50 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:25 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.06 12:37:12 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 12:37:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.01 19:09:37 | 000,000,091 | ---- | C] () -- C:\Users\Max\AppData\Local\fusioncache.dat
[2011.03.16 21:00:01 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 15:16:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.30 19:51:01 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.12.30 19:49:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.30 18:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 16:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.30 12:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.12.30 12:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.12.30 12:49:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.12.29 19:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.12.29 18:55:58 | 000,000,552 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d8caps.dat
[2010.12.29 18:55:00 | 000,001,356 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.12.29 18:53:24 | 000,074,240 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.29 17:01:01 | 001,762,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 14:14:00 | 000,000,732 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.04.17 16:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.31 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\25006
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\5016
[2010.12.30 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2011.07.30 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ
[2011.07.31 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\kock
[2011.07.06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.07.28 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.08 14:29:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2010.12.31 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TubeBox
[2011.07.23 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xmldm
[2011.08.02 11:43:50 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Yxwe
[2011.08.03 23:47:50 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.03 12:19:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.30 16:49:48 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.30 14:52:07 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.29 15:01:44 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 05:01:21 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.23 20:55:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.02 20:36:02 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.02 20:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.03 11:22:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.08.04 11:10:21 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.28 15:33:09 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.30 17:07:15 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.03 11:22:31 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >

--- --- ---

Anubiss · 04.08.2011, 10:37

und hier das Extra:OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.08.2011 11:09:06 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Max\Desktop
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 69,17% Memory free
8,17 Gb Paging File | 6,74 Gb Available in Paging File | 82,56% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 41,19 Gb Free Space | 27,62% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 76,58 Gb Free Space | 25,53% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 17,08 Gb Free Space | 11,46% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive I: | 246,75 Mb Total Space | 232,85 Mb Free Space | 94,36% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l File not found
InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = E1 0B B4 13 DC 5B C8 01  [binary data]
"VistaSp2" = 33 E9 A1 60 20 A8 CB 01  [binary data]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{AE1C3E14-B06D-466C-AFD5-36431EF9B7E5}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02009E8B-B3BD-45A9-9161-35E31056D9CC}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{02A452BF-424B-46A4-A368-7CF17D6CB733}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{08465F25-4D37-41DD-9C0D-1710D1159425}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\acbsp.exe | 
"{0C0323D0-0FB3-4355-9982-66B44AB93131}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\acbmp.exe | 
"{0E656DFA-7FF3-4712-8399-D75E591D7EEB}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{11991ADC-B91D-4EED-B4BB-C9A8BB8D086E}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{15C612A3-9528-4A06-B96F-FA3EA519EA00}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{19B87050-4FF7-4EF2-9871-9679468C0B73}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\devicesetup.exe | 
"{1AD16D2F-36CD-4B33-ABF4-C7692C24DF9C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{1EBAA546-8C25-40CA-A656-900CE43DC418}" = protocol=6 | dir=in | app=e:\spiele\call of duty 4\iw3mp.exe | 
"{1F14BED8-4BB1-44B2-8798-E42006B379A4}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{1F1CE1A5-82A0-46E0-8F14-CEEC09069AA9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{2923420D-EA11-4C92-A2E7-D7411867606F}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2D1BC2E3-CF3E-4404-9436-54960FFF96CF}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{3DA659AE-1E28-4D11-A1CF-990C17D1071F}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | 
"{3FBD2297-8324-4DE0-ACFB-02EEC841F770}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{411F757C-7E25-490A-9177-84867E0F42EF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{448A5067-A5C7-4911-BDB3-F226C504A804}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{452BFB4D-9762-4420-8E4D-9DB1FC936F7F}" = protocol=6 | dir=in | app=d:\mass effect 2\masseffect2launcher.exe | 
"{46FCB70D-F516-40F5-88F0-E8BA96D45EEC}" = protocol=6 | dir=in | app=d:\dragon age\daoriginslauncher.exe | 
"{4C2E175F-6C6F-4704-8F6A-93D1479179E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe | 
"{4CD2980B-92D0-4870-AFC5-C583C876E67C}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{4E3C3441-DEC0-49D7-A3A7-691E0DE0E858}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{501B9B63-E214-4EDD-915E-4C27C74C007E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{568FD40C-FCC0-43F1-AF45-7CFE12F46819}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{60888C25-1B70-42C3-9517-47E78035CA57}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\masseffectlauncher.exe | 
"{671F1B4A-C281-4CD5-92B0-EDC661EE3832}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{6A9FB3B7-914D-42DB-8BA7-A0D0A4548F2B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{6FF54558-8A62-404F-9339-25AE63E935C5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{70CEB372-6D8B-4A15-9855-C5A74E08291A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{71578473-28AB-4F38-B619-3BD252D99D1B}" = protocol=6 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe | 
"{76C5AA80-F39E-4505-8DA1-9AF4D131D355}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7BE2817C-D580-4284-B146-FD36CA8147E6}" = dir=in | app=c:\program files (x86)\skype\plugin manager\skypepm.exe | 
"{83A549C1-A811-4DC7-9369-8367F389A02B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8E63F69D-DFD4-4E96-8B97-928B6340B83E}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{90F77F55-A927-4974-A595-3A1543622299}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{91F90BE3-E1D4-4839-BB77-EC689EE84A06}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe | 
"{949B8B59-5674-4DEA-8A25-24448D6561FC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{95A074D2-C4D5-4177-8B29-E7BEA5664F73}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{95A61992-60E4-4294-8B8A-5443395A41A9}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9F864F54-4A17-421F-8B63-9BFD08E3ED60}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\acbsp.exe | 
"{A31C1EE2-A868-4E16-BADB-437067629D2F}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daorigins.exe | 
"{A4B25B97-CF42-423B-AAAC-81BE56B19E3F}" = protocol=6 | dir=in | app=d:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{AA9E7578-2164-42DE-8A62-F8D1BF67493B}" = protocol=17 | dir=in | app=d:\mass effect 2\binaries\masseffect2.exe | 
"{ADABAD31-E8C7-4730-9540-0BF4AA54B206}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{AF3B51FE-CF06-4381-BC40-4EC9362D571C}" = protocol=17 | dir=in | app=e:\spiele\call of duty 4\iw3mp.exe | 
"{AFD8CFE3-F083-41EB-8189-794CA95C38E2}" = protocol=6 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | 
"{BF55D5A3-2DA2-479B-84AF-511C3FAF77CF}" = protocol=17 | dir=in | app=d:\mass effect 2\masseffect2launcher.exe | 
"{C5D7B851-D33C-49D5-B61F-2C89060085E3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{CCD07AA1-2CAD-472C-8E60-88F891353624}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\acbmp.exe | 
"{CF700603-5D49-4F95-8408-E0CC0C5595A0}" = protocol=17 | dir=in | app=d:\dragon age\daoriginslauncher.exe | 
"{D318D829-DF98-4107-B190-5F9016E8A323}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{D3A5C712-1614-4FDE-9764-92FE183A0D00}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{D52A1B56-1747-4F83-90AC-1FA119E727EE}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\halo 2\halo2.exe | 
"{D57E28CA-36BD-4F49-9D30-F1B97EDA080F}" = protocol=17 | dir=in | app=d:\dragon age\bin_ship\daupdatersvc.service.exe | 
"{D695ED2A-AAAB-4E00-857D-5C9D817BDFD5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{D70FD49B-C2F3-422A-9F55-D371FCF12AFB}" = protocol=17 | dir=in | app=c:\program files (x86)\mass effect\binaries\masseffect.exe | 
"{EAE05A52-2035-46A3-8F27-CB4094710FFB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EF2C83AB-F1C6-4C69-A729-164E61F946EF}" = protocol=6 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{F9FF7112-6089-43E3-9D7E-AD892E759382}" = protocol=17 | dir=in | app=d:\assassin's creed brotherhood\uplaybrowser.exe | 
"{FAC199D3-FBC4-4C24-9AD2-568FA61F49D7}" = protocol=17 | dir=in | app=c:\program files\hp\hp officejet 6500 e710a-f\bin\hpnetworkcommunicator.exe | 
"{FC8E3844-3501-430D-BC69-D16777FD305B}" = protocol=6 | dir=in | app=d:\assassin's creed brotherhood\uplaybrowser.exe | 
"TCP Query User{289EEED0-7B56-46CF-A691-719590CCFCBE}D:\dawn of war soulstorm\soulstorm.exe" = protocol=6 | dir=in | app=d:\dawn of war soulstorm\soulstorm.exe | 
"TCP Query User{3EF1F42A-8B11-4FFC-8E1D-82E94532DFAD}D:\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=d:\der herr der ringe online\lotroclient.exe | 
"TCP Query User{79A52499-3487-4A23-94AD-0FDAEA077CBE}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=6 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe | 
"TCP Query User{92C0E751-7196-417B-A88A-135AB1CC614E}E:\spiele\dawn of war - dark crusade\darkcrusade.exe" = protocol=6 | dir=in | app=e:\spiele\dawn of war - dark crusade\darkcrusade.exe | 
"TCP Query User{93465E5D-3264-49EB-86A6-8CFC17D63968}D:\crysis 2\bin32\crysis2.exe" = protocol=6 | dir=in | app=d:\crysis 2\bin32\crysis2.exe | 
"TCP Query User{95C74926-6CED-419B-AD83-82B9EC869BBF}D:\dawn of war + wa\w40kwa.exe" = protocol=6 | dir=in | app=d:\dawn of war + wa\w40kwa.exe | 
"TCP Query User{A8B68537-777E-4FE6-8A66-B7D8D46CD632}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{B0A5FB4A-ABC7-47F2-BC61-1379A146EF1D}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{CA77532B-B6A3-46C2-9BFD-E14ECF351137}D:\dawn of war + wa\w40k.exe" = protocol=6 | dir=in | app=d:\dawn of war + wa\w40k.exe | 
"TCP Query User{D631732F-910A-4861-B912-613724E9C0D3}D:\dead space\dead space.exe" = protocol=6 | dir=in | app=d:\dead space\dead space.exe | 
"TCP Query User{F5170D53-F380-4C83-A495-4057992E7378}C:\users\max\appdata\roaming\voyl\heawt.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\roaming\voyl\heawt.exe | 
"TCP Query User{F8B750DA-7EA9-4D6C-B864-9E74443DDC36}G:\fscommand\updater.exe" = protocol=6 | dir=in | app=g:\fscommand\updater.exe | 
"UDP Query User{05417A5E-560A-4912-8E59-6DF9A3F27971}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{2EE32100-AC02-42C0-A377-1ADAB16FB342}C:\users\max\appdata\roaming\voyl\heawt.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\roaming\voyl\heawt.exe | 
"UDP Query User{3EC18F2F-F4D9-4771-9AEC-FE24E586620A}D:\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=d:\der herr der ringe online\lotroclient.exe | 
"UDP Query User{47D90081-5A12-4926-AE9F-C5757F6F2EC3}D:\dawn of war soulstorm\soulstorm.exe" = protocol=17 | dir=in | app=d:\dawn of war soulstorm\soulstorm.exe | 
"UDP Query User{51457E37-40B4-401B-8DE8-5000180C75E6}E:\spiele\anno 1404\tools\anno4web.exe" = protocol=17 | dir=in | app=e:\spiele\anno 1404\tools\anno4web.exe | 
"UDP Query User{60BAF272-01D2-4346-8076-A16E65E5CCAB}E:\spiele\dawn of war - dark crusade\darkcrusade.exe" = protocol=17 | dir=in | app=e:\spiele\dawn of war - dark crusade\darkcrusade.exe | 
"UDP Query User{665A20F1-C0B8-4D54-8442-B656CB52F651}D:\dawn of war + wa\w40k.exe" = protocol=17 | dir=in | app=d:\dawn of war + wa\w40k.exe | 
"UDP Query User{87584803-2D7E-45F1-8685-292B0D66719D}D:\dawn of war + wa\w40kwa.exe" = protocol=17 | dir=in | app=d:\dawn of war + wa\w40kwa.exe | 
"UDP Query User{DC92E7E4-ED94-4E22-98AD-D2C0F2954B61}D:\dead space\dead space.exe" = protocol=17 | dir=in | app=d:\dead space\dead space.exe | 
"UDP Query User{E4EB4A79-ECA3-42FB-9275-C5BE3F6863FD}D:\crysis 2\bin32\crysis2.exe" = protocol=17 | dir=in | app=d:\crysis 2\bin32\crysis2.exe | 
"UDP Query User{E7FF04D0-E4D2-4B49-BD5C-E0601488FC95}G:\fscommand\updater.exe" = protocol=17 | dir=in | app=g:\fscommand\updater.exe | 
"UDP Query User{FB8D872F-129F-4AC3-892F-25F087E5BDB2}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2C4FFF38-9FA5-C451-E79D-FAB3848C7F5A}" = ccc-utility64
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8F4884F1-488D-4738-8F71-65A378BB484C}" = HP Officejet 6500 E710a-f - Grundlegende Software für das Gerät
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EA6138FF-7608-1195-6E32-F8A7F00CDB89}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{037CD593-D760-4A00-B030-7BBAFA1123FE}" = HP Officejet 6500 E710a-f Hilfe
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = Halo 2 for Windows Vista
"{15C82F5E-6EA9-44FE-A0FC-B6D08A684037}" = TubeBox!
"{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}" = Mass Effect
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FF713E1-FE5E-4AD0-9C8C-B2E877846B45}" = Catalyst Control Center - Branding
"{20533183-D42D-4261-A125-956736FBEA8C}" = Dawn of War - Soulstorm
"{20FC1593-0BA0-4334-8786-E634FC011B69}_is1" = Underhell version 1.5
"{3EA20BCC-983E-E2FB-7655-F701160703AF}" = Catalyst Control Center HydraVision Full
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{4DDF49C7-E23B-28E4-D899-DE1950411061}" = Catalyst Control Center Graphics Light
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{61814DD5-D192-7D9F-4070-08058E94C765}" = Catalyst Control Center Core Implementation
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B3CA80E-6AC0-4725-BABF-9B0FEF880CB3}" = Power Tab Editor 1.7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{839916F4-D8B5-4407-BE6D-6D4EB9D96AF4}" = LIVE gaming on Windows Runtime Version 1.0.6027
"{8678BD65-D66E-48BB-8531-91D0EF8998A1}" = Hercules Classic Silver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8B251F4A-0B78-2045-B802-CDB67F594E53}" = Catalyst Control Center Graphics Previews Vista
"{8F808D5F-7635-EE62-F2B4-42D72D74443C}" = Catalyst Control Center Graphics Previews Common
"{91120407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A2B3C27C-1F09-47C6-9A90-9683BEFD7963}" = Dawn of War - Soulstorm
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B11D111C-ADA8-B61D-940D-BB85A7B9F9F8}" = Catalyst Control Center InstallProxy
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BC4C00F4-3043-BA09-C401-A4728663ECCE}" = ccc-core-static
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C27B2B08-B5BD-A210-73AF-83A740ECC32F}" = Catalyst Control Center Graphics Full New
"{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX
"{C6AA63A6-3248-2D28-3BAA-AA9C6B8D84BE}" = CCC Help English
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{D0B36BAF-3E9D-423E-8821-ED238C18DB0A}" = Warhammer 40,000: Dawn Of War - Gold Edition
"{D1FD3035-DD6F-4A17-BC30-784E97EFBC68}" = Gothic III - Forsaken Gods
"{DFF10B77-36EB-4B73-AA8B-2B98E74EC3C7}" = YouTube Downloader Toolbar v4.5
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{F18EF558-2BCE-99DE-4021-46726B061BD2}" = Catalyst Control Center Graphics Full Existing
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = Der Herr der Ringe Online v03.02.04.8010
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup.divx.com" = DivX-Setup
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Guitar Pro 5_is1" = Guitar Pro 5.0
"Halo 2" = Halo 2 for Windows Vista
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}" = Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"PunkBusterSvc" = PunkBuster Services
"Star Wars: The Force Unleashed_is1" = Star Wars: The Force Unleashed
"Steam App 215" = Source SDK Base 2006
"Steam App 220" = Half-Life 2
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"VLC media player" = VLC media player 1.1.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 03.08.2011 05:12:43 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung sed.cfxxe, Version 0.0.0.0, Zeitstempel 0x420c7c1c,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x7546a57d,  Prozess-ID 0x10e4, Anwendungsstartzeit 01cc51bd807f18c3.
 
Error - 03.08.2011 05:12:49 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung swreg.cfxxe, Version 3.0.0.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x7546a57d,  Prozess-ID 0x8cc, Anwendungsstartzeit 01cc51bd845eeb03.
 
Error - 03.08.2011 05:13:00 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung swreg.cfxxe, Version 3.0.0.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x7546a57d,  Prozess-ID 0x898, Anwendungsstartzeit 01cc51bd8a6ca387.
 
Error - 03.08.2011 05:16:52 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GoogleUpdate.exe, Version 1.2.183.21, Zeitstempel
 0x4b95e661, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7591a57d,  Prozess-ID 0x9c, Anwendungsstartzeit
 01cc51be134df05d.
 
Error - 03.08.2011 05:17:07 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2011 05:17:22 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung swxcacls.cfxxe, Version 1.0.1.1, Zeitstempel
 0x2a425e19, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x7591a57d,  Prozess-ID 0xd4, Anwendungsstartzeit
 01cc51be27007deb.
 
Error - 03.08.2011 05:21:17 | Computer Name = Max-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung swreg.cfxxe, Version 3.0.0.0, Zeitstempel 0x2a425e19,
 fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
 0xc0000005, Fehleroffset 0x7591a57d,  Prozess-ID 0x4c8, Anwendungsstartzeit 01cc51beb3341a48.
 
Error - 03.08.2011 06:20:49 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 03.08.2011 16:48:52 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 04.08.2011 05:08:35 | Computer Name = Max-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 31.03.2011 08:49:58 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 30.03.2011 um 16:57:27 unerwartet heruntergefahren.
 
Error - 01.04.2011 09:09:04 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2011 um 20:23:49 unerwartet heruntergefahren.
 
Error - 03.04.2011 03:54:24 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 03.04.2011 um 00:14:33 unerwartet heruntergefahren.
 
Error - 04.04.2011 14:53:24 | Computer Name = Max-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 05.04.2011 10:54:19 | Computer Name = Max-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{6B85F01E-F46E-4925-A70D-8C9BEFCA1ACD} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 05.04.2011 10:54:19 | Computer Name = Max-PC | Source = netbt | ID = 4321
Description = Der Name "MAX-PC         :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 0.0.0.0  registriert werden. Der Computer mit IP-Adresse ***********
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 08.04.2011 09:08:24 | Computer Name = Max-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 07.04.2011 um 21:03:58 unerwartet heruntergefahren.
 
Error - 12.04.2011 08:37:08 | Computer Name = Max-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
Error - 12.04.2011 13:31:07 | Computer Name = Max-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 14.04.2011 13:35:34 | Computer Name = Max-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk3\DR3.
 
 
< End of report >

--- --- ---

Swisstreasure · 04.08.2011, 12:52

Schritt 1

WICHTIG! Hier im Script den Bereich *** mit dem richtigen Pfad ergänzen.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
PRC - [2011.06.24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
SRV - [2011.06.24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
O4 - HKCU..\Run: [Nfitoba] C:\Users\Max\AppData\Local\cpiadp.dll (Axalto)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
:Files
C:\Users\Max\AppData\Roaming\Yxwe
C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\cyno.exe
C:\users\***\AppData\Local\Tvefuse.bin
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Anubiss · 04.08.2011, 21:56

Also, hier das OTL:

All processes killed
========== OTL ==========
No active process named SearchSettings.exe was found!
Process ApplicationUpdater.exe killed successfully!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nfitoba deleted successfully.
C:\Users\Max\AppData\Local\cpiadp.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\wtxpcom folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings folder moved successfully.
C:\Program Files (x86)\Common Files\Spigot folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== FILES ==========
C:\Users\Max\AppData\Roaming\Yxwe folder moved successfully.
C:\users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\cyno.exe moved successfully.
C:\users\Max\AppData\Local\Tvefuse.bin moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 188512 bytes
->Temporary Internet Files folder emptied: 1225938 bytes
->FireFox cache emptied: 43349135 bytes
->Flash cache emptied: 3521 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 7192 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43,00 mb

OTL by OldTimer - Version 3.2.26.1 log created on 08042011_194132

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Anubiss · 04.08.2011, 21:58

Das mit dem Ausführen bei schritt 2 hat nict geklappt (auch ohne ")
Habe aber eine log datei manuell in em Programm gefunden:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=97119e5bfe109c49aee85724196cba93
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-08-04 08:45:28
# local_time=2011-08-04 10:45:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 173672 173672 0 0
# compatibility_mode=1797 16775165 100 94 1391967 49018108 1384614 0
# compatibility_mode=5892 16776573 100 56 207875 150005347 0 0
# compatibility_mode=8192 67108863 100 0 193 193 0 0
# scanned=278137
# found=8
# cleaned=0
# scan_time=9441
C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Max\AppData\Roaming\Sun\cwnmw.dll.vir probably a variant of Win32/PSW.Agent.JEFGNTY trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08042011_194132\C_Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08042011_194132\C_Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08042011_194132\C_Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08042011_194132\C_Users\Max\AppData\Local\cpiadp.dll a variant of Win32/Kryptik.RBG trojan (unable to clean) 00000000000000000000000000000000 I
E:\Spiele\Dungeon Siege 2\ds2_dvd.iso probably a variant of Win32/Agent.MTSNIQX trojan (unable to clean) 00000000000000000000000000000000 I
E:\Spiele\Dungeon Siege 2\updates\Trainer\asx-ds2\asx-ds2.exe probably a variant of Win32/Agent.MTSNIQX trojan (unable to clean) 00000000000000000000000000000000 I

Swisstreasure · 05.08.2011, 00:33

Noch Probleme?

Ich bin bis am Sonntag abwesend. Melde mich dann aber gleich wieder.

Anubiss · 06.08.2011, 15:08

Also erstmal vielen Dank! Virtumonde schient jetzt weg zu sein
Habe aber immer noch Probleme: Nachdem ich heute kurz wieder im Internet war hat meine Computer plötzlich per Boxen angefangen irgendetwas von ner Las Vegas Hotline zu erzählen. War kein Popup oder sowas lief auch weiter nachdem aller Internetseiten zu waren, erst das abklemmen der Verbindung beendete den Spuk. Habe jetzt noch mal einen Scan mit Malwarebytes gemacht da wird angezeigt das noch 6 Untermieter da sind. Kann man die einfach gefahrlos mit dem Programm niedermachen? Kannst du mir da auch noch weiterhelfen?

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7358

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

06.08.2011 15:57:32
mbam-log-2011-08-06 (15-57-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 170001
Laufzeit: 3 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 6
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
c:\Windows\temp\kvsqsb\setup.exe (Spyware.Passwords.XGen) -> 1772 -> No action taken.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\AMService (Spyware.Passwords.XGen) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{F3FEE66E-E034-436a-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F3FEE66E-E034-436A-86E4-9690573BEE8A} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nfitoba (Trojan.Agent.U) -> Value: Nfitoba -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Windows\temp\kvsqsb\setup.exe (Spyware.Passwords.XGen) -> No action taken.
c:\program files (x86)\youtube downloader toolbar\IE\4.5\youtubedownloadertoolbarie.dll (PUP.Dealio.TB) -> No action taken.

Swisstreasure · 07.08.2011, 13:29

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Anubiss · 07.08.2011, 15:20

Eine Extra Datei wurde vom Programm nicht erstellt (?):
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.08.2011 16:01:52 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\Max\Desktop\Security
64bit-Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 68,42% Memory free
8,17 Gb Paging File | 6,71 Gb Available in Paging File | 82,22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,10 Gb Total Space | 34,93 Gb Free Space | 23,43% Space Free | Partition Type: NTFS
Drive D: | 300,00 Gb Total Space | 77,19 Gb Free Space | 25,73% Space Free | Partition Type: NTFS
Drive E: | 148,99 Gb Total Space | 16,96 Gb Free Space | 11,39% Space Free | Partition Type: NTFS
Drive F: | 296,17 Gb Total Space | 169,86 Gb Free Space | 57,35% Space Free | Partition Type: NTFS
Drive I: | 246,75 Mb Total Space | 246,73 Mb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) -- C:\Windows\temp\kvsqsb\setup.exe
PRC - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
PRC - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 15:54:46 | 000,020,880 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2011.06.24 15:54:36 | 003,373,968 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2011.05.01 12:00:48 | 003,071,384 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\SysWOW64\dgdersvc.exe
PRC - [2009.04.11 08:28:11 | 000,217,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\WerFault.exe
PRC - [2008.01.21 04:47:38 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE
PRC - [2006.12.28 01:00:00 | 001,454,080 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.08.04 11:02:58 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\Security\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.09.24 00:28:02 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011.08.06 12:57:05 | 000,039,424 | ---- | M] (Tricky Perry Shade) [Auto | Start_Pending] -- C:\Windows\TEMP\kvsqsb\setup.exe -- (AMService)
SRV - [2011.07.23 15:56:30 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.06.30 16:38:05 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 16:51:20 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.09.06 09:16:58 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\dgdersvc.exe -- (dgdersvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 22:07:16 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.03.30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.09.12 18:15:50 | 000,087,288 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006.12.28 01:00:00 | 000,356,352 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.30 16:38:06 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.30 16:38:06 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.03.06 16:11:34 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.12.30 19:05:53 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.09.06 09:19:54 | 000,020,552 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dgderdrv.sys -- (dgderdrv)
DRV:64bit: - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.07.20 12:38:24 | 000,159,208 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2010.07.20 12:38:24 | 000,125,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV:64bit: - [2010.07.20 12:38:24 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV:64bit: - [2010.04.27 04:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 04:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 04:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.09.30 16:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.24 01:01:24 | 006,175,744 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.04.22 15:46:06 | 003,552,384 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.02.09 00:43:10 | 000,111,104 | ---- | M] (Guillemot Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hxctlflt.sys -- (hxctlflt)
DRV:64bit: - [2008.01.21 04:45:19 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2006.12.28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006.12.28 01:00:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2006.10.03 04:13:44 | 000,051,200 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2006.09.18 23:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV - [2010.09.06 09:16:58 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.09.06 09:11:32 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {b749fc7c-e949-447f-926c-3f4eed6accfe}:0.7.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=937811&p="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.06 12:35:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.06.24 13:26:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.05.06 19:49:47 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Max\AppData\Roaming\5016 [2011.06.08 18:38:58 | 000,000,000 | ---D | M]
 
[2010.12.30 20:08:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Extensions
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions
[2011.01.01 15:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.01 14:24:08 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\sjrc5bed.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.05 22:38:26 | 000,002,094 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\sjrc5bed.default\searchplugins\ecosia.xml
[2011.07.22 22:51:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.12.30 19:47:20 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
[2011.07.22 22:51:31 | 000,000,000 | ---D | M] (YouTube Downloader Toolbar) -- C:\PROGRAM FILES (X86)\YOUTUBE DOWNLOADER TOOLBAR\FF
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\MAX\APPDATA\ROAMING\5016
() (No name found) -- C:\USERS\MAX\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SJRC5BED.DEFAULT\EXTENSIONS\{B749FC7C-E949-447F-926C-3F4EED6ACCFE}.XPI
[2011.06.24 13:26:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.06 19:49:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.05.06 19:49:46 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.05.06 19:49:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.06 19:49:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.05.06 19:49:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.05.06 19:49:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (YouTube Downloader Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.5\youtubedownloaderToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Nfitoba]  File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.08.05 14:57:49 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011.08.05 14:25:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.08.05 14:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.08.05 13:50:34 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Security
[2011.08.04 20:04:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2011.08.04 19:41:32 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.08.03 12:19:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.08.03 11:22:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.08.03 11:14:01 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\temp
[2011.08.03 11:08:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.08.03 11:08:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.08.03 11:08:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.08.03 11:08:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.08.03 11:07:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.08.02 20:36:16 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes
[2011.08.02 20:36:07 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.08.02 20:36:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.08.02 20:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.08.02 20:36:03 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.08.02 20:36:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.08.02 19:53:36 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.08.02 19:53:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.07.31 13:15:30 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.07.30 11:23:52 | 000,254,528 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.30 11:23:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2011.07.30 11:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.07.28 15:15:27 | 000,000,000 | ---D | C] -- C:\Temp
[2011.07.28 15:13:08 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Samsung
[2011.07.28 15:12:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011.07.28 15:12:20 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011.07.28 15:11:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011.07.28 12:37:33 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\Samsung
[2011.07.28 12:22:14 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Downloaded Installations
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwhnt.sys
[2011.07.28 11:48:14 | 000,013,800 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadwh.sys
[2011.07.28 11:48:13 | 000,159,208 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdm.sys
[2011.07.28 11:48:13 | 000,125,416 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadbus.sys
[2011.07.28 11:48:13 | 000,016,872 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadmdfl.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcmnt.sys
[2011.07.28 11:48:13 | 000,013,288 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\ssadcm.sys
[2011.07.28 11:44:04 | 000,172,104 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdm.sys
[2011.07.28 11:44:04 | 000,136,264 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdbus.sys
[2011.07.28 11:44:04 | 000,019,016 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdmdfl.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwhnt.sys
[2011.07.28 11:44:04 | 000,015,944 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdwh.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcmnt.sys
[2011.07.28 11:44:04 | 000,015,432 | ---- | C] (MCCI Corporation) -- C:\Windows\SysNative\drivers\sscdcm.sys
[2011.07.28 11:41:37 | 000,020,480 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\FsExService64.Exe
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysWow64\drivers\TFsExDisk.Sys
[2011.07.28 11:41:37 | 000,016,392 | ---- | C] (Teruten Inc) -- C:\Windows\SysNative\drivers\TFsExDisk.sys
[2011.07.28 11:40:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.28 11:38:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011.07.28 11:38:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011.07.28 11:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Samsung
[2011.07.23 20:58:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.07.23 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.07.23 20:55:54 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.07.23 20:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\HP
[2011.07.23 17:37:46 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\HP
[2011.07.23 15:56:22 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\PunkBuster
[2011.07.22 22:51:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\YouTube Downloader Toolbar
[2011.07.22 22:46:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jens Lorek
[1 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.08.07 16:04:40 | 001,733,766 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.08.07 16:04:40 | 000,736,506 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.08.07 16:04:40 | 000,686,604 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.08.07 16:04:40 | 000,172,314 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.08.07 16:04:40 | 000,140,882 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.08.07 15:59:44 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.08.07 15:59:41 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 15:59:41 | 000,004,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.07 15:59:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.08.07 14:43:51 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2011.08.07 14:24:11 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.08.05 20:00:23 | 491,235,291 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.08.05 11:16:36 | 000,074,240 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.02 14:57:20 | 000,000,321 | ---- | M] () -- C:\Windows\wininit.ini
[2011.08.02 13:58:12 | 000,000,000 | ---- | M] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 13:55:14 | 000,250,656 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.08.02 13:42:59 | 000,000,732 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2011.08.02 11:35:15 | 000,000,120 | ---- | M] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.07.30 11:23:52 | 000,254,528 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.07.28 15:12:29 | 000,001,788 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.28 13:29:24 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 13:22:25 | 000,002,006 | ---- | M] () -- C:\aqua_bitmap.cpp
[2011.07.25 23:14:40 | 000,001,356 | ---- | M] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2011.07.23 20:58:50 | 000,002,115 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:30 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.23 15:56:25 | 000,270,408 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[1 C:\Users\Max\AppData\Local\*.tmp files -> C:\Users\Max\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.08.05 20:00:23 | 491,235,291 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.08.03 11:08:12 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.08.03 11:08:12 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.08.03 11:08:12 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.08.03 11:08:12 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.08.03 11:08:12 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.08.02 13:57:56 | 000,000,000 | ---- | C] () -- C:\Users\Max\AppData\Local\{12916667-5210-4A38-9F85-638A4C1756FD}
[2011.08.02 12:24:53 | 000,000,321 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.02 11:35:15 | 000,000,120 | ---- | C] () -- C:\Users\Max\AppData\Local\Lbanirakipejo.dat
[2011.07.28 15:12:29 | 000,001,788 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011.07.28 15:05:04 | 000,002,403 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.07.28 15:04:42 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.07.28 13:29:24 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2011.07.28 11:38:18 | 000,002,006 | ---- | C] () -- C:\aqua_bitmap.cpp
[2011.07.23 20:59:23 | 000,000,803 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.07.23 20:58:50 | 000,002,115 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,795 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrintCenter - HP Officejet 6500 E710a-f.lnk
[2011.07.23 20:58:49 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\HP Officejet 6500 E710a-f Scan.lnk
[2011.07.23 15:56:25 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2011.07.06 12:37:12 | 000,270,408 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.07.06 12:37:10 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.06.07 11:13:38 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.05.01 19:09:37 | 000,000,091 | ---- | C] () -- C:\Users\Max\AppData\Local\fusioncache.dat
[2011.03.16 21:00:01 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.12.31 15:16:28 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.12.30 19:51:01 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.12.30 19:49:52 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010.12.30 18:52:46 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.30 16:25:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.30 12:50:31 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010.12.30 12:49:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010.12.30 12:49:14 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010.12.29 19:41:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010.12.29 18:55:58 | 000,000,552 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d8caps.dat
[2010.12.29 18:55:00 | 000,001,356 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps.dat
[2010.12.29 18:53:24 | 000,074,240 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.12.29 17:01:01 | 001,762,112 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.29 14:14:00 | 000,000,732 | ---- | C] () -- C:\Users\Max\AppData\Local\d3d9caps64.dat
[2010.09.06 09:19:40 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2010.09.06 09:19:40 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2010.09.06 09:19:40 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2010.09.06 09:19:40 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2009.08.07 19:51:34 | 000,178,430 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.08.03 01:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2009.08.03 01:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2009.08.03 01:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
[2008.01.21 04:47:53 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 17:30:41 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 14:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 14:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 11:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2003.02.20 18:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011.01.31 20:27:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\25006
[2011.06.08 18:38:58 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\5016
[2010.12.30 19:45:00 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\DAEMON Tools Lite
[2011.07.30 19:55:38 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\ICQ
[2011.07.31 13:15:30 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Jens Lorek
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\kock
[2011.07.06 12:37:09 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\PunkBuster
[2011.07.28 15:10:29 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Samsung
[2011.07.08 14:29:21 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TeamViewer
[2010.12.31 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\TubeBox
[2011.07.23 15:56:17 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\Ubisoft
[2011.06.08 18:38:48 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\xmldm
[2011.08.07 14:43:51 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.08.03 12:19:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.12.30 16:49:48 | 000,000,000 | ---D | M] -- C:\ATI
[2010.12.30 14:52:07 | 000,000,000 | ---D | M] -- C:\Boot
[2006.11.02 17:35:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.12.29 15:01:44 | 000,000,000 | ---D | M] -- C:\Intel
[2008.01.21 05:01:21 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.07.23 20:55:50 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.08.05 14:24:58 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.08.02 20:36:05 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.12.29 14:11:44 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.08.03 11:22:32 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.08.07 16:03:13 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.07.28 15:33:09 | 000,000,000 | ---D | M] -- C:\Temp
[2010.12.30 17:07:15 | 000,000,000 | R--D | M] -- C:\Users
[2011.08.05 20:00:23 | 000,000,000 | ---D | M] -- C:\Windows
[2011.08.04 19:41:32 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_b5f700fe698beb14\explorer.exe
[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_b7eb106e66a7ac19\explorer.exe
[2008.10.29 08:15:50 | 003,087,360 | ---- | M] (Microsoft Corporation) MD5=50514057C28A74BAC2BD04B7B990D615 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_aba256ac352b2919\explorer.exe
[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_b8583e9d7fda0512\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\ERDNT\cache86\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\explorer.exe
[2009.04.11 09:10:17 | 003,079,168 | ---- | M] (Microsoft Corporation) MD5=6B08E54A451B3F95E4109DBA7E594270 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_afbebba22f3bab41\explorer.exe
[2008.10.28 04:30:12 | 003,086,848 | ---- | M] (Microsoft Corporation) MD5=72B9990E45C25AA3C75C4FB50A9D6CE0 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_ac5266dd4e2b0a41\explorer.exe
[2008.10.29 08:49:22 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=BBD8E74F23D7605CB0CDB57A1B25D826 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_ad96661c3246ea1e\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\SysWOW64\explorer.exe
[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_ba1365f4639c6d3c\explorer.exe
[2008.10.30 07:30:07 | 003,081,216 | ---- | M] (Microsoft Corporation) MD5=E404A65EF890140410E9F3D405841C95 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_ae03944b4b794317\explorer.exe
[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_b6a7112f828bcc3c\explorer.exe
[2008.01.21 04:46:34 | 003,080,704 | ---- | M] (Microsoft Corporation) MD5=F6D765FB6B457542D954682F50C26E4F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_add342963219dff5\explorer.exe
[2008.01.21 04:47:14 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_b827ece8667aa1f0\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\SysWOW64\regedit.exe
[2008.01.21 04:48:18 | 000,134,656 | ---- | M] (Microsoft Corporation) MD5=467A3B03E924B7B7EDD16D34740574B0 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_5aa1fb3ac896d9c8\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\ERDNT\cache86\regedit.exe
[2008.01.21 04:47:40 | 000,161,792 | ---- | M] (Microsoft Corporation) MD5=5DFBCE56E689D90AE9E2FB278F80058E -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.0.6001.18000_none_504d50e8943617cd\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\ERDNT\cache86\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\SysWOW64\userinit.exe
[2008.01.21 04:48:25 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\ERDNT\cache64\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\SysNative\userinit.exe
[2008.01.21 04:47:35 | 000,028,160 | ---- | M] (Microsoft Corporation) MD5=A0AB2BB9A92293D9CE66E252719AB5FE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_384755998a0d6941\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache86\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\SysWOW64\wininit.exe
[2008.01.21 04:45:53 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\ERDNT\cache64\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\SysNative\wininit.exe
[2008.01.21 04:48:12 | 000,123,904 | ---- | M] (Microsoft Corporation) MD5=117EA87DF785CA1B9D821F6F213DCE07 -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_8d115452bcae17d8\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\ERDNT\cache64\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\SysNative\winlogon.exe
[2009.04.11 09:11:08 | 000,405,504 | ---- | M] (Microsoft Corporation) MD5=6D0773A3A65D28B663F334C90441D01A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_cdcd15a68a70b877\winlogon.exe
[2008.01.21 04:47:36 | 000,406,016 | ---- | M] (Microsoft Corporation) MD5=856491FCED98093D824B9EB2892F564A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_cbe19c9a8d4eed2b\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SysWOW64\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:48:26 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
 
<           >

< End of report >

--- --- ---

Swisstreasure · 07.08.2011, 17:39

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
O3 - HKLM\..\Toolbar: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O4 - HKCU..\Run: [Nfitoba]  File not found
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

BitDefender QuickScan

Unterstützte Betriebssysteme: Alle
Im IE wird ein ActiveX-Addon installiert und im Firefox ein Addon (was jweils erlaubt werden muss).
Klicke auf "Scan starten".
Klicke auf "Log öffnen".
Das Logfile öffnet sich in Deinem Editor.
Poste mir den Inhalt hier in den Thread.
Achte darauf IPs und persönlichen Daten unkenntlich zu machen.
Deinstallation:
IE => Extras => Uninstall BitDefender Online Scanner.
Firefox => Extras => Addons => BitDefender QuickScan deinstallieren.

05.08.2011, 00:33	#11
Swisstreasure /// Malwareteam	Virtumonde.prx kann nicht entfernt werden Noch Probleme? Ich bin bis am Sonntag abwesend. Melde mich dann aber gleich wieder. Geändert von Swisstreasure (05.08.2011 um 00:52 Uhr)

Virtumonde.prx kann nicht entfernt werden

Log-Analyse und Auswertung: Virtumonde.prx kann nicht entfernt werden