Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Starsear.ch nach Firefox-Plugin download

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 21.12.2011, 16:52   #16
Larusso
/// Selecta Jahrusso
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Okay, dann muss ich da doch nochmal bisschen tiefer rein.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort
Combofix.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 22.12.2011, 09:57   #17
riera77
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



hier bitte sehr.
Code:
ATTFilter
ComboFix 11-12-21.02 - Saki 22.12.2011   2:20.1.2 - x86
Microsoft Windows 7 Enterprise   6.1.7601.1.1252.49.1031.18.1789.1261 [GMT 1:00]
ausgeführt von:: c:\users\Saki\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Antivirus Pro 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\StartBar.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vshareplg.crx
c:\windows\system32\drivers\npf.sys
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))
.
.
2011-12-21 23:15 . 2011-12-21 23:15	56200	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC4F2113-8636-4A11-9C7F-06FA804D14AA}\offreg.dll
2011-12-20 19:53 . 2011-12-20 19:53	--------	d-----w-	c:\users\Saki\AppData\Local\Panda Security
2011-12-20 19:51 . 2010-06-22 17:13	26696	----a-w-	c:\windows\system32\drivers\pavboot.sys
2011-12-20 19:50 . 2007-03-15 18:38	54832	----a-w-	c:\windows\system32\pavcpl.cpl
2011-12-20 19:50 . 2003-10-22 17:23	446464	----a-w-	c:\windows\system32\HHActiveX.dll
2011-12-20 19:50 . 2010-06-21 16:01	520000	----a-w-	c:\windows\system32\PavSHook.dll
2011-12-20 19:50 . 2010-06-21 16:01	87360	----a-w-	c:\windows\system32\PavLspHook.dll
2011-12-20 19:50 . 2010-06-21 16:01	55616	----a-w-	c:\windows\system32\pavipc.dll
2011-12-20 19:50 . 2011-12-20 19:50	--------	d-----w-	c:\windows\system32\PAV
2011-12-20 19:50 . 2010-05-21 12:50	54344	----a-w-	c:\windows\system32\drivers\amm8660.sys
2011-12-20 19:50 . 2010-03-24 11:55	55552	----a-w-	c:\windows\system32\avldr.dll
2011-12-20 19:50 . 2011-12-20 19:52	--------	d-----w-	c:\programdata\Panda Security
2011-12-20 19:50 . 2011-12-20 19:51	--------	d-----w-	c:\program files\Panda Security
2011-12-20 19:50 . 2011-12-20 19:50	--------	d-----w-	c:\users\Saki\AppData\Roaming\Panda Security
2011-12-20 19:48 . 2011-12-20 19:48	--------	d-----w-	c:\program files\Common Files\Panda Security
2011-12-20 19:48 . 2011-02-21 13:38	37448	----a-w-	c:\windows\system32\drivers\ShlDrv51.sys
2011-12-20 19:48 . 2010-05-06 16:11	163848	----a-w-	c:\windows\system32\drivers\PavProc.sys
2011-12-20 19:34 . 2005-04-03 22:01	274432	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-12-20 19:34 . 2005-04-03 22:00	184320	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-12-20 19:34 . 2005-04-03 21:57	32768	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-12-20 19:34 . 2005-04-03 22:02	753664	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-12-20 19:34 . 2005-04-03 22:02	69714	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-12-20 19:34 . 2005-04-03 21:59	5632	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-12-20 19:34 . 2011-12-20 19:34	200836	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-12-20 19:34 . 2011-12-20 19:34	331908	----a-w-	c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-12-20 17:26 . 2011-11-21 10:47	6823496	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC4F2113-8636-4A11-9C7F-06FA804D14AA}\mpengine.dll
2011-12-14 14:08 . 2011-10-15 05:38	534528	----a-w-	c:\windows\system32\EncDec.dll
2011-12-14 14:08 . 2011-10-26 04:28	38912	----a-w-	c:\windows\system32\csrsrv.dll
2011-12-14 14:08 . 2011-10-26 04:47	3912560	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-14 14:08 . 2011-10-26 04:47	3967856	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-12-13 22:32 . 2011-12-13 22:32	--------	d-----w-	c:\programdata\Microsoft Help
2011-12-13 22:32 . 2011-12-13 22:32	--------	d-----w-	c:\users\Saki\AppData\Local\Microsoft Help
2011-12-12 23:24 . 2011-12-12 23:24	--------	d-----w-	c:\users\Saki\AppData\Roaming\f-secure
2011-12-12 23:23 . 2011-12-12 23:23	--------	d-----w-	c:\programdata\F-Secure
2011-12-12 23:17 . 2011-12-12 23:17	--------	d-----w-	c:\windows\Sun
2011-12-11 14:54 . 2011-12-11 14:54	--------	d-----w-	c:\program files\ESET
2011-12-09 18:11 . 2011-12-09 18:11	--------	d-----w-	c:\users\Saki\AppData\Roaming\Malwarebytes
2011-12-09 18:10 . 2011-12-09 18:10	--------	d-----w-	c:\programdata\Malwarebytes
2011-12-09 18:10 . 2011-08-31 16:00	22216	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-09 18:10 . 2011-12-09 18:10	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-12-09 17:58 . 2011-12-09 17:58	--------	d-----w-	C:\_OTL
2011-12-02 21:30 . 2011-12-02 21:30	--------	d-----r-	C:\MSOCache
2011-11-25 22:51 . 2011-12-03 11:37	--------	d-----w-	c:\programdata\VirtualizedApplications
2011-11-24 23:13 . 2011-12-21 18:14	--------	d-----w-	c:\users\Saki\AppData\Roaming\SoftGrid Client
2011-11-24 23:13 . 2011-11-24 23:13	--------	d-----w-	c:\users\Saki\AppData\Local\SoftGrid Client
2011-11-24 23:00 . 2011-11-25 11:33	--------	d-----w-	c:\program files\Microsoft Application Virtualization Client
2011-11-24 22:55 . 2011-11-24 23:03	--------	d-----w-	c:\users\Saki\AppData\Roaming\TP
2011-11-23 20:32 . 2011-11-23 20:32	--------	d-----w-	c:\program files\vShare
2011-11-22 10:52 . 2011-11-22 10:52	--------	d-----w-	c:\programdata\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:25 . 2011-12-14 14:09	2342912	----a-w-	c:\windows\system32\win32k.sys
2011-11-11 19:45 . 2011-05-20 11:16	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:26 . 2011-12-14 14:09	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-03 22:39 . 2011-12-14 23:48	1127424	----a-w-	c:\windows\system32\wininet.dll
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2010-09-28 14:56	472808	----a-w-	c:\windows\system32\deployJava1.dll
2011-09-29 21:59 . 2011-09-29 22:00	6656	----a-w-	c:\windows\system32\bcmwlrc.dll
2011-09-29 21:59 . 2011-09-29 22:00	51712	----a-w-	c:\windows\system32\wltrynt.dll
2011-09-29 21:59 . 2011-09-29 22:00	457	----a-w-	c:\windows\system32\vcredist_x86.bat
2011-09-29 21:59 . 2011-09-29 22:00	2682880	----a-w-	c:\windows\system32\vcredist_x86.exe
2011-09-29 21:59 . 2011-09-29 22:00	91376	----a-w-	c:\windows\system32\bcmwlcoi.dll
2011-09-29 21:59 . 2011-09-29 22:00	2661368	----a-w-	c:\windows\system32\drivers\BCMWL6.SYS
2011-09-29 21:59 . 2011-09-29 22:00	57344	----a-w-	c:\windows\system32\bcmwlrmt.dll
2011-09-29 21:59 . 2011-09-29 22:00	7027200	----a-w-	c:\windows\system32\BCMWLCPL.CPL
2011-09-29 21:59 . 2011-09-29 22:00	953856	----a-w-	c:\windows\system32\BCMLogon.dll
2011-09-29 21:59 . 2011-09-29 22:00	4190208	----a-w-	c:\windows\system32\bcmttls.dll
2011-09-29 21:59 . 2011-09-29 22:00	3555328	----a-w-	c:\windows\system32\bcmihvui.dll
2011-09-29 21:59 . 2011-09-29 22:00	3866624	----a-w-	c:\windows\system32\bcmihvsrv.dll
2011-09-29 21:59 . 2011-09-29 22:00	18424	----a-w-	c:\windows\system32\drivers\bcm42rly.sys
2011-09-29 16:03 . 2011-11-09 14:34	1290608	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:30 . 2011-03-23 23:56	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-11-13 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-11-13 46368]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-05-14 209216]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2011-01-31 656920]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2011-09-29 4367360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [2011-02-02 70464]
.
c:\users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55	55552	----a-w-	c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-10-26 25088]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Saki\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-04 1343400]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [2008-01-16 33152]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 106752]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\Sleen17.sys [2010-02-17 13:21 94560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [2008-09-02 10752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2010-05-06 163848]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2011-01-31 1127448]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [2010-08-16 28992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = 
IE: Free YouTube to Mp3 Converter - c:\users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q=
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
HKLM_ActiveSetup-Nitro PDF Professional - //B
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-LucasArts' Curse of Monkey Island - c:\windows\unin0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-21429813-4147417538-2869700651-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-21429813-4147417538-2869700651-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\program files\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
c:\program files\Broadcom\Broadcom 802.11\bcmwltry.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\LFOGRPOW.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-22  03:22:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-22 02:21
.
Vor Suchlauf: 9 Verzeichnis(se), 74.532.114.432 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 74.279.690.240 Bytes frei
.
- - End Of File - - 3661C637A5B244ED9442A068C5691291
         
gruß
__________________


Alt 22.12.2011, 17:16   #18
Larusso
/// Selecta Jahrusso
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Sieht gut aus,
Noch irgendwelche Auffälligkeiten ?
__________________
__________________

Alt 23.12.2011, 11:44   #19
riera77
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Danke erst mal für das Feedback.
also dieses "schließen erzwingen" beim Herunterfahren ist geblieben. Dazu muss ich sagen, dass mein PC ja sonst keine Auffälligkeiten zeigte. Achso: mein Email-Konto ist jetzt voll mit Spam ich weiß aber nicht in wie weit das mit der Malware zu tun hat.

Schönen Gruß

Alt 23.12.2011, 11:57   #20
Larusso
/// Selecta Jahrusso
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Eventuell zeigt mir das etwas mehr.


Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Klicke Go und poste dein Inhalt der Result.txt.

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 23.12.2011, 15:37   #21
riera77
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Bitte sehr:

Code:
ATTFilter
MiniToolBox by Farbar 
Ran by Saki (administrator) on 23-12-2011 at 15:35:02
Microsoft Windows 7 Enterprise  Service Pack 1 (X86)

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/22/2011 01:47:39 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/22/2011 04:04:15 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/22/2011 04:04:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/22/2011 03:59:19 AM) (Source: Sentinel) (User: )
Description: Unexpected failure scanning file C:\PROGRAM FILES\NAVIGON\NAVIGON FRESH\BIN\QTWEBKIT4.DLL.

If the problem persists, please contact with support.

Error: (12/22/2011 03:56:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/20/2011 09:11:54 PM) (Source: Sentinel) (User: )
Description: Unexpected failure scanning file C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\CVH.EXE.

If the problem persists, please contact with support.

Error: (12/20/2011 09:00:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORDC.EXE, Version: 14.0.6024.1000, Zeitstempel: 0x4d83e4eb
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x14c0
Startzeit der fehlerhaften Anwendung: 0xWINWORDC.EXE0
Pfad der fehlerhaften Anwendung: WINWORDC.EXE1
Pfad des fehlerhaften Moduls: WINWORDC.EXE2
Berichtskennung: WINWORDC.EXE3

Error: (12/20/2011 07:03:47 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"

Error: (12/19/2011 02:23:49 PM) (Source: Application Hang) (User: )
Description: Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14ac

Startzeit: 01ccbe511fff3d0e

Endzeit: 0

Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE

Berichts-ID: a0f853b0-2a44-11e1-8cfd-00247e83dc50

Error: (12/19/2011 02:07:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 9
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:30:26 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/23/2011 03:30:26 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/23/2011 00:59:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Panda On-Access Anti-Malware Service" wurde mit folgendem Fehler beendet: 
%%1

Error: (12/23/2011 11:37:31 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.


Microsoft Office Sessions:
=========================
Error: (12/22/2011 01:47:39 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/22/2011 04:04:15 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\HTC\htc sync 3.0\FDAgentForOutlook64.exe

Error: (12/22/2011 04:04:06 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (12/22/2011 03:59:19 AM) (Source: Sentinel)(User: )
Description: C:\PROGRAM FILES\NAVIGON\NAVIGON FRESH\BIN\QTWEBKIT4.DLL

Error: (12/22/2011 03:56:34 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe

Error: (12/20/2011 09:11:54 PM) (Source: Sentinel)(User: )
Description: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\CVH.EXE

Error: (12/20/2011 09:00:36 PM) (Source: Application Error)(User: )
Description: WINWORDC.EXE14.0.6024.10004d83e4ebunknown0.0.0.000000000c00000050000000114c001ccbf50c1c5d7eaQ:\140066.deu\Office14\WINWORDC.EXEunknown4783e3d1-2b45-11e1-b4a1-00247e83dc50

Error: (12/20/2011 07:03:47 PM) (Source: Windows Backup)(User: )
Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)

Error: (12/19/2011 02:23:49 PM) (Source: Application Hang)(User: )
Description: WINWORDC.EXE0.0.0.014ac01ccbe511fff3d0e0Q:\140066.deu\Office14\WINWORDC.EXEa0f853b0-2a44-11e1-8cfd-00247e83dc50

Error: (12/19/2011 02:07:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\HTC\htc sync 3.0\FDAgentForOutlook64.exe


=========================== Installed Programs ============================

AC3Filter 1.63b (Version: 1.63b)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) - Deutsch (Version: 10.1.1)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Ashampoo Photo Commander 7.60 (Version: 7.6.0)
AudibleManager (Version: 1999395552.48.56.5770610)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.18.12)
Broadcom Wireless Utility (Version: 5.60.18.12)
CCleaner (Version: 3.04)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Companion Suite Pro LL2 (Version: 1.1.12)
Companion Suite Pro LL2 Drivers (Version: 1.1.12)
D3DX10 (Version: 15.4.2368.0902)
DivX-Setup (Version: 2.5.0.8)
ESET Online Scanner v3
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.8
Freebie Notes (Version: 3.42.1.3700)
GIMP 2.6.11 (Version: 2.6.11)
HP ESU for Microsoft Windows 7 (Version: 1.1.8.1)
HP Quick Launch Buttons (Version: 6.50.17.1)
HP System Default Settings (Version: 2.1.2)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0.25.0)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.013)
HTC Sync (Version: 3.0.5579)
IDT Audio (Version: 1.0.6222.0)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 29 (Version: 6.0.290)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes' Anti-Malware Version 1.51.2.1300 (Version: 1.51.2.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.6109.5003)
Microsoft Silverlight (Version: 5.0.60401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WorldWide Telescope (Version: 2.8.15)
MiniTool Partition Wizard Home Edition 5.2
Mozilla Firefox 8.0 (x86 de) (Version: 8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NAVIGON Fresh 3.3.1 (Version: 3.3.1)
Nitro PDF Professional (Version: 5.5.2.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
Opera 11.60 (Version: 11.60.1185)
Panda Antivirus Pro 2012 (Version: 11.00.00)
Panda Secure Vault 5
PDF Complete Special Edition (Version: 4.0.33)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.71.80.42)
RuntimeInstallieren (Version: 1.20.0001)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Scribus 1.3.9 (Version: 1.3.9)
ScummVM 1.2.1
SIGNAL IDUNA Beratungssoftware freie Vertriebe (Version: 011.21.0001)
SopCast 3.3.2 (Version: 3.3.2)
Spybot - Search & Destroy (Version: 1.6.2)
Steganos Online-Banking 2011 (Version: 1.1)
Streamripper (Remove only)
Synaptics Pointing Device Driver (Version: 13.2.6.2)
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Veetle TV 0.9.18 (Version: 0.9.18)
vShare Plugin
Winamp (Version: 5.601 )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
xp-AntiSpy 3.97-9
Xvid 1.1.3 final uninstall (Version: 1.1)
Zak McKracken - Between Time and Space

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 1788.87 MB
Available physical RAM: 664.11 MB
Total Pagefile: 3577.73 MB
Available Pagefile: 1928.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146.39 GB) (Free:69.73 GB) NTFS
2 Drive d: () (Fixed) (Total:151.6 GB) (Free:19.91 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\SAKI-PC

Administrator            Gast                     Saki                     
Der Befehl wurde erfolgreich ausgefhrt.


**** End of log ****
         
Gruß

Alt 25.12.2011, 05:19   #22
Larusso
/// Selecta Jahrusso
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Auch nichts :/

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort
FRST.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 25.12.2011, 16:30   #23
riera77
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Frohe Weihnachten allen hier auf dem Board

Code:
ATTFilter
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-12-25 16:23:29
Running from G:\
Windows 7 Enterprise   (X86) OS Language: German Standard 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2007-11-13] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2007-11-13] (Nuance Communications, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [209216 2009-05-14] ()
HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [4367360 2011-09-29] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-13] (IDT, Inc.)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [593920 2011-08-22] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1047208 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s [1000768 2011-04-13] (Panda Security, S.L.)
HKLM\...\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [70464 2011-02-02] (Panda Security, S.L.)
HKU\Saki\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
Winlogon\Notify\avldr: avldr.dll (On-Access Anti-Malware Scanner Sync)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

================================ Services (Whitelisted) ==================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2009-08-18] (AMD)
2 FUSServices; C:\Windows\system32\FUSServices.exe [10752 2008-09-02] ()
2 Panda Software Controller; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe" [173312 2009-08-10] (Panda Security, S.L.)
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
2 PAVFNSVR; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe" [202048 2010-10-20] (Panda Security, S.L.)
2 PavPrSrv; "C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe" [62768 2008-02-04] (Panda Security, S.L.)
2 PAVSRV; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe" [314176 2010-06-04] (Panda Security, S.L.)
2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [1127448 2011-02-01] (PDF Complete Inc)
2 PSIMSVC; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe" [108288 2008-06-19] (Panda Security S.L.)
2 PskSvcRetail; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe" [28992 2010-08-16] (Panda Security, S.L.)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-13] (IDT, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-14] (Microsoft Corporation)
2 TPSrv; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe" [156992 2011-04-14] (Panda Security, S.L.)
2 wltrysvc; "C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe" [3718656 2011-09-29] (Broadcom Corporation)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1161664 2009-04-06] (LSI Corporation)
2 AmFSM; C:\Windows\System32\DRIVERS\amm8660.sys [54344 2010-05-21] (Panda Security, S.L.)
3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25088 2009-10-26] (HTC, Corporation)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4994560 2009-08-18] (ATI Technologies Inc.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2011-09-29] (Broadcom Corporation)
3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
0 pavboot; C:\Windows\System32\Drivers\pavboot.sys [26696 2010-06-22] (Panda Security, S.L.)
2 PavProc; \??\C:\Windows\system32\DRIVERS\PavProc.sys [163848 2010-05-06] (Panda Security, S.L.)
3 Point32; C:\Windows\System32\DRIVERS\point32.sys [40984 2011-04-13] (Microsoft Corporation)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()
1 ShldDrv; C:\Windows\System32\DRIVERS\ShlDrv51.sys [37448 2011-02-21] (Panda Security, S.L.)
1 SLEE_17_DRIVER; \??\C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [33152 2008-01-16] (OEM)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated)
3 AvFlt; C:\Windows\System32\drivers\av5flt.sys [x]
3 catchme; \??\C:\Users\Saki\AppData\Local\Temp\catchme.sys [x]
3 F-Secure Standalone Minifilter; \??\C:\Users\Saki\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
3 PavSRK.sys; \??\C:\Windows\system32\PavSRK.sys [x]
3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-23 15:33 - 2011-12-23 15:34 - 0395875 ____A C:\Users\Saki\Desktop\MiniToolBox.exe
2011-12-23 02:51 - 2011-12-23 02:51 - 0000000 ____D C:\Users\All Users\Panda Software
2011-12-23 02:51 - 2011-12-23 02:51 - 0000000 ____D C:\ProgramData\Panda Software
2011-12-22 03:23 - 2011-12-22 03:23 - 0021163 ____A C:\ComboFix.txt
2011-12-22 02:32 - 2011-12-22 02:32 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-22 02:16 - 2011-12-22 03:25 - 0000000 ____D C:\Qoobox
2011-12-22 02:16 - 2011-12-22 03:25 - 0000000 ____D C:\ComboFix
2011-12-22 02:16 - 2011-12-22 02:39 - 0000000 ____D C:\Windows\ERDNT
2011-12-22 02:16 - 2011-06-26 07:45 - 0256000 ____A C:\Windows\PEV.exe
2011-12-22 02:16 - 2010-11-07 18:20 - 0208896 ____A C:\Windows\MBR.exe
2011-12-22 02:16 - 2009-04-20 05:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0098816 ____A C:\Windows\sed.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0080412 ____A C:\Windows\grep.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0068096 ____A C:\Windows\zip.exe
2011-12-21 19:09 - 2011-12-21 19:10 - 4347226 ____R (Swearware) C:\Users\Saki\Desktop\ComboFix.exe
2011-12-20 21:14 - 2011-12-23 02:27 - 0008627 ____A C:\Windows\System32\PAV_FOG.OPC
2011-12-20 20:53 - 2011-12-20 20:53 - 0000000 ____D C:\Users\Saki\AppData\Local\Panda Security
2011-12-20 20:51 - 2011-12-20 20:51 - 0000250 ____A C:\Windows\System32\PavCPL.dat
2011-12-20 20:51 - 2010-06-22 18:13 - 0026696 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot.sys
2011-12-20 20:50 - 2011-12-20 20:52 - 0000000 ____D C:\Users\All Users\Panda Security
2011-12-20 20:50 - 2011-12-20 20:52 - 0000000 ____D C:\ProgramData\Panda Security
2011-12-20 20:50 - 2011-12-20 20:51 - 0000000 ____D C:\Program Files\Panda Security
2011-12-20 20:50 - 2011-12-20 20:50 - 0000000 ____D C:\Windows\System32\PAV
2011-12-20 20:50 - 2011-12-20 20:50 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Panda Security
2011-12-20 20:50 - 2010-06-21 17:02 - 0193344 ____A (Panda Security, S.L.) C:\Windows\System32\TpUtil.dll
2011-12-20 20:50 - 2010-06-21 17:01 - 0520000 ____A (Panda Security, S.L.) C:\Windows\System32\PavSHook.dll
2011-12-20 20:50 - 2010-06-21 17:01 - 0087360 ____A (Panda Security, S.L.) C:\Windows\System32\PavLspHook.dll
2011-12-20 20:50 - 2010-06-21 17:01 - 0055616 ____A (Panda Security, S.L.) C:\Windows\System32\pavipc.dll
2011-12-20 20:50 - 2010-05-21 13:50 - 0054344 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\amm8660.sys
2011-12-20 20:50 - 2010-03-24 12:55 - 0055552 ____A (On-Access Anti-Malware Scanner Sync) C:\Windows\System32\avldr.dll
2011-12-20 20:50 - 2007-03-15 19:38 - 0054832 ____A (Panda Software) C:\Windows\System32\pavcpl.cpl
2011-12-20 20:50 - 2007-02-08 10:53 - 0107568 ____A (Panda Software) C:\Windows\System32\SYSTOOLS.DLL
2011-12-20 20:50 - 2003-10-22 18:23 - 0446464 ____A (eHelp Corporation.) C:\Windows\System32\HHActiveX.dll
2011-12-20 20:48 - 2011-12-20 20:48 - 0000000 ____D C:\Program Files\Common Files\Panda Security
2011-12-20 20:48 - 2011-02-21 14:38 - 0037448 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\ShlDrv51.sys
2011-12-20 20:48 - 2010-05-06 17:11 - 0163848 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\PavProc.sys
2011-12-20 20:45 - 2011-12-25 13:31 - 0001326 ____A C:\Windows\setupact.log
2011-12-20 20:45 - 2011-12-22 02:30 - 0001728 ____A C:\Windows\PFRO.log
2011-12-20 20:45 - 2011-12-20 20:45 - 0000000 ____A C:\Windows\setuperr.log
2011-12-20 20:19 - 2011-12-20 20:31 - 65244568 ____A C:\Users\Saki\Downloads\Panda_Antivirus_Pro_2012_AS.exe
2011-12-19 15:01 - 2011-12-19 15:01 - 0000162 ___AH C:\Users\Saki\Desktop\~$xte lesen, Texte schreiben.docx
2011-12-18 22:29 - 2011-12-18 22:29 - 3588742 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
2011-12-18 22:29 - 2011-12-18 22:29 - 3354365 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
2011-12-18 22:28 - 2011-12-18 22:28 - 0394381 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
2011-12-17 23:58 - 2011-12-17 23:58 - 0000162 ___AH C:\Users\Saki\Desktop\~$rkstatt für Flyer.docx
2011-12-15 21:58 - 2011-12-19 01:24 - 0023414 ____H C:\Users\Saki\Desktop\~WRL0928.tmp
2011-12-15 00:48 - 2011-11-04 00:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-15 00:48 - 2011-11-03 23:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-15 00:48 - 2011-11-03 23:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-15 00:48 - 2011-11-03 23:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-15 00:48 - 2011-11-03 23:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-15 00:48 - 2011-11-03 23:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-15 00:48 - 2011-11-03 23:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-15 00:48 - 2011-11-03 23:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-15 00:48 - 2011-11-03 23:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-15 00:48 - 2011-11-03 23:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-15 00:48 - 2011-11-03 23:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-15 00:48 - 2011-11-03 23:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 00:48 - 2011-11-03 23:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-14 15:09 - 2011-11-24 05:25 - 2342912 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-14 15:09 - 2011-11-05 05:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-14 15:08 - 2011-10-26 05:47 - 3967856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-12-14 15:08 - 2011-10-26 05:47 - 3912560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-12-14 15:08 - 2011-10-26 05:28 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-14 15:08 - 2011-10-15 06:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\Users\Saki\AppData\Local\Microsoft Help
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-13 00:24 - 2011-12-13 00:24 - 0001812 ____A C:\Users\Saki\Desktop\readme.txt
2011-12-13 00:24 - 2011-12-13 00:24 - 0000000 ____D C:\Users\Saki\AppData\Roaming\f-secure
2011-12-13 00:23 - 2011-12-13 00:23 - 0000000 ____D C:\Users\All Users\F-Secure
2011-12-13 00:23 - 2011-12-13 00:23 - 0000000 ____D C:\ProgramData\F-Secure
2011-12-13 00:17 - 2011-12-13 00:17 - 0000000 ____D C:\Windows\Sun
2011-12-11 15:54 - 2011-12-11 15:54 - 2322184 ____A (ESET) C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
2011-12-11 15:54 - 2011-12-11 15:54 - 0000000 ____D C:\Program Files\ESET
2011-12-09 19:11 - 2011-12-09 19:11 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-12-09 19:10 - 2011-08-31 17:00 - 0022216 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-09 19:06 - 2011-12-09 19:07 - 9852544 ____A (Malwarebytes Corporation                                    ) C:\Users\Saki\Downloads\mbam-setup-1.51.2.1300.exe
2011-12-09 19:03 - 2011-12-09 19:03 - 0005130 ____A C:\Users\Saki\Desktop\12092011_185841 OTL.txt
2011-12-09 18:58 - 2011-12-09 18:58 - 0000000 ____D C:\_OTL
2011-12-07 23:51 - 2010-03-09 22:23 - 51896296 ____A C:\Users\Saki\Downloads\Treffen sich zwei.mp3
2011-12-07 23:51 - 2009-09-25 17:35 - 0000217 ____A C:\Users\Saki\Downloads\WwW.RapidRise.Org.url
2011-12-07 23:51 - 2009-09-25 17:35 - 0000074 ____A C:\Users\Saki\Downloads\RapidRise - Powered by vBulletin.URL
2011-12-07 23:51 - 2009-09-11 19:58 - 0001557 ____A C:\Users\Saki\Downloads\Read Me.txt
2011-12-07 23:41 - 2011-12-07 23:48 - 54490424 ____A C:\Users\Saki\Downloads\IH-Tsz.by.RapidRise.org.rar
2011-12-07 15:21 - 2011-12-07 15:21 - 0004405 ____A C:\Users\Saki\Desktop\Gmer.text
2011-12-07 04:45 - 2011-12-07 04:45 - 0000000 ____A C:\Users\Saki\Desktop\Neues Textdokument.txt
2011-12-07 04:41 - 2011-12-07 04:41 - 0040296 ____A C:\Users\Saki\Desktop\Extras.Txt
2011-12-07 04:27 - 2011-12-07 04:40 - 0113472 ____A C:\Users\Saki\Desktop\OTL.Txt
2011-12-07 04:15 - 2011-12-07 04:18 - 0000470 ____A C:\Users\Saki\Desktop\defogger_disable.log
2011-12-07 04:15 - 2011-12-07 04:15 - 0000000 ____A C:\Users\Saki\defogger_reenable
2011-12-07 04:14 - 2011-12-07 04:15 - 0302592 ____A C:\Users\Saki\Desktop\0erz17xx.exe
2011-12-07 04:09 - 2011-12-07 04:10 - 0584192 ____A (OldTimer Tools) C:\Users\Saki\Desktop\OTL.exe
2011-12-07 04:09 - 2011-12-07 04:09 - 0050477 ____A C:\Users\Saki\Desktop\Defogger.exe
2011-12-02 22:51 - 2011-12-02 22:51 - 0015051 ____A C:\Users\Saki\Desktop\Werkstatt für Flyer.docx
2011-12-02 22:30 - 2011-12-02 22:30 - 0000000 ___RD C:\MSOCache
2011-11-30 00:04 - 2011-11-30 00:04 - 0029562 ____A C:\Users\Saki\Downloads\384451_10150469359164553_108707184552_10268136_699777210_n.jpg
2011-11-25 23:51 - 2011-12-03 12:37 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2011-11-25 23:51 - 2011-12-03 12:37 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2011-11-25 00:13 - 2011-12-21 19:14 - 0000000 ____D C:\Users\Saki\AppData\Roaming\SoftGrid Client
2011-11-25 00:13 - 2011-11-25 00:13 - 0000000 ____D C:\Users\Saki\AppData\Local\SoftGrid Client
2011-11-25 00:00 - 2011-11-25 12:33 - 0000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2011-11-25 00:00 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Microsoft Office
2011-11-25 00:00 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Common Files\DESIGNER


============ 3 Months Modified Files and Folders ===============

2011-12-25 16:23 - 2011-12-25 16:23 - 0000000 ____D C:\FRST
2011-12-25 16:08 - 2011-09-07 13:35 - 1431611 ____A C:\Windows\WindowsUpdate.log
2011-12-25 13:38 - 2009-07-14 05:34 - 0014928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-25 13:38 - 2009-07-14 05:34 - 0014928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-25 13:32 - 2011-10-09 14:07 - 0000000 ____D C:\Users\Saki\AppData\Local\Htc
2011-12-25 13:31 - 2011-12-20 20:45 - 0001326 ____A C:\Windows\setupact.log
2011-12-25 13:31 - 2011-09-29 22:57 - 0000000 ____D C:\Users\All Users\PDFC
2011-12-25 13:31 - 2011-09-29 22:57 - 0000000 ____D C:\ProgramData\PDFC
2011-12-25 13:31 - 2010-09-22 19:15 - 1875763200 __ASH C:\hiberfil.sys
2011-12-25 13:31 - 2009-07-14 05:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-23 15:35 - 2010-09-22 19:53 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-12-23 15:34 - 2011-12-23 15:33 - 0395875 ____A C:\Users\Saki\Desktop\MiniToolBox.exe
2011-12-23 02:51 - 2011-12-23 02:51 - 0000000 ____D C:\Users\All Users\Panda Software
2011-12-23 02:51 - 2011-12-23 02:51 - 0000000 ____D C:\ProgramData\Panda Software
2011-12-23 02:27 - 2011-12-20 21:14 - 0008627 ____A C:\Windows\System32\PAV_FOG.OPC
2011-12-22 03:25 - 2011-12-22 02:16 - 0000000 ____D C:\Qoobox
2011-12-22 03:25 - 2011-12-22 02:16 - 0000000 ____D C:\ComboFix
2011-12-22 03:24 - 2009-07-14 03:37 - 0000000 __RHD C:\users\Default
2011-12-22 03:24 - 2009-07-14 03:37 - 0000000 ___RD C:\users\Public
2011-12-22 03:23 - 2011-12-22 03:23 - 0021163 ____A C:\ComboFix.txt
2011-12-22 02:39 - 2011-12-22 02:16 - 0000000 ____D C:\Windows\ERDNT
2011-12-22 02:32 - 2011-12-22 02:32 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-22 02:32 - 2009-07-14 03:04 - 0000215 ____A C:\Windows\system.ini
2011-12-22 02:32 - 2009-07-14 03:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2011-12-22 02:30 - 2011-12-20 20:45 - 0001728 ____A C:\Windows\PFRO.log
2011-12-21 19:14 - 2011-11-25 00:13 - 0000000 ____D C:\Users\Saki\AppData\Roaming\SoftGrid Client
2011-12-21 19:10 - 2011-12-21 19:09 - 4347226 ____R (Swearware) C:\Users\Saki\Desktop\ComboFix.exe
2011-12-21 00:48 - 2010-06-08 19:59 - 2138488 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-20 20:53 - 2011-12-20 20:53 - 0000000 ____D C:\Users\Saki\AppData\Local\Panda Security
2011-12-20 20:53 - 2009-07-14 03:04 - 0000460 ____A C:\Windows\win.ini
2011-12-20 20:52 - 2011-12-20 20:50 - 0000000 ____D C:\Users\All Users\Panda Security
2011-12-20 20:52 - 2011-12-20 20:50 - 0000000 ____D C:\ProgramData\Panda Security
2011-12-20 20:51 - 2011-12-20 20:51 - 0000250 ____A C:\Windows\System32\PavCPL.dat
2011-12-20 20:51 - 2011-12-20 20:50 - 0000000 ____D C:\Program Files\Panda Security
2011-12-20 20:50 - 2011-12-20 20:50 - 0000000 ____D C:\Windows\System32\PAV
2011-12-20 20:50 - 2011-12-20 20:50 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Panda Security
2011-12-20 20:50 - 2011-05-24 15:42 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-12-20 20:48 - 2011-12-20 20:48 - 0000000 ____D C:\Program Files\Common Files\Panda Security
2011-12-20 20:45 - 2011-12-20 20:45 - 0000000 ____A C:\Windows\setuperr.log
2011-12-20 20:34 - 2010-10-22 22:18 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2011-12-20 20:31 - 2011-12-20 20:19 - 65244568 ____A C:\Users\Saki\Downloads\Panda_Antivirus_Pro_2012_AS.exe
2011-12-20 20:15 - 2011-02-18 21:47 - 0000000 ____D C:\Windows\Minidump
2011-12-20 20:15 - 2010-10-03 23:57 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-12-20 20:15 - 2010-10-03 23:57 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-12-19 15:01 - 2011-12-19 15:01 - 0000162 ___AH C:\Users\Saki\Desktop\~$xte lesen, Texte schreiben.docx
2011-12-19 14:43 - 2010-11-29 00:02 - 0000000 ____D C:\Users\Saki\Documents\Haus
2011-12-19 14:11 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\rescache
2011-12-19 01:24 - 2011-12-15 21:58 - 0023414 ____H C:\Users\Saki\Desktop\~WRL0928.tmp
2011-12-18 22:29 - 2011-12-18 22:29 - 3588742 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
2011-12-18 22:29 - 2011-12-18 22:29 - 3354365 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
2011-12-18 22:28 - 2011-12-18 22:28 - 0394381 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
2011-12-17 23:58 - 2011-12-17 23:58 - 0000162 ___AH C:\Users\Saki\Desktop\~$rkstatt für Flyer.docx
2011-12-15 14:07 - 2009-07-14 05:33 - 0301080 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-15 14:06 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\el-GR
2011-12-15 14:06 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\de-DE
2011-12-15 00:48 - 2010-06-08 20:04 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-14 11:50 - 2011-10-04 17:09 - 0000000 ____D C:\Users\Saki\Desktop\Lefkada
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\Users\Saki\AppData\Local\Microsoft Help
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-13 12:05 - 2010-09-22 19:20 - 0000000 ____D C:\users\Saki
2011-12-13 00:24 - 2011-12-13 00:24 - 0001812 ____A C:\Users\Saki\Desktop\readme.txt
2011-12-13 00:24 - 2011-12-13 00:24 - 0000000 ____D C:\Users\Saki\AppData\Roaming\f-secure
2011-12-13 00:23 - 2011-12-13 00:23 - 0000000 ____D C:\Users\All Users\F-Secure
2011-12-13 00:23 - 2011-12-13 00:23 - 0000000 ____D C:\ProgramData\F-Secure
2011-12-13 00:17 - 2011-12-13 00:17 - 0000000 ____D C:\Windows\Sun
2011-12-11 15:54 - 2011-12-11 15:54 - 2322184 ____A (ESET) C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
2011-12-11 15:54 - 2011-12-11 15:54 - 0000000 ____D C:\Program Files\ESET
2011-12-11 15:50 - 2011-03-23 00:11 - 0000000 ____D C:\Program Files\Opera
2011-12-09 19:29 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\ModemLogs
2011-12-09 19:11 - 2011-12-09 19:11 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-12-09 19:07 - 2011-12-09 19:06 - 9852544 ____A (Malwarebytes Corporation                                    ) C:\Users\Saki\Downloads\mbam-setup-1.51.2.1300.exe
2011-12-09 19:03 - 2011-12-09 19:03 - 0005130 ____A C:\Users\Saki\Desktop\12092011_185841 OTL.txt
2011-12-09 18:58 - 2011-12-09 18:58 - 0000000 ____D C:\_OTL
2011-12-08 00:34 - 2011-11-06 15:23 - 0000000 ____D C:\Users\Saki\Desktop\Uni
2011-12-07 23:48 - 2011-12-07 23:41 - 54490424 ____A C:\Users\Saki\Downloads\IH-Tsz.by.RapidRise.org.rar
2011-12-07 15:21 - 2011-12-07 15:21 - 0004405 ____A C:\Users\Saki\Desktop\Gmer.text
2011-12-07 04:45 - 2011-12-07 04:45 - 0000000 ____A C:\Users\Saki\Desktop\Neues Textdokument.txt
2011-12-07 04:41 - 2011-12-07 04:41 - 0040296 ____A C:\Users\Saki\Desktop\Extras.Txt
2011-12-07 04:40 - 2011-12-07 04:27 - 0113472 ____A C:\Users\Saki\Desktop\OTL.Txt
2011-12-07 04:18 - 2011-12-07 04:15 - 0000470 ____A C:\Users\Saki\Desktop\defogger_disable.log
2011-12-07 04:15 - 2011-12-07 04:15 - 0000000 ____A C:\Users\Saki\defogger_reenable
2011-12-07 04:15 - 2011-12-07 04:14 - 0302592 ____A C:\Users\Saki\Desktop\0erz17xx.exe
2011-12-07 04:10 - 2011-12-07 04:09 - 0584192 ____A (OldTimer Tools) C:\Users\Saki\Desktop\OTL.exe
2011-12-07 04:09 - 2011-12-07 04:09 - 0050477 ____A C:\Users\Saki\Desktop\Defogger.exe
2011-12-07 03:30 - 2010-11-12 11:26 - 0000000 ____D C:\Users\Saki\Documents\Geschäft
2011-12-07 03:17 - 2011-11-10 15:17 - 0000000 ____D C:\Users\Saki\Desktop\DownL
2011-12-05 14:33 - 2011-11-10 14:33 - 0000000 ____D C:\Program Files\JDownloader
2011-12-03 12:37 - 2011-11-25 23:51 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2011-12-03 12:37 - 2011-11-25 23:51 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2011-12-02 22:51 - 2011-12-02 22:51 - 0015051 ____A C:\Users\Saki\Desktop\Werkstatt für Flyer.docx
2011-12-02 22:30 - 2011-12-02 22:30 - 0000000 ___RD C:\MSOCache
2011-12-02 22:26 - 2009-07-14 03:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-11-30 00:04 - 2011-11-30 00:04 - 0029562 ____A C:\Users\Saki\Downloads\384451_10150469359164553_108707184552_10268136_699777210_n.jpg
2011-11-25 12:33 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2011-11-25 00:13 - 2011-11-25 00:13 - 0000000 ____D C:\Users\Saki\AppData\Local\SoftGrid Client
2011-11-25 00:03 - 2011-11-24 23:55 - 0000000 ____D C:\Users\Saki\AppData\Roaming\TP
2011-11-25 00:00 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Microsoft Office
2011-11-25 00:00 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Common Files\DESIGNER
2011-11-24 23:54 - 2011-11-24 23:54 - 1633168 ____A (Microsoft Corporation) C:\Users\Saki\Downloads\setupOfficeStarter.exe
2011-11-24 05:25 - 2011-12-14 15:09 - 2342912 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 21:32 - 2011-11-23 21:32 - 0000000 ____D C:\Program Files\vShare
2011-11-23 21:32 - 2011-11-23 21:29 - 0000000 ____D C:\Users\Saki\Downloads\vshare-plugin
2011-11-23 21:32 - 2010-09-22 19:21 - 0000000 ____D C:\Users\Saki\AppData\LocalLow
2011-11-23 21:27 - 2011-11-23 21:27 - 0092564 ____A C:\Users\Saki\Downloads\vshare-plugin.zip
2011-11-22 18:04 - 2011-08-28 11:11 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Apple Computer
2011-11-22 11:53 - 2011-11-22 11:52 - 0000000 ____D C:\Program Files\QuickTime
2011-11-22 11:52 - 2011-11-22 11:52 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-11-22 11:52 - 2011-11-22 11:52 - 0000000 ____D C:\ProgramData\Apple Computer
2011-11-21 18:13 - 2010-12-08 21:15 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Winamp
2011-11-20 12:58 - 2011-11-20 12:58 - 0000497 ____A C:\Users\Saki\Desktop\Windows-Firewall - Verknüpfung.lnk
2011-11-19 22:21 - 2011-11-19 22:21 - 3462033 ____A C:\Users\Saki\Downloads\pci_filerecovery.exe
2011-11-19 22:21 - 2011-11-19 22:21 - 0000000 ____D C:\Program Files\Convar
2011-11-19 22:21 - 2011-11-19 22:20 - 3462033 ____A C:\Users\Saki\Desktop\pci_filerecovery.exe.part
2011-11-16 00:39 - 2011-04-06 18:28 - 0000000 ____D C:\Users\Saki\.gimp-2.6
2011-11-16 00:31 - 2011-11-16 00:31 - 0000887 ____A C:\Users\Saki\.recently-used.xbel
2011-11-13 16:05 - 2011-11-13 16:05 - 4040793 ____A C:\Users\Saki\Desktop\WiPo.pdf
2011-11-13 15:33 - 2011-11-13 15:32 - 0000000 ____D C:\Users\Saki\AppData\Local\{5AC501DC-7123-43B2-8A0A-BB4430355244}
2011-11-12 01:33 - 2011-11-12 01:33 - 0000000 ____D C:\Program Files\Common Files\Java
2011-11-12 01:32 - 2011-11-12 01:31 - 0003177 ____A C:\Windows\System32\jupdate-1.6.0_29-b11.log
2011-11-12 01:32 - 2011-07-03 20:54 - 0000000 ____D C:\Program Files\Java
2011-11-11 20:45 - 2011-05-20 12:16 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-11-10 14:35 - 2011-11-10 14:28 - 0000213 ____A C:\Users\Saki\Downloads\error.log
2011-11-10 14:27 - 2011-11-10 14:23 - 26685568 ____A (AppWork GmbH) C:\Users\Saki\Downloads\JDownloaderSetup.exe
2011-11-10 00:50 - 2009-07-14 03:37 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-06 15:33 - 2010-09-24 01:37 - 0000000 ____D C:\Users\Saki\HTC Desire
2011-11-06 15:31 - 2011-11-06 15:31 - 0000000 ____D C:\Users\Saki\Documents\Bewerbungen
2011-11-05 05:26 - 2011-12-14 15:09 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 00:02 - 2011-12-15 00:48 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 23:47 - 2011-12-15 00:48 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 23:46 - 2011-12-15 00:48 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 23:40 - 2011-12-15 00:48 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 23:40 - 2011-12-15 00:48 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 23:39 - 2011-12-15 00:48 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 23:38 - 2011-12-15 00:48 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 23:37 - 2011-12-15 00:48 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 23:34 - 2011-12-15 00:48 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 23:32 - 2011-12-15 00:48 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 23:32 - 2011-12-15 00:48 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 23:31 - 2011-12-15 00:48 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 23:28 - 2011-12-15 00:48 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 20:32 - 2011-11-03 20:31 - 0000000 ____D C:\Users\Saki\AppData\Local\{500D59A8-CE64-4A57-9903-8E08851301BB}
2011-11-03 00:29 - 2009-07-14 05:53 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-26 05:47 - 2011-12-14 15:08 - 3967856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-10-26 05:47 - 2011-12-14 15:08 - 3912560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-10-26 05:28 - 2011-12-14 15:08 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-24 21:39 - 2011-10-24 21:18 - 0000000 ____D C:\Program Files\Signal Iduna
2011-10-24 14:29 - 2011-10-24 14:29 - 0094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2011-10-24 14:29 - 2011-10-24 14:29 - 0069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2011-10-23 22:24 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\NDF
2011-10-23 11:55 - 2011-10-23 11:55 - 6409759 ____A C:\Users\Saki\Desktop\gapps-gb-20110828-signed.zip
2011-10-23 11:14 - 2011-10-23 11:12 - 0000000 ____D C:\Users\Saki\Desktop\Backup HTC Okrober 2011
2011-10-17 19:06 - 2011-03-17 01:30 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-10-17 19:06 - 2010-09-28 12:02 - 0000000 ____D C:\Users\All Users\Adobe
2011-10-17 19:06 - 2010-09-28 12:02 - 0000000 ____D C:\ProgramData\Adobe
2011-10-17 11:19 - 2011-10-17 11:19 - 0109285 ____A C:\Users\Saki\Documents\Studienordnung.pdf
2011-10-15 06:38 - 2011-12-14 15:08 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-14 11:23 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Microsoft.NET
2011-10-09 14:07 - 2010-09-28 15:37 - 0000000 ____D C:\Users\Saki\AppData\Roaming\HTC
2011-10-09 13:29 - 2010-09-28 12:02 - 0000000 ____D C:\Users\Saki\AppData\Local\Downloaded Installations
2011-10-09 13:29 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-10-09 13:28 - 2010-09-28 12:02 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2011-10-03 05:06 - 2011-11-12 01:32 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-10-03 05:06 - 2011-11-12 01:32 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-10-03 05:06 - 2011-11-12 01:32 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-10-03 05:06 - 2010-09-28 15:56 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2011-10-02 22:33 - 2011-10-02 22:33 - 0000000 ____D C:\Users\Saki\Downloads\bewerbung
2011-10-02 22:32 - 2011-10-02 22:32 - 0182502 ____A C:\Users\Saki\Downloads\bewerbung.zip
2011-09-30 18:51 - 2011-09-30 18:50 - 0000000 ____D C:\Users\Saki\Desktop\backup 1. okt 2011 - desire
2011-09-30 13:32 - 2011-09-30 13:28 - 87585415 ____A C:\Users\Saki\Desktop\update-cm-7.0.3-Desire-signed.zip
2011-09-30 12:42 - 2011-09-30 12:42 - 0000000 ____D C:\Users\Saki\AppData\Local\PDFC
2011-09-29 23:15 - 2011-09-29 23:09 - 0000000 ____D C:\Program Files\IDT
2011-09-29 23:09 - 2011-09-29 23:06 - 107683168 ____A (Hewlett Packard                                             ) C:\Users\Saki\Downloads\sp45278.exe
2011-09-29 23:09 - 2011-05-24 15:41 - 0000000 ____D C:\swsetup
2011-09-29 23:08 - 2011-09-29 23:08 - 0000000 ____D C:\Windows\Options
2011-09-29 23:08 - 2011-05-24 15:49 - 0000000 ____D C:\Program Files\LSI SoftModem
2011-09-29 23:07 - 2011-09-29 23:07 - 5989496 ____A (Hewlett-Packard Company                                     ) C:\Users\Saki\Downloads\sp45228.exe
2011-09-29 23:07 - 2011-09-29 23:06 - 28662688 ____A (Hewlett Packard                                             ) C:\Users\Saki\Downloads\sp45137.exe
2011-09-29 23:05 - 2011-09-29 23:04 - 0000000 ____D C:\Windows\Hewlett-Packard
2011-09-29 23:02 - 2011-09-29 23:02 - 0000000 ____D C:\Program Files\Cisco
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\zh-TW
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\zh-HK
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\zh-CN
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\tr-TR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\th-TH
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\sv-SE
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\sl-SI
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\sk-SK
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ru-RU
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ro-RO
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\pt-PT
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\pt-BR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\pl-PL
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\nl-NL
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\nb-NO
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\lv-LV
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\lt-LT
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ko-KR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ja-JP
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\it-IT
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\hu-HU
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\hr-HR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\he-IL
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\fr-FR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\fi-FI
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\et-EE
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\bg-BG
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ar-SA
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Help
2011-09-29 23:01 - 2011-09-29 23:01 - 0998786 ____A C:\Windows\System32\oem32.inf
2011-09-29 23:00 - 2011-09-29 23:00 - 0000000 ____D C:\Windows\System32\vs08
2011-09-29 22:59 - 2011-09-29 23:00 - 7027200 ____A (Broadcom Corporation) C:\Windows\System32\BCMWLCPL.CPL
2011-09-29 22:59 - 2011-09-29 23:00 - 4190208 ____A (Broadcom Corporation) C:\Windows\System32\bcmttls.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 3866624 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvsrv.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 3555328 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvui.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 2682880 ____A (Microsoft Corporation) C:\Windows\System32\vcredist_x86.exe
2011-09-29 22:59 - 2011-09-29 23:00 - 2661368 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\BCMWL6.SYS
2011-09-29 22:59 - 2011-09-29 23:00 - 0953856 ____A (Broadcom Corporation) C:\Windows\System32\BCMLogon.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0091376 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlcoi.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0057344 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlrmt.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0051712 ____A (Broadcom Corporation) C:\Windows\System32\wltrynt.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0018424 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\bcm42rly.sys
2011-09-29 22:59 - 2011-09-29 23:00 - 0006656 ____A C:\Windows\System32\bcmwlrc.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0000457 ____A C:\Windows\System32\vcredist_x86.bat
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\Users\Saki\AppData\Roaming\InstallShield
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\Users\All Users\Uninstall
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\ProgramData\Uninstall
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\Program Files\Common Files\Roxio Shared
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\Program Files\Broadcom
2011-09-29 22:59 - 2011-05-24 15:42 - 0000000 ____D C:\Program Files\Hewlett-Packard
2011-09-29 22:58 - 2011-09-29 22:58 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Roxio Log Files
2011-09-29 22:58 - 2011-09-29 22:28 - 0000000 ____D C:\system.sav
2011-09-29 22:57 - 2011-09-29 22:57 - 0000000 ____D C:\Program Files\PDF Complete
2011-09-29 22:28 - 2011-09-29 22:28 - 0000000 _RASH C:\Windows\System32\Drivers\103C_HP_bNB_615_Y5336AN_0U_QCNU9260M93_EU_4A_I308C_SHP_V27.06_B68GVV F.02_T090617_W71-1_L407_M1789_J320_7AMD_8F31_92.20_#110929_N14E44315;11AB4357_(NX562EA#ABD)_XMOBILE_CN10_Z_2F.02_G10029612.MRK
2011-09-29 22:26 - 2011-09-29 22:24 - 43109320 ____A (Hewlett-Packard Company                                     ) C:\Users\Saki\Downloads\Compaq Wireless Lan update.exe
2011-09-29 22:26 - 2011-09-29 22:24 - 32461280 ____A (Hewlett-Packard                                             ) C:\Users\Saki\Downloads\HP webcam sofware.exe
2011-09-29 22:25 - 2011-09-29 22:25 - 2917080 ____A (Hewlett-Packard Company                                     ) C:\Users\Saki\Downloads\Compaq 123.exe
2011-09-29 22:24 - 2011-09-29 22:23 - 24720024 ____A (Hewlett-Packard Company                                     ) C:\Users\Saki\Downloads\Compaq PDF Complete.exe
2011-09-29 22:23 - 2011-09-29 22:23 - 1528760 ____A (Hewlett-Packard                                             ) C:\Users\Saki\Downloads\COmpaq Diagnosesofware.exe
2011-09-29 22:22 - 2011-09-29 22:22 - 2273544 ____A (Hewlett-Packard Company                                     ) C:\Users\Saki\Downloads\Compaq BIOS UPDATE.exe
2011-09-29 22:22 - 2011-09-29 22:21 - 16465992 ____A (Hewlett-Packard Company                                     ) C:\Users\Saki\Downloads\Compaq Updatessp50370.exe
2011-09-29 17:03 - 2011-11-09 15:34 - 1290608 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-27 15:27 - 2011-09-27 15:23 - 0000000 ____D C:\Users\Saki\Desktop\Desire Backup September 2011

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 1788.87 MB
Available physical RAM: 1394 MB
Total Pagefile: 1788.87 MB
Available Pagefile: 1394.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:146.39 GB) (Free:69.36 GB) NTFS
2 Drive e: () (Fixed) (Total:151.6 GB) (Free:19.91 GB) NTFS
4 Drive g: (USB DISK) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components]

  Datentr„ger ###  Status         Gr”áe    Frei     Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          298 GB      0 B         
  Datentr„ger 1    Online         1912 MB      0 B         

Datentr„gerpartitionierung wird beendet...


==========================================================

Last Boot: 2011-12-22 03:54

======================= End Of Log ==========================
         
Gruß

Alt 25.12.2011, 18:26   #24
Larusso
/// Selecta Jahrusso
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Auch clean.

Machen wir mal einen "sauberen" Systemstart.


Drücke bitte die Windows + R Taste --> msconfig ( eingeben ) --> OK --> Reiter Dienste.
Setze einen Hacken bei Alle Microsoft Dienste ausblenden und klicke auf Alle deaktivieren.

Starte den Rechner neu auf um die Änderung zu bestätigen.
Teile mir bitte mit, ob diese Meldung noch bei weiteren Shutdowns auftritt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 25.12.2011, 19:01   #25
riera77
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Gemacht.
Meldung erscheint jetzt für ca. eine halbe Sekunde, fährt aber von alleine herunter.

Alt 25.12.2011, 21:35   #26
Larusso
/// Selecta Jahrusso
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Schließe alle laufenden Programme.
Starte bitte OTL und klicke den Quick Scan Button.


Poste die OTL.txt bitte hier
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 26.12.2011, 00:37   #27
riera77
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



so, gerade nach hause gekommen und ein paar mal heruntergefahren. diese "schließen erzwingen" maske scheint nicht mehr da zu sein.

hier die otl
Code:
ATTFilter
OTL logfile created on: 26.12.2011 00:31:11 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 72,08% Memory free
3,49 Gb Paging File | 2,74 Gb Available in Paging File | 78,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,34 Gb Free Space | 47,37% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,91 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.13 17:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 11:01:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.14 10:03:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.14 16:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe -- (TPSrv)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.10.20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010.06.04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
SRV - [2008.06.19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.02.21 14:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010.05.21 13:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010.05.06 17:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 00:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2011.12.24 15:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2010.12.01 22:24:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011.11.15 23:31:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.12.19 18:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\11-suche.xml
[2011.12.19 18:22:46 | 000,002,419 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:22:45 | 000,010,525 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\gmx-suche.xml
[2011.12.14 17:50:39 | 000,001,854 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.12.19 18:22:46 | 000,002,457 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\lastminute.xml
[2011.12.19 18:22:45 | 000,005,508 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\webde-suche.xml
[2011.12.26 00:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.12.26 00:28:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.22 02:32:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.25 16:23:16 | 000,000,000 | ---D | C] -- C:\FRST
[2011.12.23 02:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2011.12.22 03:24:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.22 02:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.22 02:30:03 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\temp
[2011.12.22 02:16:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.22 02:16:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.22 02:16:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.22 02:16:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.22 02:16:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.22 02:16:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.21 19:09:18 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.20 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Panda Security
[2011.12.20 20:51:46 | 000,026,696 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011.12.20 20:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011.12.20 20:50:52 | 000,054,832 | ---- | C] (Panda Software) -- C:\Windows\System32\pavcpl.cpl
[2011.12.20 20:50:35 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\System32\HHActiveX.dll
[2011.12.20 20:50:33 | 000,520,000 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavSHook.dll
[2011.12.20 20:50:33 | 000,193,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\TpUtil.dll
[2011.12.20 20:50:33 | 000,107,568 | ---- | C] (Panda Software) -- C:\Windows\System32\SYSTOOLS.DLL
[2011.12.20 20:50:33 | 000,087,360 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavLspHook.dll
[2011.12.20 20:50:33 | 000,055,616 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\pavipc.dll
[2011.12.20 20:50:31 | 000,055,552 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\Windows\System32\avldr.dll
[2011.12.20 20:50:31 | 000,054,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\amm8660.sys
[2011.12.20 20:50:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\PAV
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Panda Security
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011.12.20 20:48:57 | 000,163,848 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PavProc.sys
[2011.12.20 20:48:57 | 000,037,448 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\ShlDrv51.sys
[2011.12.20 20:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Microsoft Help
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.12.13 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.12.13 00:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.13 00:17:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.11 15:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.11 15:54:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.09 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Malwarebytes
[2011.12.09 19:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.09 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.09 19:10:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.09 18:58:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.07 04:09:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.02 22:30:09 | 000,000,000 | R--D | C] -- C:\MSOCache
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.26 00:29:52 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 00:29:52 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 00:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.26 00:22:27 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.23 15:34:02 | 000,395,875 | ---- | M] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.23 02:27:01 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.22 02:32:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.21 19:10:07 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.21 00:48:12 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 00:48:12 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 00:48:12 | 000,552,214 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011.12.21 00:48:12 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 00:48:12 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 00:48:12 | 000,089,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011.12.20 20:51:59 | 000,000,250 | ---- | M] () -- C:\Windows\System32\PavCPL.dat
[2011.12.18 22:29:08 | 003,588,742 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:01 | 003,354,365 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:56 | 000,394,381 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.15 14:07:41 | 000,301,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.11 15:54:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.07 15:21:33 | 000,004,405 | ---- | M] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:57 | 000,302,592 | ---- | M] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:15:42 | 000,000,000 | ---- | M] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.07 04:09:44 | 000,050,477 | ---- | M] () -- C:\Users\Saki\Desktop\Defogger.exe
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.23 15:33:58 | 000,395,875 | ---- | C] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.22 02:16:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.22 02:16:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.22 02:16:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.22 02:16:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.22 02:16:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.20 21:14:24 | 000,008,627 | ---- | C] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.20 20:51:59 | 000,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2011.12.18 22:29:06 | 003,588,742 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:00 | 003,354,365 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:47 | 000,394,381 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.07 15:21:32 | 000,004,405 | ---- | C] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:42 | 000,000,000 | ---- | C] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:14:38 | 000,302,592 | ---- | C] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:09:33 | 000,050,477 | ---- | C] () -- C:\Users\Saki\Desktop\Defogger.exe
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,552,214 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,089,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,301,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.11.27 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Ashampoo
[2010.12.01 22:24:46 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.13 00:24:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.04.06 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\gtk-2.0
[2011.10.09 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC
[2011.04.27 15:36:18 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.03 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Nitro PDF
[2010.09.28 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\OpenOffice.org
[2011.03.23 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Opera
[2011.12.20 20:50:30 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Panda Security
[2011.04.06 18:25:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Scribus
[2011.05.28 15:13:06 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\ScummVM
[2011.12.21 19:14:42 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\SoftGrid Client
[2011.06.12 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Steganos
[2010.12.08 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\streamripper
[2011.11.25 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\TP
[2011.07.05 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Windows Live Writer
[2011.11.03 00:29:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
gruß

Alt 26.12.2011, 00:48   #28
Larusso
/// Selecta Jahrusso
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Gut, dann sehen wir mal.
Stelle bitte die Services via MsConfig wieder an.


Hast du während der Bereinigung zufällig Avira deinstalliert ? Wenn ja, warum.



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.



Bitte poste in deiner nächsten Antwort
OTL.txt
Extras.txt
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 27.12.2011, 23:47   #29
riera77
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Antivira habe ich gelöscht weil Panda es verlangt hat.

OTL
Code:
ATTFilter
OTL logfile created on: 27.12.2011 23:23:34 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,25% Memory free
3,49 Gb Paging File | 2,09 Gb Available in Paging File | 59,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,12 Gb Free Space | 47,22% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,91 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () -- C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
PRC - [2011.09.29 22:59:53 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.14 16:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
PRC - [2011.04.13 17:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
PRC - [2010.06.04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
PRC - [2010.05.28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe
PRC - [2010.03.05 13:05:52 | 000,065,280 | ---- | M] (Panda Security S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\avciman.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
PRC - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () -- C:\Windows\System32\FUSServices.exe
PRC - [2008.06.19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
PRC - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 11:01:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 11:01:40 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011.10.14 11:01:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 11:01:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
MOD - [2007.02.14 13:55:12 | 000,165,424 | ---- | M] () -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll
MOD - [2004.05.19 11:33:12 | 000,507,904 | ---- | M] () -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\LIBXML2.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.14 16:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe -- (TPSrv)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.10.20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010.06.04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
SRV - [2008.06.19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] --  -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] --  -- (AvFlt)
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.02.21 14:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010.05.21 13:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010.05.06 17:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 00:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2011.12.24 15:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2010.12.01 22:24:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011.11.15 23:31:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.12.19 18:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\11-suche.xml
[2011.12.19 18:22:46 | 000,002,419 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:22:45 | 000,010,525 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\gmx-suche.xml
[2011.12.14 17:50:39 | 000,001,854 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.12.19 18:22:46 | 000,002,457 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\lastminute.xml
[2011.12.19 18:22:45 | 000,005,508 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\webde-suche.xml
[2011.12.26 00:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.12.26 00:28:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.22 02:32:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.25 16:23:16 | 000,000,000 | ---D | C] -- C:\FRST
[2011.12.23 02:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2011.12.22 03:24:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.22 02:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.22 02:30:03 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\temp
[2011.12.22 02:16:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.22 02:16:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.22 02:16:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.22 02:16:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.22 02:16:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.22 02:16:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.21 19:09:18 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.20 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Panda Security
[2011.12.20 20:51:46 | 000,026,696 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011.12.20 20:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011.12.20 20:50:52 | 000,054,832 | ---- | C] (Panda Software) -- C:\Windows\System32\pavcpl.cpl
[2011.12.20 20:50:35 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\System32\HHActiveX.dll
[2011.12.20 20:50:33 | 000,520,000 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavSHook.dll
[2011.12.20 20:50:33 | 000,193,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\TpUtil.dll
[2011.12.20 20:50:33 | 000,107,568 | ---- | C] (Panda Software) -- C:\Windows\System32\SYSTOOLS.DLL
[2011.12.20 20:50:33 | 000,087,360 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavLspHook.dll
[2011.12.20 20:50:33 | 000,055,616 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\pavipc.dll
[2011.12.20 20:50:31 | 000,055,552 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\Windows\System32\avldr.dll
[2011.12.20 20:50:31 | 000,054,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\amm8660.sys
[2011.12.20 20:50:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\PAV
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Panda Security
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011.12.20 20:48:57 | 000,163,848 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PavProc.sys
[2011.12.20 20:48:57 | 000,037,448 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\ShlDrv51.sys
[2011.12.20 20:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2011.12.15 00:48:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.15 00:48:15 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.15 00:48:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.15 00:48:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.15 00:48:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.15 00:48:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 15:09:13 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 15:09:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 15:08:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 15:08:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 15:08:46 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 15:08:45 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Microsoft Help
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.12.13 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.12.13 00:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.13 00:17:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.11 15:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.11 15:54:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.09 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Malwarebytes
[2011.12.09 19:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.09 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.09 19:10:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.09 18:58:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.07 04:09:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.02 22:30:09 | 000,000,000 | R--D | C] -- C:\MSOCache
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 23:26:43 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 23:26:43 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 23:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.27 23:18:52 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.23 15:34:02 | 000,395,875 | ---- | M] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.23 02:27:01 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.22 02:32:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.21 19:10:07 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.21 00:48:12 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 00:48:12 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 00:48:12 | 000,552,214 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011.12.21 00:48:12 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 00:48:12 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 00:48:12 | 000,089,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011.12.20 20:51:59 | 000,000,250 | ---- | M] () -- C:\Windows\System32\PavCPL.dat
[2011.12.18 22:29:08 | 003,588,742 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:01 | 003,354,365 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:56 | 000,394,381 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.15 14:07:41 | 000,301,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.11 15:54:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.07 15:21:33 | 000,004,405 | ---- | M] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:57 | 000,302,592 | ---- | M] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:15:42 | 000,000,000 | ---- | M] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.07 04:09:44 | 000,050,477 | ---- | M] () -- C:\Users\Saki\Desktop\Defogger.exe
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.23 15:33:58 | 000,395,875 | ---- | C] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.22 02:16:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.22 02:16:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.22 02:16:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.22 02:16:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.22 02:16:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.20 21:14:24 | 000,008,627 | ---- | C] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.20 20:51:59 | 000,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2011.12.18 22:29:06 | 003,588,742 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:00 | 003,354,365 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:47 | 000,394,381 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.07 15:21:32 | 000,004,405 | ---- | C] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:42 | 000,000,000 | ---- | C] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:14:38 | 000,302,592 | ---- | C] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:09:33 | 000,050,477 | ---- | C] () -- C:\Users\Saki\Desktop\Defogger.exe
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,552,214 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,089,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,301,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >
         
Extra
Code:
ATTFilter
OTL Extras logfile created on: 27.12.2011 23:23:34 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,25% Memory free
3,49 Gb Paging File | 2,09 Gb Available in Paging File | 59,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,12 Gb Free Space | 47,22% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,91 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{753B874E-A0C0-47C5-9D8A-A8443384A93F}}" = Steganos Online-Banking 2011
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACE3E86-78B6-43A1-B104-E3F3006FC576}" = Companion Suite Pro LL2 Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDB5A8F-A163-4FD7-A8AE-E2695ACFEA90}" = Companion Suite Pro LL2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D7659F54-7502-4312-AA24-F103C92C26F5}" = ScanSoft PaperPort 11
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"AudibleManager" = AudibleManager
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeNotes2_is1" = Freebie Notes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete Special Edition
"Scribus 1.3.9" = Scribus 1.3.9
"ScummVM_is1" = ScummVM 1.2.1
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SopCast" = SopCast 3.3.2
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.12.2011 23:04:15 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.12.2011 08:47:39 | Computer Name = Saki-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 24.12.2011 12:03:48 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 12:05:47 | Computer Name = Saki-PC | Source = Sentinel | ID = 251722432
Description = Unexpected failure scanning file C:\PROGRAM FILES\NAVIGON\NAVIGON 
FRESH\BIN\QTWEBKIT4.DLL.    If the problem persists, please contact with support.
 
Error - 24.12.2011 12:08:26 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.12.2011 12:08:37 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 21:50:05 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 21:52:06 | Computer Name = Saki-PC | Source = Sentinel | ID = 251722432
Description = Unexpected failure scanning file C:\PROGRAM FILES\NAVIGON\NAVIGON 
FRESH\BIN\QTWEBKIT4.DLL.    If the problem persists, please contact with support.
 
Error - 24.12.2011 21:56:15 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.12.2011 21:56:23 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 27.12.2011 11:10:48 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:45 | Computer Name = Saki-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 27.12.2011 18:11:45 | Computer Name = Saki-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 8  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:19:06 | Computer Name = Saki-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 27.12.2011 18:19:06 | Computer Name = Saki-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         

Alt 28.12.2011, 00:43   #30
Larusso
/// Selecta Jahrusso
 
Starsear.ch nach Firefox-Plugin download - Standard

Starsear.ch nach Firefox-Plugin download



Deinstalliere bitte
Panda Antivirus Pro 2012



Ich sehe in den Logfiles keine laufende Anti Viren Software.

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.



Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 6 Update 30 ) herunter laden.
  • Wenn die installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.



Macht der Rechner noch Probleme ?
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Antwort

Themen zu Starsear.ch nach Firefox-Plugin download
adobe, antivir, autorun, avira, bho, c:\windows\system32\rundll32.exe, converter, curse, defender, e-banking, error, explorer, fehler, flash player, format, google, helper, install.exe, installation, langs, launch, locker, logfile, microsoft office starter 2010, monkey island, mp3, nicht gefunden, object, plug-in, problem, registry, required, richtlinie, rundll, safer networking, scan, security, starsear.ch, starsearch, startsearch, super, trojaner, webcheck, windows, windows-firewall




Ähnliche Themen: Starsear.ch nach Firefox-Plugin download


  1. Problem mit dem VLC web player plugin unter firefox
    Diskussionsforum - 20.12.2014 (5)
  2. Shockwave Plugin (Firefox & Explorer) stürzt ständig ab, Notebook hat kein Ton
    Plagegeister aller Art und deren Bekämpfung - 11.12.2014 (34)
  3. "plugin container for firefox funktioniert nicht mehr" Firefox schließt sich dann komplett
    Log-Analyse und Auswertung - 30.08.2014 (12)
  4. Nach Download, Firefox geht nicht mehr, Explorer läuft nicht richtig
    Log-Analyse und Auswertung - 27.03.2014 (11)
  5. "Download plugin for Windows" Pop-Up entfernen
    Anleitungen, FAQs & Links - 10.02.2014 (2)
  6. Nach versehentlichem Download öffnen sich im IE Firefox und Google Chrome Nation Zoom Seiten
    Plagegeister aller Art und deren Bekämpfung - 09.01.2014 (5)
  7. Windows 7: qv06 als Startseite/Tab im Mozilla Firefox (nach download von softonic)
    Plagegeister aller Art und deren Bekämpfung - 07.09.2013 (9)
  8. Instant Savings in Firefox - Flashplayer Plugin
    Log-Analyse und Auswertung - 19.08.2013 (32)
  9. Firefox stürzt ab nach ungewolltem Software download
    Plagegeister aller Art und deren Bekämpfung - 02.04.2013 (27)
  10. Firefox-Plugin plaudert besuchte URLs aus
    Nachrichten - 02.05.2012 (0)
  11. "Lexmark" sperrt Zugriff auf Webseiten über Firefox /OTL Download und Ausführung nach Anweisung
    Log-Analyse und Auswertung - 12.03.2012 (5)
  12. Firefox / plugin-container.exe - Absturz/ adobe flash player --> Problem
    Plagegeister aller Art und deren Bekämpfung - 24.02.2012 (8)
  13. Malware in Firefox PlugIn - Anzeige von Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 30.06.2010 (11)
  14. Mehrere Trojaner nach Download mit Firefox
    Plagegeister aller Art und deren Bekämpfung - 25.10.2009 (8)
  15. Nach Download Firefox Absturz, Trojanerfund und erhebl. Verlust Speicherkapazität
    Log-Analyse und Auswertung - 26.06.2008 (10)
  16. Quicktime-Plugin für Firefox?
    Alles rund um Windows - 12.04.2008 (5)
  17. Wie unsicher wird Firefox durch Java-Plugin?
    Alles rund um Windows - 22.02.2005 (5)

Zum Thema Starsear.ch nach Firefox-Plugin download - Okay, dann muss ich da doch nochmal bisschen tiefer rein. Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Es sollte nie auf eigene Initiative hin - Starsear.ch nach Firefox-Plugin download...
Archiv
Du betrachtest: Starsear.ch nach Firefox-Plugin download auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.