Hey DANKE MANN !! Ich mache die log files jetzt, vielleicht kann mans ja noch retten !!

Hi,

Win7, oder? Da läuft GMER leider nicht (Rootkirverdacht..)...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

Dr. Web:
http://www.trojaner-board.de/59299-a...eb-cureit.html

chris

Oh super nett Chris, ich denke schon drüber nach neu zu installieren alles, aber vielleicht kann man ja retten was noch geht...
mache gerade die log files, DANKE MANN !!!

OTL logfile created on: 01.02.2010 13:17:05 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Skully\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 7.52 Gb Free Space | 5.04% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 30.49 Gb Free Space | 13.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 465.76 Gb Total Space | 124.17 Gb Free Space | 26.66% Space Free | Partition Type: NTFS

Computer Name: SKULLY-PC
Current User Name: Skully
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Skully\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH)
PRC - C:\Program Files\cFosSpeed\cfosspeed.exe (cFos Software GmbH)
PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OO Software\CleverCache\ooccctrl.exe (O&O Software GmbH)
PRC - C:\Program Files\OO Software\CleverCache\ooccag.exe (O&O Software GmbH)
PRC - C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()


========== Modules (SafeList) ==========

MOD - C:\Users\Skully\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Program Files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_000\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (OO DiskImage) -- C:\Program Files\OO Software\DiskImage\oodiag.exe ()
SRV - (cFosSpeedS) -- C:\Program Files\cFosSpeed\spd.exe (cFos Software GmbH)
SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (TuneUp.Defrag) -- C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (Browser Defender Update Service) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe (Threat Expert Ltd.)
SRV - (sdCoreService) -- C:\Program Files\Spyware Doctor\pctsSvc.exe (PC Tools)
SRV - (Adobe LM Service) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (O&O CleverCache) -- C:\Program Files\OO Software\CleverCache\ooccag.exe (O&O Software GmbH)
SRV - (sdAuxService) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe (PC Tools)
SRV - (scan) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. http://www.bitdefender.com)
SRV - (O&O Defrag) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (PSI_SVC_2) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (PnkBstrA) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (AcronisOSSReinstallSvc) -- C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe ()
SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Trufos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (Profos) -- C:\Program Files\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (oodivdh) -- C:\Windows\system32\DRIVERS\oodivdh.sys (O&O Software GmbH)
DRV - (oodivd) -- C:\Windows\system32\DRIVERS\oodivd.sys (O&O Software GmbH)
DRV - (oodisrh) -- C:\Windows\system32\DRIVERS\oodisrh.sys (O&O Software GmbH)
DRV - (oodisr) -- C:\Windows\system32\DRIVERS\oodisr.sys (O&O Software GmbH)
DRV - (cFosSpeed) -- C:\Windows\System32\drivers\cfosspeed.sys (cFos Software GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (SASENUM) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (bdfwfpf) -- C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (PCTCore) -- C:\Windows\system32\drivers\PCTCore.sys (PC Tools)
DRV - (pcouffin) -- C:\Windows\System32\drivers\pcouffin.sys (VSO Software)
DRV - (BdfNdisf) -- C:\Windows\System32\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (BDVEDISK) -- C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (bdfsfltr) -- C:\Windows\system32\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\Windows\System32\drivers\RTKVAC.SYS (Realtek Semiconductor Corp.)
DRV - (VClone) -- C:\Windows\System32\drivers\VClone.sys (Elaborate Bytes AG)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (VCSVADHWSer) Avnex Virtual Audio Device (WDM) -- C:\Windows\System32\drivers\vcsvad.sys (Avnex)
DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (regi) -- C:\Windows\System32\drivers\regi.sys (InterVideo)
DRV - (ASPI32) -- C:\Windows\System32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com?o=15161&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ch.msn.com/default.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-ch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 58 1E B4 5C 71 1B CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: fsonlinescanner@f-secure.com:1.01
FF - prefs.js..keyword.URL: "http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.01.28 05:28:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.01.31 20:48:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.01.28 05:19:34 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.01.28 05:35:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2008.02.22 16:24:06 | 000,095,832 | ---- | M] ()
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010.01.28 05:28:47 | 000,000,000 | ---D | M]

[2009.12.16 13:58:22 | 000,000,000 | ---D | M] -- C:\Users\Skully\AppData\Roaming\mozilla\Extensions
[2009.12.16 13:58:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skully\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.01 12:09:57 | 000,000,000 | ---D | M] -- C:\Users\Skully\AppData\Roaming\mozilla\Firefox\Profiles\iw3ey186.default\extensions
[2009.12.14 12:27:49 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Skully\AppData\Roaming\mozilla\Firefox\Profiles\iw3ey186.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009.10.07 12:32:01 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Skully\AppData\Roaming\mozilla\Firefox\Profiles\iw3ey186.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.01.08 11:51:50 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Skully\AppData\Roaming\mozilla\Firefox\Profiles\iw3ey186.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009.10.25 12:01:39 | 000,000,000 | ---D | M] -- C:\Users\Skully\AppData\Roaming\mozilla\Firefox\Profiles\iw3ey186.default\extensions\anycolor.pavlos256@gmail.com
[2010.01.31 21:35:46 | 000,000,000 | ---D | M] -- C:\Users\Skully\AppData\Roaming\mozilla\Firefox\Profiles\iw3ey186.default\extensions\fsonlinescanner@f-secure.com
[2010.01.29 14:07:30 | 000,002,257 | ---- | M] () -- C:\Users\Skully\AppData\Roaming\Mozilla\FireFox\Profiles\iw3ey186.default\searchplugins\askcom.xml
[2010.02.01 11:06:36 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.10.19 18:59:44 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files\mozilla firefox\components\FFComm.dll
[2009.10.14 14:12:22 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2008.02.22 16:24:06 | 000,095,832 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPPDLicenseHelper.dll
[2010.01.16 02:15:29 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 02:15:29 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.16 02:15:29 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.16 02:15:29 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.16 02:15:29 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.01.30 23:36:32 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: 25 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.14 10:26:40 | 000,000,043 | R--- | M] () - G:\autorun.inf -- [ UDF ]
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- [2009.07.14 10:26:40 | 000,111,880 | R--- | M] (Microsoft Corporation)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.02.01 13:16:08 | 000,548,864 | ---- | C] (OldTimer Tools) -- C:\Users\Skully\Desktop\OTL.exe
[2010.02.01 13:13:25 | 000,329,910 | ---- | C] (Carsten Knobloch ) -- C:\Users\Skully\Desktop\Thundersave.exe
[2010.02.01 13:08:37 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2010.01.31 21:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.01.31 15:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.01.31 15:23:09 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010.01.31 15:23:09 | 000,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010.01.31 15:22:55 | 000,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010.01.31 15:22:54 | 000,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010.01.31 15:22:37 | 000,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010.01.31 15:21:39 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Roaming\PC Tools
[2010.01.31 10:55:45 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010.01.31 10:55:44 | 001,640,400 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010.01.31 10:55:44 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010.01.31 10:54:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010.01.31 10:54:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010.01.31 09:56:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.01.31 09:56:22 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2010.01.31 00:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.01.31 00:26:24 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010.01.30 23:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2010.01.30 23:42:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010.01.30 23:33:09 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Local\temp
[2010.01.30 22:59:44 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.01.30 22:59:44 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.01.30 22:59:44 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.01.30 22:59:17 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.01.30 22:58:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.01.28 05:29:27 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Roaming\BitDefender
[2010.01.28 05:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.01.28 05:28:38 | 000,000,000 | ---D | C] -- C:\Program Files\BitDefender
[2010.01.28 05:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
[2010.01.28 00:44:51 | 000,000,000 | ---D | C] -- C:\Users\Skully\DoctorWeb
[2010.01.28 00:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\DrWeb
[2010.01.27 11:03:46 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.01.26 09:52:29 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Local\FriendBlasterPro
[2010.01.26 09:49:58 | 000,000,000 | ---D | C] -- C:\FBPUpdate
[2010.01.26 09:48:47 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ComCtl32.ocx
[2010.01.26 09:48:46 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6STKIT.DLL
[2010.01.25 20:02:39 | 000,000,000 | ---D | C] -- C:\Users\Skully\Documents\Simply Super Software
[2010.01.25 19:59:32 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010.01.25 19:59:32 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Roaming\Simply Super Software
[2010.01.25 19:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.01.25 11:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.01.24 21:04:50 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Roaming\Spy Emergency
[2010.01.24 21:04:24 | 000,000,000 | ---D | C] -- C:\ProgramData\NETGATE
[2010.01.24 11:38:35 | 000,043,008 | ---- | C] (Realtek Semiconductor Corporation ) -- C:\Windows\System32\drivers\Rtnicxp.sys
[2010.01.24 11:38:34 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2010.01.24 11:35:16 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation
[2010.01.24 11:33:39 | 011,586,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.01.24 11:33:39 | 000,068,200 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.01.24 11:33:39 | 000,010,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.01.24 11:33:36 | 014,924,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.01.24 11:33:36 | 002,243,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.01.24 11:33:32 | 011,639,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.01.24 11:33:32 | 004,077,672 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.01.24 11:33:32 | 004,061,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.01.24 11:33:32 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod189.dll
[2010.01.24 11:33:32 | 000,182,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.01.24 11:24:03 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2010.01.24 11:22:31 | 000,256,512 | ---- | C] (Alexander Roshal) -- C:\Windows\System32\RarLng.dll
[2010.01.23 21:34:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Pro
[2010.01.23 18:40:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.01.22 22:09:03 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Roaming\Screaming Bee
[2010.01.22 22:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010.01.22 21:45:28 | 000,000,000 | ---D | C] -- C:\AV_LOGS
[2010.01.22 21:43:50 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Roaming\Avnex
[2010.01.22 21:43:39 | 000,017,792 | ---- | C] (Avnex) -- C:\Windows\System32\drivers\vcsvad.sys
[2010.01.22 15:50:55 | 000,000,000 | ---D | C] -- C:\Program Files\BayGenie
[2010.01.22 08:56:38 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.22 08:56:37 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.01.21 15:14:00 | 000,000,000 | ---D | C] -- C:\Users\Skully\Desktop\cFosSpeed Trial Reset
[2010.01.19 22:20:42 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Roaming\Leadertech
[2010.01.19 15:43:01 | 000,000,000 | ---D | C] -- C:\ProgramData\OO Software
[2010.01.17 01:09:16 | 001,091,288 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed.sys
[2010.01.17 01:09:16 | 000,334,040 | ---- | C] (cFos Software GmbH) -- C:\Windows\System32\cfosspeed.dll
[2010.01.17 01:09:16 | 000,000,000 | ---D | C] -- C:\Program Files\cFosSpeed
[2010.01.14 04:12:02 | 000,031,312 | ---- | C] (O&O Software GmbH) -- C:\Windows\System32\drivers\oodivdh.sys
[2010.01.14 04:12:00 | 000,166,992 | ---- | C] (O&O Software GmbH) -- C:\Windows\System32\drivers\oodivd.sys
[2010.01.14 04:11:58 | 000,028,752 | ---- | C] (O&O Software GmbH) -- C:\Windows\System32\drivers\oodisrh.sys
[2010.01.14 04:11:56 | 000,096,336 | ---- | C] (O&O Software GmbH) -- C:\Windows\System32\drivers\oodisr.sys
[2010.01.13 05:42:41 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.01.13 05:42:41 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.01.11 22:18:00 | 013,679,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.01.11 22:18:00 | 001,515,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2010.01.11 22:18:00 | 000,962,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010.01.11 22:18:00 | 000,129,640 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2010.01.11 22:18:00 | 000,110,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010.01.08 11:59:30 | 000,000,000 | ---D | C] -- C:\Users\Skully\AppData\Roaming\HD Tune Pro
[2010.01.08 11:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\HD Tune Pro
[2010.01.02 23:26:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\L&H
[2010.01.02 20:08:59 | 000,028,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mdimon.dll
[2010.01.02 20:07:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2010.01.02 20:07:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.01.02 20:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.01.02 20:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2009.10.25 18:18:01 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Skully\AppData\Roaming\pcouffin.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.02.01 13:28:19 | 004,194,304 | ---- | M] () -- C:\Users\Skully\ntuser.dat
[2010.02.01 13:16:08 | 000,548,864 | ---- | M] (OldTimer Tools) -- C:\Users\Skully\Desktop\OTL.exe
[2010.02.01 13:08:38 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2010.02.01 12:14:26 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.02.01 12:14:26 | 000,029,376 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.02.01 12:06:56 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.02.01 12:06:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.02.01 12:06:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.02.01 12:06:11 | 1609,474,048 | -HS- | M] () -- C:\hiberfil.sys
[2010.02.01 12:06:09 | 000,603,751 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.02.01 12:04:13 | 001,217,140 | -H-- | M] () -- C:\Users\Skully\AppData\Local\IconCache.db
[2010.02.01 10:51:58 | 011,560,871 | ---- | M] () -- C:\Users\Skully\Desktop\Bergendy - Kikapcsolom az Idegrendszerem.mp3
[2010.02.01 05:12:00 | 000,000,121 | ---- | M] () -- C:\Windows\bdagent.INI
[2010.01.31 15:22:46 | 000,001,910 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.01.31 11:11:51 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010.01.30 23:36:32 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.01.29 18:38:58 | 000,615,122 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.01.29 18:38:58 | 000,103,496 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.01.29 18:38:57 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.01.29 18:38:57 | 000,641,468 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.01.29 18:38:57 | 000,125,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.01.29 10:23:44 | 000,000,385 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
[2010.01.29 07:27:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_unmip.dat
[2010.01.29 07:27:49 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_histprot.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_webproxy.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_video.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_tabloids.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_searchengines.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_pornography.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlineshop.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinepay.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinedating.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_news.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_im.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_illegal.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_hate.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_games.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_gambling.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_drugs.dat
[2010.01.28 20:54:20 | 000,000,016 | ---- | M] () -- C:\Windows\System32\asdict.dat
[2010.01.28 20:54:20 | 000,000,004 | ---- | M] () -- C:\Windows\System32\aspdict-en.dat
[2010.01.28 16:06:02 | 000,000,132 | ---- | M] () -- C:\Windows\System32\rezumatenoi.dat
[2010.01.28 12:22:14 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ab_bl.sig
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\wsbl.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_white.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_summ.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_spoof.sig
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_sign.slf
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_fuzzy.sig
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ph_black.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pcwords2.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pcwords.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_sign.slf
[2010.01.28 06:33:58 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ab_sbl.sig
[2010.01.28 05:30:54 | 000,524,288 | -HS- | M] () -- C:\Users\Skully\ntuser.dat{3ad29832-0bc3-11df-9d65-0015586842de}.TMContainer00000000000000000002.regtrans-ms
[2010.01.28 05:30:54 | 000,524,288 | -HS- | M] () -- C:\Users\Skully\ntuser.dat{3ad29832-0bc3-11df-9d65-0015586842de}.TMContainer00000000000000000001.regtrans-ms
[2010.01.28 05:30:54 | 000,065,536 | -HS- | M] () -- C:\Users\Skully\ntuser.dat{3ad29832-0bc3-11df-9d65-0015586842de}.TM.blf
[2010.01.28 05:29:38 | 000,002,096 | ---- | M] () -- C:\Users\Public\Desktop\BitDefender Total Security 2010.lnk
[2010.01.27 22:24:31 | 180,953,752 | ---- | M] () -- C:\Users\Skully\Desktop\Autechre - Oversteps PROMO.m4a
[2010.01.26 09:10:09 | 000,000,116 | ---- | M] () -- C:\Windows\System32\SpywareCease.lie
[2010.01.23 21:39:09 | 000,691,696 | ---- | M] () -- C:\Windows\System32\drivers\sptd.sys
[2010.01.23 18:52:42 | 000,057,624 | ---- | M] () -- C:\img2-001.raw
[2010.01.23 18:40:39 | 000,001,835 | ---- | M] () -- C:\Users\Skully\Desktop\CCleaner.lnk
[2010.01.22 21:52:15 | 000,056,448 | ---- | M] () -- C:\Users\Skully\Documents\rec_VcsCore_21-52-06.mp3
[2010.01.15 20:22:18 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\foobar2000.lnk
[2010.01.14 11:12:06 | 000,181,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.01.14 04:12:02 | 000,031,312 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\drivers\oodivdh.sys
[2010.01.14 04:12:00 | 000,166,992 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\drivers\oodivd.sys
[2010.01.14 04:11:58 | 000,028,752 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\drivers\oodisrh.sys
[2010.01.14 04:11:56 | 000,096,336 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\drivers\oodisr.sys
[2010.01.13 15:58:16 | 001,091,288 | ---- | M] (cFos Software GmbH) -- C:\Windows\System32\drivers\cfosspeed.sys
[2010.01.13 15:58:08 | 000,334,040 | ---- | M] (cFos Software GmbH) -- C:\Windows\System32\cfosspeed.dll
[2010.01.12 05:03:33 | 014,924,392 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2010.01.12 05:03:33 | 011,639,400 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2010.01.12 05:03:33 | 011,586,280 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2010.01.12 05:03:33 | 009,388,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2010.01.12 05:03:33 | 004,077,672 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2010.01.12 05:03:33 | 004,061,800 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2010.01.12 05:03:33 | 002,243,176 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2010.01.12 05:03:33 | 001,280,616 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2010.01.12 05:03:33 | 000,592,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvudisp.exe
[2010.01.12 05:03:33 | 000,182,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod189.dll
[2010.01.12 05:03:33 | 000,182,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcod.dll
[2010.01.12 05:03:33 | 000,068,200 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2010.01.12 05:03:33 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2010.01.12 05:03:33 | 000,007,437 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2010.01.11 22:18:44 | 000,271,481 | ---- | M] () -- C:\Windows\System32\NvApps.xml
[2010.01.11 22:18:44 | 000,065,332 | ---- | M] () -- C:\Windows\System32\NvwsApps.xml
[2010.01.11 22:18:00 | 013,679,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2010.01.11 22:18:00 | 001,515,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2010.01.11 22:18:00 | 000,962,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2010.01.11 22:18:00 | 000,129,640 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
[2010.01.11 22:18:00 | 000,110,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2010.01.11 08:12:38 | 000,381,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.01.03 07:22:06 | 000,558,184 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.01.02 23:37:35 | 000,150,408 | ---- | M] () -- C:\Users\Skully\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.01.02 20:09:04 | 000,000,376 | ---- | M] () -- C:\Windows\ODBC.INI
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.02.01 13:08:38 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2010.02.01 10:39:49 | 011,560,871 | ---- | C] () -- C:\Users\Skully\Desktop\Bergendy - Kikapcsolom az Idegrendszerem.mp3
[2010.02.01 05:12:00 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2010.01.31 15:23:09 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010.01.31 15:22:55 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010.01.31 15:22:55 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010.01.31 15:22:46 | 000,001,910 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010.01.31 15:22:37 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010.01.31 10:55:45 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010.01.31 10:55:45 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010.01.31 10:55:45 | 000,000,880 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010.01.31 10:55:45 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010.01.31 10:55:44 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010.01.30 22:59:44 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.01.30 22:59:44 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.01.30 22:59:44 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.01.30 22:59:44 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.01.30 22:59:44 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.01.29 10:23:44 | 000,000,385 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
[2010.01.29 07:27:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010.01.29 07:27:49 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010.01.29 07:27:48 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010.01.28 22:43:43 | 000,000,052 | ---- | C] () -- C:\Windows\System32\ashttpstats.csv
[2010.01.28 20:54:20 | 000,000,016 | ---- | C] () -- C:\Windows\System32\asdict.dat
[2010.01.28 20:54:20 | 000,000,004 | ---- | C] () -- C:\Windows\System32\aspdict-en.dat
[2010.01.28 12:22:14 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ab_bl.sig
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\wsbl.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_white.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_summ.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_spoof.sig
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_sign.slf
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_fuzzy.sig
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ph_black.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords2.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pcwords.dat
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_sign.slf
[2010.01.28 06:33:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ab_sbl.sig
[2010.01.28 05:38:51 | 000,000,132 | ---- | C] () -- C:\Windows\System32\rezumatenoi.dat
[2010.01.28 05:30:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\Ikeext.etl
[2010.01.28 05:29:38 | 000,002,096 | ---- | C] () -- C:\Users\Public\Desktop\BitDefender Total Security 2010.lnk
[2010.01.28 05:12:16 | 000,524,288 | -HS- | C] () -- C:\Users\Skully\ntuser.dat{3ad29832-0bc3-11df-9d65-0015586842de}.TMContainer00000000000000000002.regtrans-ms
[2010.01.28 05:12:15 | 000,524,288 | -HS- | C] () -- C:\Users\Skully\ntuser.dat{3ad29832-0bc3-11df-9d65-0015586842de}.TMContainer00000000000000000001.regtrans-ms
[2010.01.28 05:12:15 | 000,065,536 | -HS- | C] () -- C:\Users\Skully\ntuser.dat{3ad29832-0bc3-11df-9d65-0015586842de}.TM.blf
[2010.01.27 20:55:10 | 180,953,752 | ---- | C] () -- C:\Users\Skully\Desktop\Autechre - Oversteps PROMO.m4a
[2010.01.24 11:38:35 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010.01.24 11:33:39 | 000,007,437 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2010.01.23 18:52:42 | 000,057,624 | ---- | C] () -- C:\img2-001.raw
[2010.01.23 18:40:39 | 000,001,835 | ---- | C] () -- C:\Users\Skully\Desktop\CCleaner.lnk
[2010.01.22 21:52:11 | 000,056,448 | ---- | C] () -- C:\Users\Skully\Documents\rec_VcsCore_21-52-06.mp3
[2010.01.11 22:18:44 | 000,271,481 | ---- | C] () -- C:\Windows\System32\NvApps.xml
[2010.01.11 22:18:44 | 000,065,332 | ---- | C] () -- C:\Windows\System32\NvwsApps.xml
[2010.01.02 20:09:04 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.12.29 22:39:42 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2009.12.29 22:39:40 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.12.29 22:39:39 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.12.29 22:39:38 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2009.12.29 22:39:37 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.12.22 21:19:43 | 000,000,008 | RHS- | C] () -- C:\ProgramData\C429F0DCEF.sys
[2009.12.22 21:19:42 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.12.15 13:11:49 | 000,000,877 | ---- | C] () -- C:\Users\Skully\AppData\Roaming\coreavc.ini
[2009.12.15 13:04:43 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.12.07 14:09:28 | 000,001,041 | ---- | C] () -- C:\Users\Skully\AppData\Roaming\vso_ts_preview.xml
[2009.11.09 12:10:44 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfmonnt.dll
[2009.11.09 12:10:41 | 000,000,164 | ---- | C] () -- C:\Windows\System32\psconv.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.10.25 18:19:05 | 000,000,034 | ---- | C] () -- C:\Users\Skully\AppData\Roaming\pcouffin.log
[2009.10.25 18:18:01 | 000,007,887 | ---- | C] () -- C:\Users\Skully\AppData\Roaming\pcouffin.cat
[2009.10.25 18:18:01 | 000,001,144 | ---- | C] () -- C:\Users\Skully\AppData\Roaming\pcouffin.inf
[2009.10.20 15:43:05 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll
[2009.10.10 20:19:06 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.10.07 19:23:40 | 000,033,280 | ---- | C] () -- C:\Users\Skully\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.09.09 19:30:39 | 000,000,472 | ---- | C] () -- C:\Users\Skully\AppData\Roaming\Alltag16.ini
[2009.09.06 19:22:46 | 000,000,229 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2009.08.12 19:53:35 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2009.08.12 19:53:35 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar3.dll
[2009.08.12 19:53:35 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2009.08.12 19:53:35 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.07.24 14:05:24 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.13 10:02:06 | 000,139,152 | ---- | C] () -- C:\Users\Skully\AppData\Roaming\PnkBstrK.sys
[2009.06.13 10:02:06 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.06.13 10:01:42 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009.06.12 19:07:45 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2009.04.14 06:43:32 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2009.01.15 12:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2007.01.31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 239 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP282699C
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

OTL Extras logfile created on: 01.02.2010 13:17:06 - Run 1
OTL by OldTimer - Version 3.1.27.1 Folder = C:\Users\Skully\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000807 | Country: Switzerland | Language: DES | Date Format: dd.MM.yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 149.05 Gb Total Space | 7.52 Gb Free Space | 5.04% Space Free | Partition Type: NTFS
Drive D: | 232.88 Gb Total Space | 30.49 Gb Free Space | 13.09% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 2.33 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive O: | 465.76 Gb Total Space | 124.17 Gb Free Space | 26.66% Space Free | Partition Type: NTFS

Computer Name: SKULLY-PC
Current User Name: Skully
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID Sign-in Assistant
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4600_series" = Canon iP4600 series Printer Driver
"{12001D97-ED15-4D04-B4A6-32D16A71844C}" = Adobe Photoshop Lightroom 2.6.1
"{1D557982-6BBB-454A-93AC-41B4A53CB216}" = O&O CleverCache
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{29988DC6-9C4A-49B2-AC86-5C380B29ADB9}_is1" = Loaris Trojan Remover 1.2
"{36C97B5B-5593-45B8-B50E-DAD87036BD9D}" = Microsoft LifeCam
"{38AFE2B1-19DB-432A-BA4A-410BFBA78DCE}" = DVD-Cover Printmaster 1.4
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5C1F18D2-F6B7-4242-B803-B5A78648185D}" = Corel WinDVD 2010
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63721C54-79ED-4959-BD7D-DC0001806BCB}" = O&O DiskImage Professional
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{901F0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Proofing Tools
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DEC9DE4-67F5-42A6-8FEA-7ED2F8888F29}_is1" = Multiupload Batch Uploader 1.0
"{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AE46ABD3-D625-467F-B5A7-8D3FFF077F0D}" = Realtek PCI Fast Ethernet Controller Driver For Vista and Win7
"{AF72E557-0647-4DE5-ACDA-ECFB38D5D732}" = Licensing Service Install
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B92BF2D4-34BE-41C8-BBF8-435229685B88}" = O&O PartitionManager Professional
"{C4C973AF-AEB6-4D58-A401-61DDE037D2EA}" = Wolfenstein(TM) Lite Server 1.1 Patch
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D75814C1-5AA5-4198-BFF6-093A226D9F0D}" = O&O Defrag Professional
"{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.6.316
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{EAA190F4-FF0D-4D28-A4E7-E0A20E1DDDFA}" = BitDefender Total Security 2010
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Arturia Prophet V VSTi RTAS_is1" = Arturia Prophet V VSTi RTAS v1.2.1
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"BayGenie eBay Auction Sniper Pro Edition_is1" = BayGenie eBay Auction Sniper Pro Edition 3.3.3.0
"Browser Defender_is1" = Browser Defender 2.0.6.11
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Canon iP4600 series User Registration" = Canon iP4600 series User Registration
"CANONIJPLM100" = Inkjet Printer/Scanner Extended Survey Program
"CCleaner" = CCleaner
"cFosSpeed" = cFosSpeed v5.01
"Convert DOC to PDF For Word_is1" = Convert DOC to PDF For Word 3.50
"Cool Beans NFO Creator_is1" = Cool Beans NFO Creator 2.0.1.3
"CoreAVC Professional Edition" = CoreAVC Professional Edition (remove only)
"Driver Magician_is1" = Driver Magician 3.48
"DVD Decrypter" = DVD Decrypter (Remove Only)
"ESET Online Scanner" = ESET Online Scanner v3
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Exact Audio Copy" = Exact Audio Copy 0.99pb5
"Fast AVI MPEG Joiner_is1" = Fast AVI MPEG Joiner 1.2.0812
"FLAC" = FLAC 1.2.1b (remove only)
"foobar2000" = foobar2000 v1.0
"Foxit Reader" = Foxit Reader
"Free ISO Creator (by minidvdsoft)_is1" = Free ISO Creator version 2.8
"Free PS Convert driver_is1" = Free PS Convert driver 8.15
"HD Tune Pro_is1" = HD Tune Pro 4.00
"HijackThis" = HijackThis 2.0.2
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{91C514E8-C92E-48E4-BDEE-DE3407837194}" = Wolfenstein(TM) 1.2 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{C4C973AF-AEB6-4D58-A401-61DDE037D2EA}" = Wolfenstein(TM) Lite Server 1.1 Patch
"InstallShield_{E03B44A3-9237-4B55-B7A5-DB1DD46920D3}" = Wolfenstein(TM) 1.1 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.2.0 (Full)
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6)" = Mozilla Firefox (3.6)
"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)
"Mp3tag" = Mp3tag v2.45a
"Music NFO Builder_is1" = Music NFO Builder v1.20
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"PunkBusterSvc" = PunkBuster Services
"Revo Uninstaller" = Revo Uninstaller 1.85
"Soulseek2" = SoulSeek 157 NS 13e
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Total Audio Converter_is1" = TotalAudioConverter
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"5f48e2ab41c5d005" = RapidShare Manager
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 25.01.2010 15:15:10 | Computer Name = Skully-PC | Source = VSS | ID = 8194
Description =

Error - 26.01.2010 04:58:23 | Computer Name = Skully-PC | Source = VSS | ID = 8194
Description =

Error - 27.01.2010 08:29:38 | Computer Name = Skully-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 27.01.2010 08:29:51 | Computer Name = Skully-PC | Source = MsiInstaller | ID = 11706
Description =

Error - 27.01.2010 08:30:31 | Computer Name = Skully-PC | Source = VSS | ID = 8194
Description =

Error - 27.01.2010 17:59:49 | Computer Name = Skully-PC | Source = VSS | ID = 8194
Description =

Error - 27.01.2010 18:50:30 | Computer Name = Skully-PC | Source = VSS | ID = 8194
Description =

Error - 28.01.2010 00:18:06 | Computer Name = Skully-PC | Source = VSS | ID = 8194
Description =

Error - 30.01.2010 11:48:01 | Computer Name = Skully-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3667,
Zeitstempel: 0x4b5102f0 Name des fehlerhaften Moduls: SHLWAPI.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdb05 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000dad8 ID des fehlerhaften
Prozesses: 0xa70 Startzeit der fehlerhaften Anwendung: 0x01caa1c2e046c9bf Pfad der
fehlerhaften Anwendung: C:\Program Files\Mozilla Firefox\firefox.exe Pfad des fehlerhaften
Moduls: C:\Windows\system32\SHLWAPI.dll Berichtskennung: d85ed617-0db6-11df-a16a-0015586842de

Error - 31.01.2010 15:44:07 | Computer Name = Skully-PC | Source = VSS | ID = 8194
Description =

[ System Events ]
Error - 01.02.2010 00:16:47 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
TfFsMon TfSysMon

Error - 01.02.2010 05:19:02 | Computer Name = Skully-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 01.02.2010 07:05:07 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "DCOM Server Process Launcher" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
Millisekunden durchgeführt: Reboot the machine.

Error - 01.02.2010 07:05:07 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Plug and Play" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Reboot the machine.

Error - 01.02.2010 07:05:07 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Power" wurde unerwartet beendet. Dies ist bereits 1 Mal
vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
Reboot the machine.

Error - 01.02.2010 07:05:07 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "DCOM Server Process Launcher" Korrekturmaßnahmen (Reboot the machine)
durchzuführen, ist fehlgeschlagen. Fehler: %%1717

Error - 01.02.2010 07:05:07 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Power" Korrekturmaßnahmen (Reboot the machine) durchzuführen, ist
fehlgeschlagen. Fehler: %%1717

Error - 01.02.2010 07:05:07 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Plug and Play" Korrekturmaßnahmen (Reboot the machine) durchzuführen,
ist fehlgeschlagen. Fehler: %%1717

Error - 01.02.2010 07:07:03 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Windows-Bilderfassung (WIA)" ist vom Dienst "Shellhardwareerkennung"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1058

Error - 01.02.2010 07:07:22 | Computer Name = Skully-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
TfFsMon TfSysMon


< End of report >

Hi,

da ist mit hoher Wahrscheinlichkeit tatsächlich ein Rootkit drauf...

Prüfe bei virustotal.com folgende Datei und poste das komplette Ergebnis:

Code: Alles auswählenAufklappen

ATTFilter

C:\Windows\system32\SHLWAPI.dll
         

Du hast schon versucht combofix laufen zu lassen?
Der ist nicht freigegeben unter Win7!
Hast Du eine Boot bzw. recovery-CD?

Poste noch die Logs von MAM und vorallen die Funde von Dr. Web!

chris

Datei shlwapi.dll empfangen 2010.02.01 13:43:55 (UTC)
Status: Laden ... Wartend Warten Überprüfung Beendet Nicht gefunden Gestoppt
Ergebnis: 0/40 (0%)
Laden der Serverinformationen...
Ihre Datei wartet momentan auf Position: 2.
Geschätzte Startzeit ist zwischen 50 und 71 Sekunden.
Dieses Fenster bis zum Abschluss des Scans nicht schließen.
Der Scanner, welcher momentan Ihre Datei bearbeitet ist momentan gestoppt. Wir warten einige Sekunden um Ihr Ergebnis zu erstellen.
Falls Sie längern als fünf Minuten warten, versenden Sie bitte die Datei erneut.
Ihre Datei wird momentan von VirusTotal überprüft,
Ergebnisse werden sofort nach der Generierung angezeigt.
Filter Filter
Drucken der Ergebnisse Drucken der Ergebnisse
Datei existiert nicht oder dessen Lebensdauer wurde überschritten
Dienst momentan gestoppt. Ihre Datei befindet sich in der Warteschlange (position: ). Diese wird abgearbeitet, wenn der Dienst wieder startet.

SIe können auf einen automatischen reload der homepage warten, oder ihre email in das untere formular eintragen. Klicken Sie auf "Anfragen", damit das System sie benachrichtigt wenn die Überprüfung abgeschlossen ist.
Email:

Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.02.01 -
AhnLab-V3 5.0.0.2 2010.01.31 -
AntiVir 7.9.1.154 2010.02.01 -
Antiy-AVL 2.0.3.7 2010.02.01 -
Authentium 5.2.0.5 2010.01.31 -
Avast 4.8.1351.0 2010.01.31 -
AVG 9.0.0.730 2010.02.01 -
BitDefender 7.2 2010.02.01 -
CAT-QuickHeal 10.00 2010.02.01 -
ClamAV 0.96.0.0-git 2010.02.01 -
Comodo 3783 2010.02.01 -
DrWeb 5.0.1.12222 2010.02.01 -
eSafe 7.0.17.0 2010.01.31 -
eTrust-Vet 35.2.7274 2010.02.01 -
F-Prot 4.5.1.85 2010.01.31 -
F-Secure 9.0.15370.0 2010.02.01 -
Fortinet 4.0.14.0 2010.02.01 -
GData 19 2010.02.01 -
Ikarus T3.1.1.80.0 2010.02.01 -
Jiangmin 13.0.900 2010.01.28 -
K7AntiVirus 7.10.960 2010.01.29 -
Kaspersky 7.0.0.125 2010.02.01 -
McAfee 5878 2010.01.31 -
McAfee+Artemis 5878 2010.01.31 -
McAfee-GW-Edition 6.8.5 2010.02.01 -
Microsoft 1.5406 2010.02.01 -
NOD32 4823 2010.02.01 -
Norman 6.04.03 2010.01.31 -
nProtect 2009.1.8.0 2010.02.01 -
Panda 10.0.2.2 2010.01.31 -
PCTools 7.0.3.5 2010.02.01 -
Rising 22.33.00.04 2010.02.01 -
Sophos 4.50.0 2010.02.01 -
Sunbelt 3.2.1858.2 2010.01.31 -
Symantec 20091.2.0.41 2010.02.01 -
TheHacker 6.5.1.0.175 2010.02.01 -
TrendMicro 9.120.0.1004 2010.02.01 -
VBA32 3.12.12.1 2010.02.01 -
ViRobot 2010.2.1.2166 2010.02.01 -
VirusBuster 5.0.21.0 2010.02.01 -
weitere Informationen
File size: 350208 bytes
MD5...: f037db14cf6165c62f4a64d12a25b07c
SHA1..: e7e1172e3a5f4665c2aba4ebd8dbc7c70306e6e5
SHA256: 26ce06c858f59691f6d6d41e0031d9cd1acb9af24569fc3a0e869c08aa5225b5
ssdeep: 6144:fJNMha0GFrdeOboSE852GUB6wSi9SJxCsMAaY9Ds9uJZeor3vQdUa:fJHLe
Jc5pUkgSWAbleuUdUa
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1a24a
timedatestamp.....: 0x4a5bdb05 (Tue Jul 14 01:10:29 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x50cf0 0x50e00 6.82 e0149afe24d3c68ea03a5a0cd507b8ca
.data 0x52000 0xb6c 0xc00 2.75 be3dd040d5548138dbbac0ef4fbd6f10
.rsrc 0x53000 0xd98 0xe00 4.63 147128d42143078e4eb769b726cd78bd
.reloc 0x54000 0x2b68 0x2c00 6.67 be01c8b85036aacb437d52e10192f3b7

( 7 imports )
> KERNEL32.dll: ReleaseSRWLockExclusive, TlsSetValue, TlsGetValue, GetTickCount, GetCurrentThread, LoadLibraryW, InterlockedIncrement, FreeLibraryAndExitThread, SetEvent, IsWow64Process, WaitForSingleObject, CreateThread, CreateEventA, GetModuleHandleExA, GetUserDefaultUILanguage, InterlockedDecrement, MulDiv, LCIDToLocaleName, GetUserDefaultLCID, HeapAlloc, GetProcessHeap, HeapFree, InterlockedExchange, GetModuleFileNameA, GetVersionExW, OpenEventW, GetSystemDefaultUILanguage, GetSystemWindowsDirectoryW, GetModuleFileNameW, WriteFile, LockFileEx, UnlockFileEx, ReadFile, DeleteFileW, SetFileInformationByHandle, ReplaceFileW, GetFileInformationByHandleEx, GetVolumeInformationByHandleW, SetFilePointerEx, SetFilePointer, SetEndOfFile, LocalSize, OpenProcess, DuplicateHandle, GetCurrentProcessId, GlobalAddAtomW, GlobalGetAtomNameW, MapViewOfFile, CreateFileMappingA, GlobalDeleteAtom, DeleteTimerQueueTimer, CreateTimerQueueTimer, QueueUserWorkItem, ReleaseSRWLockShared, AcquireSRWLockShared, GetPrivateProfileStringA, GetPrivateProfileStringW, WritePrivateProfileStringW, GetModuleHandleExW, FormatMessageW, GetLocaleInfoW, SizeofResource, LockResource, LoadResource, FindResourceW, CreateFileMappingW, OpenFileMappingW, GetModuleHandleW, FormatMessageA, AcquireSRWLockExclusive, InitializeSRWLock, GetCurrentProcess, GetModuleHandleA, LoadLibraryA, UnmapViewOfFile, TlsFree, DisableThreadLibraryCalls, TlsAlloc, LoadLibraryExW, LocalReAlloc, MultiByteToWideChar, WideCharToMultiByte, DeviceIoControl, ExpandEnvironmentStringsW, CompareStringW, LCMapStringW, FindFirstFileW, FindNextFileW, SetFileAttributesW, CreateFileW, GetWindowsDirectoryW, GetSystemDirectoryW, SearchPathW, GetFullPathNameW, lstrcmpW, lstrcmpiW, GetFileAttributesW, GetEnvironmentVariableW, lstrlenW, GetCurrentThreadId, ExpandEnvironmentStringsA, CompareStringA, GetEnvironmentVariableA, SetLastError, LocalFree, LocalAlloc, LCMapStringA, SetFileAttributesA, GetSystemTimeAsFileTime, CreateFileA, GetProcAddress, GetLastError, FreeLibrary, InterlockedCompareExchange, LoadLibraryExA, IsDBCSLeadByte, GetCPInfo, GetFileAttributesA, SetErrorMode, lstrcmpiA, lstrcmpA, DelayLoadFailureHook, lstrlenA, GetFullPathNameA, SearchPathA, FindClose, FindNextFileA, FindFirstFileA, GetSystemDirectoryA, GetWindowsDirectoryA, CloseHandle, SetFileTime, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, Sleep, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter
> GDI32.dll: GetLayout, ExtTextOutW, GetTextExtentPoint32W, SetStretchBltMode, CreateSolidBrush, GetStockObject, SetMapMode, Rectangle, StretchDIBits, SelectPalette, RealizePalette, CreateDIBSection, GetDIBits, GetObjectA, CreateFontIndirectA, SetBkColor, GetDeviceCaps, CreateHalftonePalette, GetPaletteEntries, DeleteObject, CreateCompatibleDC, GetSystemPaletteEntries, CreatePalette, DeleteDC, GetTextExtentPointW, GetGlyphIndicesW, SelectObject, GetTextExtentPointA, GetGlyphIndicesA, GetTextExtentExPointI
> USER32.dll: RegisterClassA, GetClassInfoA, RegisterClassW, GetClassInfoW, UnregisterClassA, UnregisterClassW, PeekMessageA, MsgWaitForMultipleObjects, IsChild, SetPropA, SystemParametersInfoA, RemovePropA, SendNotifyMessageA, SendNotifyMessageW, PostThreadMessageA, DispatchMessageA, TranslateMessage, GetMessageA, ActivateKeyboardLayout, GetKeyboardLayout, IsDlgButtonChecked, EndDialog, DialogBoxParamW, DialogBoxParamA, CreateWindowExA, LoadCursorA, SetWindowLongW, CreateWindowExW, GetIconInfo, GetSysColor, RegisterClipboardFormatA, CharLowerW, IsCharAlphaNumericW, CharNextW, CheckMenuItem, CreatePopupMenu, GetMenuItemCount, GetMenuItemInfoA, DefWindowProcW, DefWindowProcA, IsWindowUnicode, PostMessageW, PostMessageA, EnumChildWindows, LoadMenuW, GetSubMenu, RemoveMenu, DestroyMenu, GetParent, SetParent, GetWindowLongA, SetWindowLongA, GetMenuDefaultItem, EnableMenuItem, LoadStringW, GetWindowTextW, GetPropW, GetSystemMetrics, CharUpperW, SendMessageW, SetWindowTextW, CharPrevW, LoadStringA, GetWindowTextA, GetPropA, MessageBoxW, CharUpperA, GetDlgItem, GetClientRect, SendMessageA, SetWindowTextA, GetDC, ReleaseDC, CharPrevA, CharNextA, GetWindowThreadProcessId
> ntdll.dll: _wcsicmp, NtQueryInformationProcess, _chkstk, -, EtwEventUnregister, EtwEventRegister, EtwUnregisterTraceGuids, EtwRegisterTraceGuidsW, EtwGetTraceLoggerHandle, EtwGetTraceEnableLevel, EtwGetTraceEnableFlags, _allmul, EtwEventEnabled, EtwEventWrite, EtwTraceMessage, wcschr, iswalpha, _vsnwprintf, memcpy, _vsnprintf, _strnicmp, memmove, isalpha, memset
> msvcrt.dll: _unlock, _except_handler4_common, _onexit, _lock, __dllonexit, _XcptFilter, _amsg_exit, _initterm, free, malloc
> API_MS_Win_Core_LocalRegistry_L1_1_0.dll: RegOpenKeyExA, RegQueryInfoKeyA, RegDeleteKeyExA, RegCreateKeyExA, RegCloseKey, RegQueryValueExA, RegSetValueExA, RegDeleteValueA, RegCreateKeyExW, RegOpenKeyExW, RegEnumKeyExW, RegSetValueExW, RegDeleteKeyExW, RegQueryInfoKeyW, RegDeleteValueW, RegQueryValueExW, RegEnumValueW, RegEnumKeyExA, RegEnumValueA, RegOpenCurrentUser, RegGetValueW
> KERNELBASE.dll: LoadStringByReference

( 369 exports )
AssocCreate, AssocGetPerceivedType, AssocIsDangerous, AssocQueryKeyA, AssocQueryKeyW, AssocQueryStringA, AssocQueryStringByKeyA, AssocQueryStringByKeyW, AssocQueryStringW, ChrCmpIA, ChrCmpIW, ColorAdjustLuma, ColorHLSToRGB, ColorRGBToHLS, ConnectToConnectionPoint, DelayLoadFailureHook, DllGetVersion, GetAcceptLanguagesA, GetAcceptLanguagesW, GetMenuPosFromID, HashData, IStream_Copy, IStream_Read, IStream_ReadPidl, IStream_ReadStr, IStream_Reset, IStream_Size, IStream_Write, IStream_WritePidl, IStream_WriteStr, IUnknown_AtomicRelease, IUnknown_GetSite, IUnknown_GetWindow, IUnknown_QueryService, IUnknown_Set, IUnknown_SetSite, IntlStrEqWorkerA, IntlStrEqWorkerW, IsCharSpaceA, IsCharSpaceW, IsInternetESCEnabled, IsOS, MLFreeLibrary, MLLoadLibraryA, MLLoadLibraryW, ParseURLA, ParseURLW, PathAddBackslashA, PathAddBackslashW, PathAddExtensionA, PathAddExtensionW, PathAppendA, PathAppendW, PathBuildRootA, PathBuildRootW, PathCanonicalizeA, PathCanonicalizeW, PathCombineA, PathCombineW, PathCommonPrefixA, PathCommonPrefixW, PathCompactPathA, PathCompactPathExA, PathCompactPathExW, PathCompactPathW, PathCreateFromUrlA, PathCreateFromUrlAlloc, PathCreateFromUrlW, PathFileExistsA, PathFileExistsW, PathFindExtensionA, PathFindExtensionW, PathFindFileNameA, PathFindFileNameW, PathFindNextComponentA, PathFindNextComponentW, PathFindOnPathA, PathFindOnPathW, PathFindSuffixArrayA, PathFindSuffixArrayW, PathGetArgsA, PathGetArgsW, PathGetCharTypeA, PathGetCharTypeW, PathGetDriveNumberA, PathGetDriveNumberW, PathIsContentTypeA, PathIsContentTypeW, PathIsDirectoryA, PathIsDirectoryEmptyA, PathIsDirectoryEmptyW, PathIsDirectoryW, PathIsFileSpecA, PathIsFileSpecW, PathIsLFNFileSpecA, PathIsLFNFileSpecW, PathIsNetworkPathA, PathIsNetworkPathW, PathIsPrefixA, PathIsPrefixW, PathIsRelativeA, PathIsRelativeW, PathIsRootA, PathIsRootW, PathIsSameRootA, PathIsSameRootW, PathIsSystemFolderA, PathIsSystemFolderW, PathIsUNCA, PathIsUNCServerA, PathIsUNCServerShareA, PathIsUNCServerShareW, PathIsUNCServerW, PathIsUNCW, PathIsURLA, PathIsURLW, PathMakePrettyA, PathMakePrettyW, PathMakeSystemFolderA, PathMakeSystemFolderW, PathMatchSpecA, PathMatchSpecExA, PathMatchSpecExW, PathMatchSpecW, PathParseIconLocationA, PathParseIconLocationW, PathQuoteSpacesA, PathQuoteSpacesW, PathRelativePathToA, PathRelativePathToW, PathRemoveArgsA, PathRemoveArgsW, PathRemoveBackslashA, PathRemoveBackslashW, PathRemoveBlanksA, PathRemoveBlanksW, PathRemoveExtensionA, PathRemoveExtensionW, PathRemoveFileSpecA, PathRemoveFileSpecW, PathRenameExtensionA, PathRenameExtensionW, PathSearchAndQualifyA, PathSearchAndQualifyW, PathSetDlgItemPathA, PathSetDlgItemPathW, PathSkipRootA, PathSkipRootW, PathStripPathA, PathStripPathW, PathStripToRootA, PathStripToRootW, PathUnExpandEnvStringsA, PathUnExpandEnvStringsW, PathUndecorateA, PathUndecorateW, PathUnmakeSystemFolderA, PathUnmakeSystemFolderW, PathUnquoteSpacesA, PathUnquoteSpacesW, QISearch, SHAllocShared, SHAnsiToAnsi, SHAnsiToUnicode, SHAutoComplete, SHCopyKeyA, SHCopyKeyW, SHCreateMemStream, SHCreateShellPalette, SHCreateStreamOnFileA, SHCreateStreamOnFileEx, SHCreateStreamOnFileW, SHCreateStreamWrapper, SHCreateThread, SHCreateThreadRef, SHCreateThreadWithHandle, SHDeleteEmptyKeyA, SHDeleteEmptyKeyW, SHDeleteKeyA, SHDeleteKeyW, SHDeleteOrphanKeyA, SHDeleteOrphanKeyW, SHDeleteValueA, SHDeleteValueW, SHEnumKeyExA, SHEnumKeyExW, SHEnumValueA, SHEnumValueW, SHFormatDateTimeA, SHFormatDateTimeW, SHFreeShared, SHGetInverseCMAP, SHGetThreadRef, SHGetValueA, SHGetValueW, SHGetViewStatePropertyBag, SHIsChildOrSelf, SHIsLowMemoryMachine, SHLoadIndirectString, SHLockShared, SHMessageBoxCheckA, SHMessageBoxCheckW, SHOpenRegStream2A, SHOpenRegStream2W, SHOpenRegStreamA, SHOpenRegStreamW, SHPropertyBag_ReadStrAlloc, SHPropertyBag_WriteBSTR, SHQueryInfoKeyA, SHQueryInfoKeyW, SHQueryValueExA, SHQueryValueExW, SHRegCloseUSKey, SHRegCreateUSKeyA, SHRegCreateUSKeyW, SHRegDeleteEmptyUSKeyA, SHRegDeleteEmptyUSKeyW, SHRegDeleteUSValueA, SHRegDeleteUSValueW, SHRegDuplicateHKey, SHRegEnumUSKeyA, SHRegEnumUSKeyW, SHRegEnumUSValueA, SHRegEnumUSValueW, SHRegGetBoolUSValueA, SHRegGetBoolUSValueW, SHRegGetIntW, SHRegGetPathA, SHRegGetPathW, SHRegGetUSValueA, SHRegGetUSValueW, SHRegGetValueA, SHRegGetValueW, SHRegOpenUSKeyA, SHRegOpenUSKeyW, SHRegQueryInfoUSKeyA, SHRegQueryInfoUSKeyW, SHRegQueryUSValueA, SHRegQueryUSValueW, SHRegSetPathA, SHRegSetPathW, SHRegSetUSValueA, SHRegSetUSValueW, SHRegWriteUSValueA, SHRegWriteUSValueW, SHRegisterValidateTemplate, SHReleaseThreadRef, SHRunIndirectRegClientCommand, SHSendMessageBroadcastA, SHSendMessageBroadcastW, SHSetThreadRef, SHSetValueA, SHSetValueW, SHSkipJunction, SHStrDupA, SHStrDupW, SHStripMneumonicA, SHStripMneumonicW, SHUnicodeToAnsi, SHUnicodeToUnicode, SHUnlockShared, ShellMessageBoxA, ShellMessageBoxW, StrCSpnA, StrCSpnIA, StrCSpnIW, StrCSpnW, StrCatBuffA, StrCatBuffW, StrCatChainW, StrCatW, StrChrA, StrChrIA, StrChrIW, StrChrNIW, StrChrNW, StrChrW, StrCmpCA, StrCmpCW, StrCmpICA, StrCmpICW, StrCmpIW, StrCmpLogicalW, StrCmpNA, StrCmpNCA, StrCmpNCW, StrCmpNIA, StrCmpNICA, StrCmpNICW, StrCmpNIW, StrCmpNW, StrCmpW, StrCpyNW, StrCpyW, StrDupA, StrDupW, StrFormatByteSize64A, StrFormatByteSizeA, StrFormatByteSizeEx, StrFormatByteSizeW, StrFormatKBSizeA, StrFormatKBSizeW, StrFromTimeIntervalA, StrFromTimeIntervalW, StrIsIntlEqualA, StrIsIntlEqualW, StrNCatA, StrNCatW, StrPBrkA, StrPBrkW, StrRChrA, StrRChrIA, StrRChrIW, StrRChrW, StrRStrIA, StrRStrIW, StrRetToBSTR, StrRetToBufA, StrRetToBufW, StrRetToStrA, StrRetToStrW, StrSpnA, StrSpnW, StrStrA, StrStrIA, StrStrIW, StrStrNIW, StrStrNW, StrStrW, StrToInt64ExA, StrToInt64ExW, StrToIntA, StrToIntExA, StrToIntExW, StrToIntW, StrTrimA, StrTrimW, UrlApplySchemeA, UrlApplySchemeW, UrlCanonicalizeA, UrlCanonicalizeW, UrlCombineA, UrlCombineW, UrlCompareA, UrlCompareW, UrlCreateFromPathA, UrlCreateFromPathW, UrlEscapeA, UrlEscapeW, UrlFixupW, UrlGetLocationA, UrlGetLocationW, UrlGetPartA, UrlGetPartW, UrlHashA, UrlHashW, UrlIsA, UrlIsNoHistoryA, UrlIsNoHistoryW, UrlIsOpaqueA, UrlIsOpaqueW, UrlIsW, UrlUnescapeA, UrlUnescapeW, WhichPlatform, wnsprintfA, wnsprintfW, wvnsprintfA, wvnsprintfW
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: (c) Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Shell Light-weight Utility Library
original name: SHLWAPI.DLL
internal name: SHLWAPI
file version.: 6.1.7600.16385 (win7_rtm.090713-1255)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Hi,

die Datei ist okay, kann den crash nicht verursacht haben (Problem mit DCOM auf Deinem Rechner)...

Poste die anderen Logs, sobald die Scanner fertig sind...

chris

hab die festplatte formatiert, windows neu installiert, war mir die sichere
entscheidung, habe jetzt Dr. Web antivirus installiert und scheint ein zuverlässiges programm zu sein, sollte ich zum schutz noch andere software jetzt installieren ?
möchte nicht das mein rechner (pentium 4) durch die malewaresoftware zu langsam wird...
also, soll ich noch mehr installieren jetzt zum schutz ?

Hi,

schau Dir mal als Ergänzung noch Threadfire an... gibt es auch als freie Version... (http://www.threatfire.com/de/)

Der beste Schutz ist allerdings immer noch die Brain.exe

chris

Zitat:

Zitat von Chris4You

Hi,

schau Dir mal als Ergänzung noch Threadfire an... gibt es auch als freie Version... (http://www.threatfire.com/de/)

Der beste Schutz ist allerdings immer noch die Brain.exe

chris

hehe danke chris, bis bald

Hi,

na, hoffentlich nicht auf so bald...

chris