IE 8 öffnet sich mit ad.globe7.com Win7 64bit

brockerdocke · 04.05.2010, 21:32

Hallo,
ich habe auf meinem PC seit ein paar Monaten Win7 64bit installiert. Seit ca. einer Woche öffnet sich manchmal der IE 8 von selbst. Zumindest konnte ich nicht erkennen ob das öffnen mit irgendeiner Handlung von mir zusammenhängt.
Oben in der Leiste steht ad.globe7.com/... Es wird jedoch nur eine weiße Seite angezeigt und sämtliche anderen Leisten sind nicht sichtbar.
Ich habe jetzt mal mit AntiVir einen vollständigen Scan gemacht. Da habe ich einen Trojaner gefunden:
"Die Datei 'D:\Anwendungsdaten\Thunderbird\Username\Cache\A2F321AAd01'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.ZPACK.Gen'"

Der steht jetzt unter Quarantäne. Ich hab auch mal Microsoft Security Essentials drüber laufen gelassen, dabei wurde jedoch nichts gefunden.
Ich habe das Gefühl, das seither mein Rechner auch etwas langsamer zu sein scheint, bin mir aber nicht sicher.

Ich wäre froh, wenn mir geholfen werden könnte, da ein neu aufsetzen des Rechners lange dauern würde. Außerdem könnte der Virus ja irgendwo in meinen eigenen Dateien sitzen und dann sofort meinen Rechner erneut befallen.

Ich habe jetzt mal ein Log mit Malwarebytes gemacht. Wenn ich noch andere Dinge machen soll, kein Problem.
Vielen Dank schon mal für alle Hilfe!!!

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4064

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

04.05.2010 14:49:43
mbam-log-2010-05-04 (14-49-43).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 354868
Laufzeit: 28 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

brockerdocke · 04.05.2010, 21:51

Hallo,
hiermit poste ich jetzt die info.txt von RSIT.

info.txt logfile of random's system information tool 1.06 2010-05-04 22:44:43

======Uninstall list======

-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.3.1 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A93000000001}
Avidemux 2.5-->C:\Program Files (x86)\Video\Avidemux 2.5\uninstall.exe
Avira AntiVir Personal - Free Antivirus-->C:\Program Files (x86)\Avira\AntiVir Desktop\setup.exe /REMOVE
Biet-O-Matic v2.12.6-->C:\PROGRA~2\HELFER~1\BIET-O~1\UNWISE.EXE C:\PROGRA~2\HELFER~1\BIET-O~1\install.log
CDBurnerXP-->"C:\Program Files (x86)\Helferlein\CDBurnerXP\unins000.exe"
ColdCut-->"C:\Program Files (x86)\Video\ColdCut\unins000.exe"
DWA-556-->C:\Program Files (x86)\InstallShield Installation Information\{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}\setup.exe -runfromtemp -l0x0007 -removeonly
ffdshow [rev 2946] [2009-05-15]-->"C:\Program Files (x86)\Video\ffdshow\unins000.exe"
FileZilla Client 3.3.2.1-->C:\Program Files (x86)\Internet\FileZilla FTP Client\uninstall.exe
Firebird SQL Server - MAGIX Edition (D)-->C:\Program Files (x86)\Common\Database\uninstall.exe
GetRight-->"C:\Program Files (x86)\Internet\GetRight\unins000.exe"
GIMP 2.6.8-->"C:\Program Files (x86)\Office\GIMP-2.0\setup\unins000.exe"
Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}
HijackThis 2.0.2-->"C:\Program Files (x86)\trend micro\HijackThis.exe" /uninstall
Hugin 0.7.0 (SVN 3465)-->"C:\Program Files (x86)\Hugin\unins000.exe"
Java(TM) 6 Update 18-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216018FF}
Launchy 2.1.2-->"C:\Program Files (x86)\Helferlein\Launchy\unins000.exe"
MAGIX Foto Clinic 5.5 (D)-->C:\Program Files (x86)\Foto_Clinic_55\instslct.exe
MAGIX Foto Manager 2007 (D)-->C:\Program Files (x86)\Foto_Manager_2007\instslct.exe
MAGIX Goya burnR (D)-->C:\Program Files (x86)\Goya_burnR\instslct.exe
MAGIX Music Manager 2006 (D)-->C:\Program Files (x86)\Music_Manager_2006\instslct.exe
MAGIX Online Druck Service (D)-->C:\Program Files (x86)\Online_Druck_Service\instslct.exe
MAGIX Video deluxe 2007 PLUS (D)-->C:\Program Files (x86)\Magix\instslct.exe
Malwarebytes' Anti-Malware-->"C:\Program Files (x86)\Sicherheit\Malwarebytes' Anti-Malware\unins000.exe"
MediaCoder x64 0.7.2.4540-->C:\Program Files\Video\MediaCoder\uninst.exe
Microsoft Choice Guard-->MsiExec.exe /X{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218-->MsiExec.exe /X{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Mozilla Firefox (3.6.3)-->C:\Program Files (x86)\Internet\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (3.0.4)-->C:\Program Files (x86)\Internet\Mozilla Thunderbird\uninstall\helper.exe
MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MyPhoneExplorer-->C:\Program Files (x86)\Sony Ericsson\MyPhoneExplorer\uninstall.exe
nLite 1.4.9.1-->"C:\Program Files (x86)\Sicherheit\nLite\unins000.exe"
OpenOffice.org 3.2-->MsiExec.exe /I{192A107E-C6B9-41B9-BDBF-38E3AA226054}
Opera 10.53-->MsiExec.exe /X{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}
PanoramaStudio 2.0 (deinstallieren)-->"C:\Program Files (x86)\Office\PanoramaStudio2\uninstall.exe"
PureSync-->MsiExec.exe /I{A975BA51-6314-4842-B0D7-7FCE088F7423}
QuickTime Alternative 3.1.0-->"C:\Program Files (x86)\Video\QuickTime Alternative\unins000.exe"
Realtek High Definition Audio Driver-->C:\Program Files\Realtek\Audio\HDA\RtlUpd64.exe -r -m -nrg2709
Skype™ 4.1-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
SpeedFan (remove only)-->"C:\Program Files (x86)\Helferlein\SpeedFan\uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files (x86)\Sicherheit\Spybot - Search & Destroy\unins000.exe"
Switcher 2.0.0-->MsiExec.exe /X{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}
Trillian-->C:\Program Files (x86)\Internet\Trillian\Trillian.exe /uninstall
UBCD4Win 3.50-->"C:\UBCD4Win\unins000.exe"
Unlockmaster 3-->C:\Program Files (x86)\MAGIX\Unlockmaster 3\uninstall.exe
VLC media player 1.0.5-->C:\Program Files (x86)\Video\VideoLAN\VLC\uninstall.exe
Winamp-->"C:\Program Files (x86)\Sound\Winamp\UninstWA.exe"
Windows Live Anmelde-Assistent-->MsiExec.exe /I{52B97218-98CB-4B8B-9283-D213C85E1AA4}
Windows Live Call-->MsiExec.exe /I{5FC68772-6D56-41C6-9DF1-24E868198AE6}
Windows Live Communications Platform-->MsiExec.exe /I{ED00D08A-3C5F-488D-93A0-A04F21F23956}
Windows Live Essentials-->C:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}
Windows Live Fotogalerie-->MsiExec.exe /X{2BA722D1-48D1-406E-9123-8AE5431D63EF}
Windows Live Messenger-->MsiExec.exe /X{41E654A9-26D0-4EAC-854B-0FA824FFFABB}
Windows Live Movie Maker-->MsiExec.exe /X{3EFEF049-23D4-4B46-8903-4592FEA51018}
Windows Live Sync-->MsiExec.exe /X{76618402-179D-4699-A66B-D351C59436BC}
Windows Live-Uploadtool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
XMedia Recode 2.2.1.6-->C:\Program Files (x86)\Video\XMedia Recode\uninst.exe

======Hosts File======

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

======Security center information======

AS: Spybot - Search and Destroy

======System event log======

Computer Name: Top-PC
Event Code: 51046
Message: Der DHCPv6-Clientdienst wird gestartet.
Record Number: 10111
Source Name: Microsoft-Windows-DHCPv6-Client
Time Written: 20091207203123.320026-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: Top-PC
Event Code: 7036
Message: Dienst "TCP/IP-NetBIOS-Hilfsdienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 10110
Source Name: Service Control Manager
Time Written: 20091207203123.320026-000
Event Type: Informationen
User:

Computer Name: Top-PC
Event Code: 50036
Message: Der DHCPv4-Clientdienst wird gestartet.
Record Number: 10109
Source Name: Microsoft-Windows-Dhcp-Client
Time Written: 20091207203123.320026-000
Event Type: Informationen
User: NT-AUTORITÄT\LOKALER DIENST

Computer Name: Top-PC
Event Code: 7036
Message: Dienst "Netzwerkspeicher-Schnittstellendienst" befindet sich jetzt im Status "Ausgeführt".
Record Number: 10108
Source Name: Service Control Manager
Time Written: 20091207203123.320026-000
Event Type: Informationen
User:

Computer Name: Top-PC
Event Code: 7036
Message: Dienst "Windows Driver Foundation - Benutzermodus-Treiberframework" befindet sich jetzt im Status "Ausgeführt".
Record Number: 10107
Source Name: Service Control Manager
Time Written: 20091207203123.304426-000
Event Type: Informationen
User:

=====Application event log=====

Computer Name: 37L4247E29-32
Event Code: 1001
Message: Fehlerbucket , Typ 0
Ereignisname: PnPDriverNotFound
Antwort: Nicht verfügbar
CAB-Datei-ID: 0

Problemsignatur:
P1: x64
P2: PCI\VEN_10B7&DEV_9200&SUBSYS_100010B7&REV_78
P3:
P4:
P5:
P6:
P7:
P8:
P9:
P10:

Angefügte Dateien:
C:\Windows\Temp\DMIFC29.tmp.log.xml

Diese Dateien befinden sich möglicherweise hier:
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_bdc8d8a074cecd53ed922dffe04644206e7ac924_cab_0598fcc5

Analysesymbol:
Es wird erneut nach einer Lösung gesucht: 0
Berichts-ID: 9c2a91dc-d755-11de-8fe6-f6ea46460875
Berichtstatus: 6
Record Number: 5
Source Name: Windows Error Reporting
Time Written: 20091122105557.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 5617
Message: Die Subsysteme des Windows-Verwaltungsinstrumentationsdienstes wurden erfolgreich initialisiert.
Record Number: 4
Source Name: Microsoft-Windows-WMI
Time Written: 20091122105556.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 5615
Message: Der Windows-Verwaltungsinstrumentationsdienst wurde erfolgreich gestartet.
Record Number: 3
Source Name: Microsoft-Windows-WMI
Time Written: 20091122105552.000000-000
Event Type: Informationen
User:

Computer Name: 37L4247E29-32
Event Code: 1531
Message: Der Benutzerprofildienst wurde erfolgreich gestartet.

Record Number: 2
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20091122105549.348098-000
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: 37L4247E29-32
Event Code: 4625
Message: Das EventSystem-Subsystem unterdrückt duplizierte Ereignisprotokolleinträge für eine Dauer von 86400 Sekunden. Dieses Zeitlimit kann durch den REG_DWORD-Wert SuppressDuplicateDuration unter folgendem Registrierungsschlüssel gesteuert werden: HKLM\Software\Microsoft\EventSystem\EventLog.
Record Number: 1
Source Name: Microsoft-Windows-EventSystem
Time Written: 20091122105549.000000-000
Event Type: Informationen
User:

=====Security event log=====

Computer Name: 37L4247E29-32
Event Code: 4735
Message: Eine sicherheitsaktivierte lokale Gruppe wurde geändert.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: 37L4247E29-32$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Gruppe:
Sicherheits-ID: S-1-5-32-551
Gruppenname: Sicherungs-Operatoren
Gruppendomäne: Builtin

Geänderte Attribute:
SAM-Kontoname: -
SID-Verlauf: -

Weitere Informationen:
Berechtigungen: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122105530.144464-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 37L4247E29-32
Event Code: 4731
Message: Eine sicherheitsaktivierte lokale Gruppe wurde erstellt.

Antragsteller:
Sicherheits-ID: S-1-5-18
Kontoname: 37L4247E29-32$
Kontodomäne: WORKGROUP
Anmelde-ID: 0x3e7

Neue Gruppe:
Sicherheits-ID: S-1-5-32-551
Gruppenname: Sicherungs-Operatoren
Gruppendomäne: Builtin

Attribute:
SAM-Kontoname: Sicherungs-Operatoren
SID-Verlauf: -

Weitere Informationen:
Berechtigungen: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122105530.113264-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 37L4247E29-32
Event Code: 4902
Message: Eine Benutzerrichtlinien-Überwachungstabelle wurde erstellt.

Anzahl von Elementen: 0
Richtlinienkennung: 0x31c41
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122105529.645263-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 37L4247E29-32
Event Code: 4624
Message: Ein Konto wurde erfolgreich angemeldet.

Antragsteller:
Sicherheits-ID: S-1-0-0
Kontoname: -
Kontodomäne: -
Anmelde-ID: 0x0

Anmeldetyp: 0

Neue Anmeldung:
Sicherheits-ID: S-1-5-18
Kontoname: SYSTEM
Kontodomäne: NT-AUTORITÄT
Anmelde-ID: 0x3e7
Anmelde-GUID: {00000000-0000-0000-0000-000000000000}

Prozessinformationen:
Prozess-ID: 0x4
Prozessname:

Netzwerkinformationen:
Arbeitsstationsname: -
Quellnetzwerkadresse: -
Quellport: -

Detaillierte Authentifizierungsinformationen:
Anmeldeprozess: -
Authentifizierungspaket: -
Übertragene Dienste: -
Paketname (nur NTLM): -
Schlüssellänge: 0

Dieses Ereignis wird beim Erstellen einer Anmeldesitzung generiert. Es wird auf dem Computer generiert, auf den zugegriffen wurde.

Die Antragstellerfelder geben das Konto auf dem lokalen System an, von dem die Anmeldung angefordert wurde. Dies ist meistens ein Dienst wie der Serverdienst oder ein lokaler Prozess wie "Winlogon.exe" oder "Services.exe".

Das Anmeldetypfeld gibt den jeweiligen Anmeldetyp an. Die häufigsten Typen sind 2 (interaktiv) und 3 (Netzwerk).

Die Felder für die neue Anmeldung geben das Konto an, für das die Anmeldung erstellt wurde, d. h. das angemeldete Konto.

Die Netzwerkfelder geben die Quelle einer Remoteanmeldeanforderung an. der Arbeitsstationsname ist nicht immer verfügbar und kann in manchen Fällen leer bleiben.

Die Felder für die Authentifizierungsinformationen enthalten detaillierte Informationen zu dieser speziellen Anmeldeanforderung.
- Die Anmelde-GUID ist ein eindeutiger Bezeichner, der verwendet werden kann, um dieses Ereignis mit einem KDC-Ereignis zu korrelieren.
- Die übertragenen Dienste geben an, welche Zwischendienste an der Anmeldeanforderung beteiligt waren.
- Der Paketname gibt das in den NTLM-Protokollen verwendete Unterprotokoll an.
- Die Schlüssellänge gibt die Länge des generierten Sitzungsschlüssels an. Wenn kein Sitzungsschlüssel angefordert wurde, ist dieser Wert 0.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122105527.695260-000
Event Type: Überwachung erfolgreich
User:

Computer Name: 37L4247E29-32
Event Code: 4608
Message: Windows wird gestartet.

Dieses Ereignis wird protokolliert, wenn LSASS.EXE gestartet und das Überwachungssubsystem initialisiert wird.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20091122105527.632860-000
Event Type: Überwachung erfolgreich
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Video\QuickTime Alternative\QTSystem;C:\Program Files\MATLAB\R2008a\bin;C:\Program Files\MATLAB\R2008a\bin\win64;C:\Program Files (x86)\Common Files\Teleca Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=2
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 23 Stepping 10, GenuineIntel
"PROCESSOR_REVISION"=170a
"DEFAULT_CA_NR"=CA8

-----------------EOF-----------------

brockerdocke · 04.05.2010, 22:35

Hallo,
ich habe jetzt mit CCleaner aufgeräumt und auch mal OTL durchlaufen lassen. Dabei ist mir aufgefallen, dass im OTL-Logfile unter Hosts File ein Haufen dubioser Websites stehen auf denen ich nicht wüsste jemals gewesen zu sein. Ich hab keine Ahnung wo die herkommen. Vielen Dank schon mal für alle Hilfe!

Hier also das OTL.text-File:

Zitat:

OTL logfile created on: 04.05.2010 23:31:34 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Top\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 40,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,03 Gb Total Space | 48,65 Gb Free Space | 49,63% Space Free | Partition Type: NTFS
Drive D: | 498,05 Gb Total Space | 218,35 Gb Free Space | 43,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931,51 Gb Total Space | 357,71 Gb Free Space | 38,40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOP-PC
Current User Name: Top
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010.05.04 23:04:06 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Top\Desktop\OTL.exe
PRC - [2010.04.28 13:45:50 | 000,835,952 | ---- | M] (Opera Software) -- C:\Program Files (x86)\Internet\Opera\opera.exe
PRC - [2010.04.06 11:42:07 | 011,957,424 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Internet\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.04.03 14:38:45 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Internet\Mozilla Firefox\firefox.exe
PRC - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\Helferlein\CDBurnerXP\NMSAccessU.exe
PRC - [2009.08.09 11:49:26 | 003,986,552 | ---- | M] (Almico Software (www.almico.com)) -- C:\Program Files (x86)\Helferlein\SpeedFan\speedfan.exe
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Sicherheit\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Sicherheit\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.08.05 21:16:40 | 000,286,720 | ---- | M] () -- C:\Program Files (x86)\Helferlein\Launchy\Launchy.exe
PRC - [2008.06.23 15:47:18 | 004,628,752 | ---- | M] (Headlight Software, Inc.) -- C:\Program Files (x86)\Internet\GetRight\GetRight.exe
PRC - [2007.10.28 12:35:48 | 000,425,984 | ---- | M] (Bao_Nguyen) -- C:\Program Files (x86)\Helferlein\Switcher\Switcher.exe

========== Modules (SafeList) ==========

MOD - [2010.05.04 23:04:06 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Top\Desktop\OTL.exe
MOD - [2009.07.14 03:15:07 | 000,486,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\comdlg32.dll
MOD - [2009.07.14 03:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009.12.09 20:30:34 | 000,017,416 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.11.15 20:31:04 | 000,050,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Helferlein\ShrewSoft\dtpd.exe -- (dtpd)
SRV:64bit: - [2009.11.15 20:28:44 | 000,948,224 | ---- | M] () [Auto | Running] -- C:\Program Files\Helferlein\ShrewSoft\iked.exe -- (iked)
SRV:64bit: - [2009.11.15 20:26:26 | 000,690,688 | ---- | M] () [Auto | Running] -- C:\Program Files\Helferlein\ShrewSoft\ipsecd.exe -- (ipsecd)
SRV:64bit: - [2009.07.14 03:41:59 | 000,229,888 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wwansvc.dll -- (WwanSvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,202,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbiosrvc.dll -- (WbioSrvc)
SRV:64bit: - [2009.07.14 03:41:56 | 000,195,072 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\umrdp.dll -- (UmRdpService)
SRV:64bit: - [2009.07.14 03:41:56 | 000,163,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\umpo.dll -- (Power)
SRV:64bit: - [2009.07.14 03:41:55 | 000,044,544 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\themeservice.dll -- (Themes)
SRV:64bit: - [2009.07.14 03:41:54 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sppuinotify.dll -- (sppuinotify)
SRV:64bit: - [2009.07.14 03:41:54 | 000,029,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\sensrsvc.dll -- (SensrSvc)
SRV:64bit: - [2009.07.14 03:41:54 | 000,017,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\StorSvc.dll -- (StorSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 001,361,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\PeerDistSvc.dll -- (PeerDistSvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (PNRPsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,327,168 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\pnrpsvc.dll -- (p2pimsvc)
SRV:64bit: - [2009.07.14 03:41:53 | 000,187,904 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\provsvc.dll -- (HomeGroupProvider)
SRV:64bit: - [2009.07.14 03:41:53 | 000,067,072 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\SysNative\RpcEpMap.dll -- (RpcEptMapper)
SRV:64bit: - [2009.07.14 03:41:53 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\pnrpauto.dll -- (PNRPAutoReg)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:41:18 | 000,231,936 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\ListSvc.dll -- (HomeGroupListener)
SRV:64bit: - [2009.07.14 03:40:54 | 001,127,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FntCache.dll -- (FontCache)
SRV:64bit: - [2009.07.14 03:40:28 | 000,314,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\dhcpcore.dll -- (Dhcp)
SRV:64bit: - [2009.07.14 03:40:28 | 000,291,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\defragsvc.dll -- (defragsvc)
SRV:64bit: - [2009.07.14 03:40:24 | 000,689,152 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\cscsvc.dll -- (CscService)
SRV:64bit: - [2009.07.14 03:40:13 | 000,083,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\bthserv.dll -- (bthserv)
SRV:64bit: - [2009.07.14 03:40:10 | 000,100,864 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\SysNative\bdesvc.dll -- (BDESVC)
SRV:64bit: - [2009.07.14 03:40:05 | 000,114,688 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AxInstSv.dll -- (AxInstSV)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.07.14 03:40:01 | 000,032,256 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appidsvc.dll -- (AppIDSvc)
SRV:64bit: - [2009.07.14 03:39:51 | 001,503,744 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wbengine.exe -- (wbengine)
SRV:64bit: - [2009.07.14 03:39:28 | 003,524,608 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysNative\sppsvc.exe -- (sppsvc)
SRV:64bit: - [2009.07.14 03:39:11 | 000,689,152 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\FXSSVC.exe -- (Fax)
SRV - [2010.04.01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.02.24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.06 13:38:06 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Helferlein\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.08.05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009.07.14 05:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009.07.14 03:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 03:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.13 22:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009.06.10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Sicherheit\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.26 20:02:28 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\D-Link\DWA-556 revA\jswpsapi.exe -- (jswpsapi)
SRV - [2005.11.17 16:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.03.02 13:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010.02.16 14:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2010.02.16 13:27:40 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2009.12.19 10:11:40 | 000,314,400 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.12.11 12:29:27 | 000,153,160 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ksecpkg.sys -- (KSecPkg)
DRV:64bit: - [2009.12.04 18:26:32 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07)
DRV:64bit: - [2009.11.19 02:06:22 | 000,020,992 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2009.11.19 02:06:20 | 000,012,800 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2009.11.12 14:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.10.05 17:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.09.26 08:20:38 | 000,223,448 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fvevol.sys -- (fvevol)
DRV:64bit: - [2009.08.06 00:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:48:04 | 000,014,416 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hwpolicy.sys -- (hwpolicy)
DRV:64bit: - [2009.07.14 03:47:49 | 000,055,376 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fsdepends.sys -- (FsDepends)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:56 | 000,022,096 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wimmount.sys -- (WIMMount)
DRV:64bit: - [2009.07.14 03:45:55 | 000,217,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vhdmp.sys -- (vhdmp)
DRV:64bit: - [2009.07.14 03:45:55 | 000,200,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmbus.sys -- (vmbus)
DRV:64bit: - [2009.07.14 03:45:55 | 000,046,672 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmstorfl.sys -- (storflt)
DRV:64bit: - [2009.07.14 03:45:55 | 000,036,432 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vdrvroot.sys -- (vdrvroot)
DRV:64bit: - [2009.07.14 03:45:55 | 000,034,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\storvsc.sys -- (storvsc)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 03:45:46 | 000,214,096 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\rdyboost.sys -- (rdyboost)
DRV:64bit: - [2009.07.14 03:45:45 | 000,050,768 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\pcw.sys -- (pcw)
DRV:64bit: - [2009.07.14 03:43:14 | 000,460,504 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\cng.sys -- (CNG)
DRV:64bit: - [2009.07.14 02:17:46 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rdpbus.sys -- (rdpbus)
DRV:64bit: - [2009.07.14 02:16:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV:64bit: - [2009.07.14 02:10:24 | 000,060,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV:64bit: - [2009.07.14 02:09:26 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\wfplwf.sys -- (WfpLwf)
DRV:64bit: - [2009.07.14 02:08:13 | 000,035,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndiscap.sys -- (NdisCap)
DRV:64bit: - [2009.07.14 02:07:28 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifimp.sys -- (vwifimp)
DRV:64bit: - [2009.07.14 02:07:22 | 000,059,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vwififlt.sys -- (vwififlt)
DRV:64bit: - [2009.07.14 02:07:21 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vwifibus.sys -- (vwifibus)
DRV:64bit: - [2009.07.14 02:07:13 | 000,227,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\1394ohci.sys -- (1394ohci)
DRV:64bit: - [2009.07.14 02:07:00 | 000,350,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HdAudio.sys -- (HdAudAddService)
DRV:64bit: - [2009.07.14 02:07:00 | 000,184,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbvideo.sys -- (usbvideo) USB-Videogerät (WDM)
DRV:64bit: - [2009.07.14 02:06:52 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\umpass.sys -- (UmPass)
DRV:64bit: - [2009.07.14 02:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009.07.14 02:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009.07.14 02:06:42 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2009.07.14 02:06:32 | 000,109,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV:64bit: - [2009.07.14 02:06:28 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\winusb.sys -- (WinUsb)
DRV:64bit: - [2009.07.14 02:06:24 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV:64bit: - [2009.07.14 02:05:37 | 000,112,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WUDFPf.sys -- (WudfPf)
DRV:64bit: - [2009.07.14 02:02:08 | 000,015,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MTConfig.sys -- (MTConfig)
DRV:64bit: - [2009.07.14 02:00:34 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CompositeBus.sys -- (CompositeBus)
DRV:64bit: - [2009.07.14 02:00:13 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\beep.sys -- (Beep)
DRV:64bit: - [2009.07.14 01:52:39 | 000,061,440 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\appid.sys -- (AppID)
DRV:64bit: - [2009.07.14 01:50:17 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\SysNative\drivers\scfilter.sys -- (scfilter)
DRV:64bit: - [2009.07.14 01:42:58 | 000,006,656 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vms3cap.sys -- (s3cap)
DRV:64bit: - [2009.07.14 01:42:44 | 000,021,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusHID.sys -- (VMBusHID)
DRV:64bit: - [2009.07.14 01:37:18 | 000,040,448 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\discache.sys -- (discache)
DRV:64bit: - [2009.07.14 01:31:06 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidbatt.sys -- (HidBatt)
DRV:64bit: - [2009.07.14 01:31:03 | 000,017,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CmBatt.sys -- (CmBatt)
DRV:64bit: - [2009.07.14 01:27:17 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acpipmi.sys -- (AcpiPmi)
DRV:64bit: - [2009.07.14 01:24:27 | 000,514,048 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\csc.sys -- (CSC)
DRV:64bit: - [2009.07.14 01:19:25 | 000,060,928 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdppm.sys -- (AmdPPM)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.15 04:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV:64bit: - [2007.09.25 16:59:52 | 000,018,128 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Video\MediaCoder\SysInfoX64.sys -- (CrystalSysInfo)
DRV - [2009.12.04 16:04:12 | 000,081,920 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\acedrv07.dll -- (acedrv07)
DRV - [2009.11.22 12:55:49 | 000,000,000 | ---D | M] [Kernel | System | Running] -- C:\Windows\CSC -- (CSC)
DRV - [2009.11.12 14:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 03:16:19 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\winusb.dll -- (WinUsb)
DRV - [2009.07.14 03:16:02 | 000,014,336 | ---- | M] (Microsoft Corporation) [File_System | System | Running] -- C:\Windows\SysWOW64\netbios.dll -- (NetBIOS)
DRV - [2009.06.10 23:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009.06.10 23:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)
DRV - [2008.05.15 04:28:52 | 000,026,624 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\jswpslwfx.sys -- (JSWPSLWF)
DRV - [2007.02.07 20:27:46 | 000,014,104 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysWOW64\speedfan.sys -- (speedfan)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1660466520-1059942827-31041933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1660466520-1059942827-31041933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1660466520-1059942827-31041933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F A2 DB F2 02 B8 CA 01 [binary data]
IE - HKU\S-1-5-21-1660466520-1059942827-31041933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {ca0849e8-2c76-42ae-9abe-34e14d337acf}:1.91
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.47.4
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: jl@leimbach-it.de:2.5
FF - prefs.js..extensions.enabledItems: {a6ca9b3b-5e52-4f47-85d8-cca35bb57596}:1.4.6
FF - prefs.js..extensions.enabledItems: wikilook@testpilot:2.5.5
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.6.14
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..keyword.URL: "hxxp://www.bing.com/search?FORM=IEFM1&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://143.205.172.12:3128/"
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "143.205.172.12:3128"
FF - prefs.js..network.proxy.gopher: "143.205.172.12:3128"
FF - prefs.js..network.proxy.http: "143.205.172.12:3128"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "143.205.172.12:3128"
FF - prefs.js..network.proxy.ssl: "143.205.172.12:3128"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Internet\Mozilla Firefox\components [2010.04.03 14:38:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Internet\Mozilla Firefox\plugins [2010.04.03 14:38:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Components: C:\Program Files (x86)\Internet\Mozilla Thunderbird\components [2010.04.06 11:42:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.4\extensions\\Plugins: C:\Program Files (x86)\Internet\Mozilla Thunderbird\plugins

[2010.02.11 23:18:24 | 000,000,000 | ---D | M] -- C:\Users\Top\AppData\Roaming\mozilla\Extensions
[2010.02.11 23:18:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Top\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2009.12.06 16:43:07 | 000,000,000 | ---D | M] -- C:\Users\Top\AppData\Roaming\mozilla\Extensions\MediaCoder
[2009.12.06 17:02:30 | 000,000,000 | ---D | M] -- C:\Users\Top\AppData\Roaming\mozilla\Extensions\MediaCoder-MCEX
[2010.05.04 22:10:12 | 000,000,000 | ---D | M] -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions
[2010.04.11 13:21:26 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.03.11 11:46:52 | 000,000,000 | ---D | M] (Sage) -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\{a6ca9b3b-5e52-4f47-85d8-cca35bb57596}
[2009.11.22 16:33:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}
[2010.05.01 18:06:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.10 09:46:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.04.21 21:42:53 | 000,000,000 | ---D | M] -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\foxmarks@kei.com
[2010.03.25 22:39:49 | 000,000,000 | ---D | M] -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\jl@leimbach-it.de
[2010.02.18 00:56:02 | 000,000,000 | ---D | M] -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\moveplayer@movenetworks.com
[2009.11.22 16:33:35 | 000,000,000 | ---D | M] -- C:\Users\Top\AppData\Roaming\mozilla\Firefox\Profiles\bfdsdhe3.default\extensions\wikilook@testpilot
[2010.02.14 23:17:32 | 000,002,207 | ---- | M] () -- C:\Users\Top\AppData\Roaming\Mozilla\FireFox\Profiles\bfdsdhe3.default\searchplugins\askcom.xml
[2009.12.04 19:42:26 | 000,002,171 | ---- | M] () -- C:\Users\Top\AppData\Roaming\Mozilla\FireFox\Profiles\bfdsdhe3.default\searchplugins\bing.xml
[2009.11.28 13:47:03 | 000,002,284 | ---- | M] () -- C:\Users\Top\AppData\Roaming\Mozilla\FireFox\Profiles\bfdsdhe3.default\searchplugins\wolframalpha.xml
[2009.11.22 18:44:25 | 000,004,153 | ---- | M] () -- C:\Users\Top\AppData\Roaming\Mozilla\FireFox\Profiles\bfdsdhe3.default\searchplugins\youtube.xml

O1 HOSTS File: ([2010.01.18 18:19:08 | 000,373,541 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 12871 more lines...
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files (x86)\Internet\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files (x86)\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SICHER~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1660466520-1059942827-31041933-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Sicherheit\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1660466520-1059942827-31041933-1000..\Run: [Switcher] C:\Program Files (x86)\Helferlein\Switcher\Switcher.exe (Bao_Nguyen)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Download with GetRight - C:\Program Files (x86)\Internet\GetRight\GRdownload.htm ()
O8:64bit: - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\Internet\GetRight\GRbrowse.htm ()
O8 - Extra context menu item: Download with GetRight - C:\Program Files (x86)\Internet\GetRight\GRdownload.htm ()
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files (x86)\Internet\GetRight\GRbrowse.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SICHER~1\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{9a7270b0-08da-11df-ba37-001fd087a9d3}\Shell - "" = AutoRun
O33 - MountPoints2\{9a7270b0-08da-11df-ba37-001fd087a9d3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.05.04 23:04:05 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Users\Top\Desktop\OTL.exe
[2010.05.04 22:41:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\trend micro
[2010.05.04 22:20:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.05.04 14:19:49 | 000,000,000 | ---D | C] -- C:\Users\Top\AppData\Roaming\Malwarebytes
[2010.05.04 14:19:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.04 14:19:35 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.05.03 21:49:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Antimalware
[2010.05.03 21:49:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials
[2010.05.02 19:19:33 | 000,000,000 | ---D | C] -- C:\Users\Top\AppData\Roaming\Avira
[2010.05.02 19:17:46 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.05.02 19:17:46 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.05.02 19:17:46 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.04.28 19:04:06 | 000,223,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fvevol.sys
[2010.04.28 19:04:04 | 001,446,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2010.04.28 19:04:04 | 000,153,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ksecpkg.sys
[2010.04.14 23:06:41 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2010.04.14 23:06:41 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\vbscript.dll
[2010.04.14 23:06:40 | 005,509,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.04.14 23:06:40 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.04.14 23:06:40 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.04.14 23:06:36 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2010.04.14 23:06:36 | 000,172,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wintrust.dll
[2010.04.14 23:06:36 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cabview.dll
[2010.04.14 23:06:36 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cabview.dll
[2010.04.11 13:21:04 | 000,000,000 | ---D | C] -- C:\Users\Top\AppData\Roaming\vlc
[2010.04.05 00:13:04 | 000,000,000 | ---D | C] -- C:\Users\Top\.thumbnails
[2010.04.04 23:45:09 | 000,000,000 | ---D | C] -- C:\Users\Top\AppData\Roaming\PanoramaStudio
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.05.04 23:31:53 | 007,602,176 | -HS- | M] () -- C:\Users\Top\ntuser.dat
[2010.05.04 23:12:03 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.04 23:12:03 | 000,013,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.04 23:04:06 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Users\Top\Desktop\OTL.exe
[2010.05.04 22:56:39 | 000,009,627 | ---- | M] () -- C:\Users\Top\Desktop\Unbenannt 1.odg
[2010.05.04 22:10:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.04 18:10:23 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.04 18:02:06 | 098,366,952 | ---- | M] () -- C:\Users\Top\Desktop\Nokia_Ovi_Suite_webinstaller_ALL.exe
[2010.05.04 17:39:09 | 035,770,808 | ---- | M] () -- C:\Users\Top\Desktop\NokiaSoftwareUpdaterSetup_de.exe
[2010.05.04 17:14:46 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.04 17:14:46 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.04 17:14:46 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.04 17:14:46 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.04 17:14:46 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.04 17:07:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.04 17:07:35 | 3220,033,536 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.04 17:02:02 | 000,000,164 | ---- | M] () -- C:\Windows\DelMR.bat
[2010.05.04 17:01:52 | 002,639,488 | -H-- | M] () -- C:\Users\Top\AppData\Local\IconCache.db
[2010.04.29 19:48:19 | 000,005,235 | ---- | M] () -- C:\Users\Top\.recently-used.xbel
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.28 23:06:20 | 000,012,800 | ---- | M] () -- C:\Users\Top\Desktop\Stundenplan 4. Semester.xls
[2010.04.13 16:57:36 | 000,010,736 | ---- | M] () -- C:\Users\Top\Desktop\OpenDocument Text (neu).odt
[2010.04.11 14:45:50 | 000,021,197 | ---- | M] () -- C:\Users\Top\Desktop\Kosten.ods
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.05.04 17:27:47 | 098,366,952 | ---- | C] () -- C:\Users\Top\Desktop\Nokia_Ovi_Suite_webinstaller_ALL.exe
[2010.04.29 19:48:19 | 000,005,235 | ---- | C] () -- C:\Users\Top\.recently-used.xbel
[2010.04.17 15:49:06 | 035,770,808 | ---- | C] () -- C:\Users\Top\Desktop\NokiaSoftwareUpdaterSetup_de.exe
[2010.04.13 16:55:43 | 000,012,800 | ---- | C] () -- C:\Users\Top\Desktop\Stundenplan 4. Semester.xls
[2010.04.13 16:39:45 | 000,010,736 | ---- | C] () -- C:\Users\Top\Desktop\OpenDocument Text (neu).odt
[2010.04.13 12:16:13 | 000,009,627 | ---- | C] () -- C:\Users\Top\Desktop\Unbenannt 1.odg
[2010.04.10 16:34:57 | 000,021,197 | ---- | C] () -- C:\Users\Top\Desktop\Kosten.ods
[2009.12.05 19:27:29 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2009.12.04 16:05:03 | 000,000,000 | ---- | C] () -- C:\Windows\Videodeluxe.INI
[2009.12.04 16:04:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2009.12.04 15:59:41 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2009.12.04 15:51:35 | 000,006,537 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.11.26 15:28:47 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2009.11.22 23:28:38 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.11.22 13:16:37 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2009.11.22 13:16:37 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
< End of report >

und dann noch das Extras.txt - File:

Zitat:

OTL Extras logfile created on: 04.05.2010 23:31:34 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Users\Top\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 40,00% Memory free
8,00 Gb Paging File | 5,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 98,03 Gb Total Space | 48,65 Gb Free Space | 49,63% Space Free | Partition Type: NTFS
Drive D: | 498,05 Gb Total Space | 218,35 Gb Free Space | 43,84% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 931,51 Gb Total Space | 357,71 Gb Free Space | 38,40% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOP-PC
Current User Name: Top
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1660466520-1059942827-31041933-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Internet\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\Video\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\Video\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2C304CEF-37C3-424E-9DD7-C56C45658290}" = Microsoft Image Composite Editor
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4F77F6EE-2C99-49F7-940A-2E9C208C3BE2}" = Paint.NET v3.5.2
"{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}" = Bing Maps 3D
"{84ED5482-CFB0-4DD9-BF18-489FFDACD18A}" = Microsoft Antimalware Service DE-DE Language Pack
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
"{AC38EE55-86A7-4688-BC8E-202D82FB8B7B}" = NetSpeedMonitor 2.4.2.0 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{E590FD1C-E8C6-4D2E-8CA9-77B403F7EE01}" = Microsoft Antimalware
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0A36649-873E-4832-A5F1-BF5DF8600BDB}" = Windows Live Family Safety
"MatlabR2008a" = MATLAB R2008a
"Microsoft Security Essentials" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Recuva" = Recuva
"Shrew Soft VPN Client" = Shrew Soft VPN Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F6F39E3-D24D-4EEE-9AEA-DEDAF991385D}" = DWA-556
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8944ED10-DBF2-4FA9-8B5D-D7E1B046C761}_is1" = ColdCut
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A975BA51-6314-4842-B0D7-7FCE088F7423}" = PureSync
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.1 - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C084BC61-E537-11DE-8616-005056806466}" = Google Earth
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7DB6677-661D-4835-AAD8-1B7F4C98D7CE}" = Switcher 2.0.0
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avidemux 2.5" = Avidemux 2.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Biet-O-Matic v2.12.6" = Biet-O-Matic v2.12.6
"CCleaner" = CCleaner
"ffdshow_is1" = ffdshow [rev 2946] [2009-05-15]
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition (D)
"GetRight_is1" = GetRight
"HijackThis" = HijackThis 2.0.2
"Hugin_is1" = Hugin 0.7.0 (SVN 3465)
"Launchy_21344213_is1" = Launchy 2.1.2
"MAGIX Foto Clinic 5.5 D" = MAGIX Foto Clinic 5.5 (D)
"MAGIX Foto Manager 2007 D" = MAGIX Foto Manager 2007 (D)
"MAGIX Goya burnR D" = MAGIX Goya burnR (D)
"MAGIX Music Manager 2006 D" = MAGIX Music Manager 2006 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service (D)
"MAGIX Video deluxe 2007 PLUS D" = MAGIX Video deluxe 2007 PLUS (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaCoder x64" = MediaCoder x64 0.7.2.4540
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.4)" = Mozilla Thunderbird (3.0.4)
"MPE" = MyPhoneExplorer
"nLite_is1" = nLite 1.4.9.1
"PanoramaStudio2" = PanoramaStudio 2.0 (deinstallieren)
"QuicktimeAlt_is1" = QuickTime Alternative 3.1.0
"SpeedFan" = SpeedFan (remove only)
"Trillian" = Trillian
"Unlockmaster 3" = Unlockmaster 3
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.1.6

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1660466520-1059942827-31041933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

brockerdocke · 05.05.2010, 19:49

Hallo,
ich habe mittlerweile herausgefunden, dass die dubiosen Websites von Spybot Search&Destroy beim immunisieren eingetragen wurden um diese zu blocken.
Ansonsten bin ich jetzt leider nicht weitergekommen. Mit Opera verschwindet jetzt immer der Mauszeiger beim surfen wenn ich die Maus stillhalte. Erst wenn ich sie bewege taucht sie wieder auf. Aber ich weiß nicht, ob das ein Fehler oder ein Feature ist....

Wenn mir ansonsten jemand noch einen Tipp geben könnte, was das für ein Schädling sein könnte/ wie man ihn los wird, wäre ich sehr dankbar!

Vielen Dank schon mal für alle Mühe,
brockerdocker

IE 8 öffnet sich mit ad.globe7.com Win7 64bit

Plagegeister aller Art und deren Bekämpfung: IE 8 öffnet sich mit ad.globe7.com Win7 64bit