MS removal Tool vollständig entfernen
 

Wie der Titel schon sagt, hatte ich kürzlich dieses Problem, und möchte es noch sicherehitshalber überprüfen lassen :)

:hallo:

Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

• Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
• Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
• Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
• Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
• Bitte füge alle Logfiles in sog. Codeboxen ein. Das Symbol dafür findest du über dem Textfeld, es sieht in etwa so aus: #.
• Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
• Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
• Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Das war eine gute Entscheidung, da sich auf deinem Rechner noch Malware befindet. :kloppen:



Ich bereite jetzt einen Fix vor und melde mich so bald als möglich mit weiteren Anweisungen.

Hallo Deathkid535,






Schritt # 1: Störende Programme

• Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt.
• Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind):
• Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt # 2: Registry Cleaner
Ich sehe, dass Du sogenannte Registry Cleaner am System hast.
In deinem Fall Advanced SystemCare 3.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

• Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
• Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
• Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.





Schritt # 3: Peer to Peer oder Filesharing Programme
Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest.

In deinem Fall µTorrent.

Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen.

Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Programme deinstallieren

und deinstalliere die oben genannte Software.

Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst.





Schritt # 4: Deinstallation von Programmen

• Folge folgendem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
• Suche in der Liste Software mit dem folgenden Namen
  • Ask Toolbar
  • Conduit Engine
  • DVDVideoSoftTB Toolbar
  • softonic-de3 Toolbar
  • uTorrentBar_DE Toolbar
  • VirusKeeper 2011 Pro Probeversion
  und deinstalliere das Programm.
• Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.

Schritt # 5: Add-ons in Firefox entfernen

• Starte Firefox
• Klicke auf Firefox -> Add-ons -> Erweiterungen
• Entferne die folgenden Add-ons (sofern sie vorhanden sind):
  • uTorrentBar_DE Community Toolbar
  • Conduit Engine
• Zum Abschluss musst du Firefox schließen und neu starten, damit die Entfernung abgeschlossen werden kann.
• Kontrolliere, ob die genannten Erweiterungen auch entfernt wurden.
• Schließe Firefox wieder.

Schritt # 6: Stoppen von Treibern mit Defogger

• Starte das Tool mit Doppelklick.
  Vista und Windows 7 User: Bitte mit Rechtsklick "als Administrator starten".
• Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
• Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
• Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
• DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.





Schritt # 7: aswMBR.exe ausführen
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 8: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

• Schließe bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 9: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• eine Rückmeldung bezüglich Advanced SystemCare 3 und uTorrent,
• eine Rückmeldung bezüglich aller geforderten Deinstallationen,
• das Logfile von Defogger,
• das Logfile von aswMBR und
• das neue Logfile von OTL (OTL.txt).

Hallo, danke für die (vor allem schnelle!) Antwort.
Ich habe die Punkte einzeln nach Anleitung durchgemacht:

1. Advanced SystemCare und uTorrent habe ich Deinstalliert
2. Ich habe alles Deinstalliert, ausser softonic-de3 Toolbar und uTorrentBar_DE Toolbar, da die Datei INSTALL.LOG nicht geöffnet werden konnte
3. Das Lofgile von Defogger:
   Code:

   ---

   defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:18 on 27/06/2011 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

   ---

4. Logfile von aswMBR:
   Code:

   ---

   aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-06-27 19:20:04
-----------------------------
19:20:04.173    OS Version: Windows 6.1.7600
19:20:04.173    Number of processors: 2 586 0x602
19:20:04.176    ComputerName: DENNIS-PC  UserName:
19:20:07.187    Initialize success
19:23:42.651    AVAST engine defs: 11062700
19:24:42.722    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000057
19:24:42.730    Disk 0 Vendor: ST925031 0010 Size: 238475MB BusType: 11
19:24:44.831    Disk 0 MBR read successfully
19:24:44.838    Disk 0 MBR scan
19:24:44.847    Disk 0 Windows 7 default MBR code
19:24:46.867    Disk 0 scanning sectors +488397168
19:24:46.888    Disk 0 scanning C:\Windows\system32\drivers
19:25:02.493    Service scanning
19:25:03.416    Disk 0 trace - called modules:
19:25:03.521    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys
19:25:03.532    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85998460]
19:25:03.546    3 CLASSPNP.SYS[883ab59e] -> nt!IofCallDriver -> [0x85969c70]
19:25:03.561    5 amdxata.sys[8817a7b6] -> nt!IofCallDriver -> [0x859691e0]
19:25:03.572    7 ACPI.sys[833a53b2] -> nt!IofCallDriver -> \Device\00000057[0x85965030]
19:25:05.098    AVAST engine scan C:\Windows
19:57:47.952    Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
19:57:47.954    The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

   ---

5. Das neue OTL Logfile:
   Code:

   ---

   OTL logfile created on: 27.06.2011 19:58:38 - Run 2
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,59 Gb Available Physical Memory | 33,95% Memory free
6,98 Gb Paging File | 5,61 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 41,94 Gb Free Space | 27,29% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 2,94 Gb Free Space | 3,77% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Administrator\AppData\Local\Apps\2.0\W55HJDXV.742\KR5R0CNL.RO1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe (Curse)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\mswinext.exe (Microsoft Corp.)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Programme\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SRS_AudioFusion_Service) -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CFA) -- C:\Windows\System32\drivers\SaiK0CFA.sys (Saitek)
DRV - (SaiU0CFA) -- C:\Windows\System32\drivers\SaiU0CFA.sys (Saitek)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SaiK0728) -- C:\Windows\System32\drivers\SaiK0728.sys (Saitek)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Programme\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTo1.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 5B 60 61 79 69 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTo1.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_DE Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49798
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.28 20:56:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.28 20:55:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.28 20:56:19 | 000,000,000 | ---D | M]
 
[2010.10.14 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011.06.27 19:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions
[2011.05.22 20:40:15 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.06.23 13:09:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.07 08:23:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\battlefieldplay4free@ea.com
[2010.12.16 13:56:14 | 000,000,931 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\conduit.xml
[2010.10.14 20:01:12 | 000,010,017 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\mywebsearch.xml
[2011.05.20 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
File not found (No name found) --
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2011.04.28 20:56:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 18:13:26 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
Hosts file not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Programme\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTo1.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Toolbar) - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Programme\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Programme\uTorrentBar_DE\tbuTo1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Toolbar) - {91DA5E8A-3318-4F8C-B67E-5964DE3AB546} - C:\Programme\ZoneAlarm_Security\tbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Programme\uTorrentBar_DE\tbuTo1.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {813F6F5A-6E3E-EC7C-366E-1E751DE810EB} - Internet Explorer
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A2FF36F0-660C-4D5A-235B-606D609F11AA} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D0477A63-436C-581A-D156-7E7B6074FACB} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^SRS AudioFusion.lnk - C:\Programme\SRS Labs\SRS AudioFusion\srspremiumpanel.exe - (SRS Labs, Inc.)
MsConfig - StartUpFolder: C:^Users^Administrator^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip - C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip - ()
MsConfig - StartUpFolder: C:^Users^Dennis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^RocketDock (2).lnk - C:\Programme\RocketDock\RocketDock.exe - ()
MsConfig - StartUpFolder: C:^Users^Dennis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire.lnk - C:\Programme\Xfire\Xfire.exe - (Xfire Inc.)
MsConfig - StartUpReg: AcWin7Hlpr - hkey= - key= - C:\Programme\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: avgnt - hkey= - key= - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
MsConfig - StartUpReg: cAudioFilterAgent - hkey= - key= - C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe (Conexant Systems, Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: ProfilerU - hkey= - key= - C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek)
MsConfig - StartUpReg: PWRISOVM.EXE - hkey= - key= - C:\Programme\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SaiMfd - hkey= - key= - C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek)
MsConfig - StartUpReg: SaiVolume - hkey= - key= - C:\Programme\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
MsConfig - StartUpReg: SmartAudio - hkey= - key= - C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
MsConfig - StartUpReg: SSDMonitor - hkey= - key= - C:\Programme\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: VirusKeeper - hkey= - key= -  File not found
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 1

 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.27 19:18:41 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 19:12:05 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Conduit
[2011.06.27 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RealUI 0612
[2011.06.27 12:09:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.26 22:50:35 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.06.26 21:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\bL28601DaMcK28601
[2011.06.24 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.06.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RIFT
[2011.06.22 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011.06.22 19:34:45 | 000,000,000 | ---D | C] -- C:\Programme\RIFT Game
[2011.06.22 07:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.20 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\LeilaUI 3.13
[2011.06.18 09:43:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.16 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2011.06.11 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.06.11 22:46:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 22:46:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 22:46:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Programme\chessimo
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\8 x 8 Media AG
[2011.06.10 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011.06.07 13:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.06.07 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.05.30 14:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.27 19:57:47 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011.06.27 19:19:04 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.27 19:19:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 19:11:53 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.06.27 19:09:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000UA.job
[2011.06.27 19:02:25 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.27 19:02:24 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2011.06.27 18:55:26 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.27 18:55:26 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.27 18:48:07 | 000,000,326 | -HS- | M] () -- C:\Windows\tasks\YUGMFTV.job
[2011.06.27 18:48:07 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\BearShareNAG.job
[2011.06.27 18:48:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.27 18:47:55 | 1406,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.27 15:00:11 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 13:32:01 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.06.27 13:13:38 | 000,027,484 | ---- | M] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:26 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:09:21 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.27 12:05:08 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:15:41 | 000,000,150 | ---- | M] () -- C:\Users\Administrator\Desktop\rk-proxy.reg
[2011.06.26 23:12:02 | 001,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 23:01:29 | 000,005,996 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\DACE.97A
[2011.06.26 20:09:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000Core.job
[2011.06.26 10:05:41 | 000,518,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Unbenannt.PNG
[2011.06.24 10:38:56 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.20 19:12:48 | 000,095,049 | ---- | M] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.20 14:12:59 | 000,949,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.20 14:12:59 | 000,704,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.20 14:12:59 | 000,222,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.20 14:12:59 | 000,189,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.11 22:03:34 | 000,015,068 | -HS- | M] () -- C:\Users\Administrator\AppData\Local\rj4sm7u3557mt40c3381ck7fynf7xuq55mfmt
[2011.06.11 22:03:34 | 000,015,068 | -HS- | M] () -- C:\ProgramData\rj4sm7u3557mt40c3381ck7fynf7xuq55mfmt
[2011.06.11 18:58:04 | 000,004,107 | ---- | M] () -- C:\Windows\wininit.ini
[2011.06.11 14:11:05 | 000,001,246 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.06.11 13:32:32 | 000,449,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.11 10:49:21 | 000,166,400 | RHS- | M] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog2.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.10 19:08:58 | 000,000,129 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat
[2011.06.10 19:07:59 | 000,000,034 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences.dat
[2011.06.07 13:06:07 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.06.27 19:57:47 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011.06.27 13:13:38 | 000,027,484 | ---- | C] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:18 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:04:42 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:02 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:15:41 | 000,000,150 | ---- | C] () -- C:\Users\Administrator\Desktop\rk-proxy.reg
[2011.06.26 23:11:45 | 001,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 21:33:00 | 000,005,996 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\DACE.97A
[2011.06.26 09:56:45 | 000,095,049 | ---- | C] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.24 10:38:56 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track05.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track04.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track03.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track02.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track01.cda
[2011.06.11 20:32:30 | 000,015,068 | -HS- | C] () -- C:\Users\Administrator\AppData\Local\rj4sm7u3557mt40c3381ck7fynf7xuq55mfmt
[2011.06.11 20:32:30 | 000,015,068 | -HS- | C] () -- C:\ProgramData\rj4sm7u3557mt40c3381ck7fynf7xuq55mfmt
[2011.06.11 14:33:23 | 000,004,107 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.11 10:49:21 | 000,166,400 | RHS- | C] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.11 10:49:21 | 000,000,326 | -HS- | C] () -- C:\Windows\tasks\YUGMFTV.job
[2011.06.10 21:16:36 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog2.dll
[2011.06.10 21:16:28 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.07 13:06:07 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.06.07 12:56:17 | 000,001,246 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.05.31 15:51:36 | 013,322,449 | ---- | C] () -- C:\Users\Administrator\Desktop\wowszene.de_Hoerspiel-Pinkcraft_01.mp3
[2011.05.29 20:20:41 | 029,118,798 | ---- | C] () -- C:\Users\Administrator\Desktop\AllimaniaDNG2.mp3
[2011.05.29 20:20:22 | 029,564,761 | ---- | C] () -- C:\Users\Administrator\Desktop\justnetwork.eu_AllimaniaDNG1.mp3
[2011.05.07 12:12:25 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.07 12:12:24 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011.05.07 12:11:54 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.05.07 12:11:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.13 20:14:06 | 000,390,944 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys
[2010.12.01 10:06:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 20:58:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.14 20:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.01 20:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.01 20:10:06 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010.07.01 20:02:18 | 000,006,088 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.10.22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.07.14 10:47:43 | 000,949,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,222,136 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,449,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,704,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,189,032 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.09 10:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
 
========== LOP Check ==========
 
[2011.05.13 22:05:16 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\.minecraft
[2011.06.10 21:15:26 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\8 x 8 Media AG
[2011.04.26 22:48:06 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Babylon
[2011.02.20 03:10:05 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\CheckPoint
[2011.06.06 09:17:09 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\IObit
[2011.03.12 09:11:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Notepad++
[2011.03.13 19:55:04 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Pegasys Inc
[2011.06.22 19:36:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\RIFT
[2011.01.25 03:16:54 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\SC2Builds
[2011.05.20 22:40:41 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\TS3Client
[2011.02.17 16:58:22 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Unity
[2011.05.09 15:40:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\USM
[2011.06.27 19:09:42 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\uTorrent
[2011.03.17 14:31:30 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Webocton - Scriptly
[2011.06.12 08:31:13 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\WinPump
[2011.06.27 19:02:24 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AutoSmartDefrag.job
[2011.06.27 18:48:07 | 000,000,304 | ---- | M] () -- C:\Windows\Tasks\BearShareNAG.job
[2011.05.01 20:10:36 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.06.27 15:00:11 | 000,000,400 | ---- | M] () -- C:\Windows\Tasks\SmartDefrag.job
[2011.06.27 18:48:07 | 000,000,326 | -HS- | M] () -- C:\Windows\Tasks\YUGMFTV.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.09.28 21:26:50 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.07.02 16:37:17 | 000,000,000 | ---D | M] -- C:\.jagex_cache_32
[2010.10.03 18:06:14 | 000,000,000 | ---D | M] -- C:\c4294f6df585566ab7b86a3731
[2011.06.27 19:10:56 | 000,000,000 | -H-D | M] -- C:\Config.Msi
[2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.07.01 19:32:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.03.31 20:53:18 | 000,000,000 | ---D | M] -- C:\Drivers
[2010.11.28 21:25:19 | 000,000,000 | ---D | M] -- C:\Games
[2011.05.10 16:56:07 | 000,000,000 | ---D | M] -- C:\Goldfinger 8 XD
[2010.07.02 15:58:34 | 000,000,000 | ---D | M] -- C:\IExp0.tmp
[2010.07.02 15:58:44 | 000,000,000 | ---D | M] -- C:\IExp1.tmp
[2010.10.19 23:12:35 | 000,000,000 | ---D | M] -- C:\Modelview
[2010.09.12 13:55:04 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.06.27 19:13:15 | 000,000,000 | R--D | M] -- C:\Programme
[2011.06.27 19:09:07 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.07.01 19:32:23 | 000,000,000 | -HSD | M] -- C:\Programme
[2011.04.25 22:32:17 | 000,000,000 | ---D | M] -- C:\PTR Installer 4.0.0.12824 enGB
[2010.07.01 19:32:24 | 000,000,000 | -HSD | M] -- C:\Recovery
[2010.10.06 20:41:54 | 000,000,000 | ---D | M] -- C:\Rico
[2011.06.26 19:27:44 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.09.28 21:26:34 | 000,000,000 | R--D | M] -- C:\Users
[2010.12.01 11:11:33 | 000,000,000 | ---D | M] -- C:\WebCD
[2011.06.26 22:50:35 | 000,000,000 | ---D | M] -- C:\Windows
[2011.05.24 18:17:46 | 000,000,000 | ---D | M] -- C:\World of Warcraft Public Test
 
< %PROGRAMFILES%\*.exe >
 
< %PROGRAMFILES%\*. >
[2010.07.21 13:15:59 | 000,000,000 | ---D | M] -- C:\Programme\7zip2
[2011.03.31 20:40:00 | 000,000,000 | ---D | M] -- C:\Programme\Adobe
[2011.04.28 20:59:32 | 000,000,000 | ---D | M] -- C:\Programme\Alwil Software
[2010.07.01 20:01:41 | 000,000,000 | ---D | M] -- C:\Programme\AMD
[2010.07.01 20:09:30 | 000,000,000 | ---D | M] -- C:\Programme\Apoint2K
[2010.11.21 15:38:21 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update
[2011.02.19 10:39:15 | 000,000,000 | ---D | M] -- C:\Programme\Atari
[2010.07.01 19:56:40 | 000,000,000 | ---D | M] -- C:\Programme\ATI
[2010.07.01 20:01:26 | 000,000,000 | ---D | M] -- C:\Programme\ATI Technologies
[2011.03.28 13:48:27 | 000,000,000 | ---D | M] -- C:\Programme\Avira
[2011.03.27 22:23:57 | 000,000,000 | ---D | M] -- C:\Programme\AxBx
[2011.04.26 18:15:35 | 000,000,000 | ---D | M] -- C:\Programme\Babylon
[2011.05.16 00:09:21 | 000,000,000 | ---D | M] -- C:\Programme\Bing Bar Installer
[2010.07.01 20:10:05 | 000,000,000 | ---D | M] -- C:\Programme\BisonCam
[2010.11.21 15:37:30 | 000,000,000 | ---D | M] -- C:\Programme\Bonjour
[2011.05.27 15:44:28 | 000,000,000 | ---D | M] -- C:\Programme\Cabal
[2010.09.25 22:01:25 | 000,000,000 | ---D | M] -- C:\Programme\capella-software
[2011.03.28 13:47:06 | 000,000,000 | ---D | M] -- C:\Programme\CheckPoint
[2011.06.10 21:15:37 | 000,000,000 | ---D | M] -- C:\Programme\chessimo
[2011.06.22 07:50:19 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2010.07.03 23:31:55 | 000,000,000 | ---D | M] -- C:\Programme\Conduit
[2011.06.27 19:12:08 | 000,000,000 | ---D | M] -- C:\Programme\ConduitEngine
[2010.07.01 20:03:05 | 000,000,000 | ---D | M] -- C:\Programme\CONEXANT
[2010.08.20 15:01:57 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Pro
[2011.03.28 17:02:27 | 000,000,000 | ---D | M] -- C:\Programme\Der Schreibtrainer
[2010.07.01 20:01:43 | 000,000,000 | ---D | M] -- C:\Programme\DIFX
[2011.03.13 19:53:59 | 000,000,000 | ---D | M] -- C:\Programme\DivX
[2011.03.19 22:35:21 | 000,000,000 | ---D | M] -- C:\Programme\Driver Whiz
[2009.07.14 10:56:54 | 000,000,000 | ---D | M] -- C:\Programme\DVD Maker
[2010.07.03 23:37:51 | 000,000,000 | ---D | M] -- C:\Programme\DVDVideoSoft
[2011.05.07 08:24:32 | 000,000,000 | ---D | M] -- C:\Programme\EA Games
[2011.01.13 15:36:46 | 000,000,000 | ---D | M] -- C:\Programme\FreeApps
[2010.07.11 23:00:25 | 000,000,000 | ---D | M] -- C:\Programme\Game_Maker8
[2010.07.01 19:32:23 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2011.06.23 23:27:48 | 000,000,000 | ---D | M] -- C:\Programme\Google
[2011.06.22 19:34:49 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information
[2011.06.18 09:56:04 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2011.01.15 14:42:05 | 000,000,000 | ---D | M] -- C:\Programme\IObit
[2010.12.19 20:44:19 | 000,000,000 | ---D | M] -- C:\Programme\iPod
[2010.12.19 20:45:13 | 000,000,000 | ---D | M] -- C:\Programme\iTunes
[2010.12.16 14:30:53 | 000,000,000 | ---D | M] -- C:\Programme\Java
[2011.01.23 20:39:20 | 000,000,000 | ---D | M] -- C:\Programme\Lavalys
[2011.05.30 14:47:09 | 000,000,000 | ---D | M] -- C:\Programme\Lenovo
[2011.06.11 22:47:15 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.05.16 00:08:59 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft
[2011.04.27 22:38:47 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Analysis Services
[2009.07.14 10:56:50 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2011.04.27 22:49:34 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2011.06.19 16:30:26 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight
[2011.05.16 00:16:19 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server Compact Edition
[2011.04.27 22:49:55 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio
[2010.09.12 13:57:03 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio 8
[2011.04.27 22:49:30 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works
[2011.04.27 22:49:29 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2011.04.28 00:30:19 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2011.04.27 22:49:55 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2011.05.16 00:08:53 | 000,000,000 | ---D | M] -- C:\Programme\MSN Toolbar
[2011.02.13 14:13:11 | 000,000,000 | ---D | M] -- C:\Programme\Notepad++
[2011.02.19 10:21:04 | 000,000,000 | ---D | M] -- C:\Programme\PowerISO
[2010.12.19 20:38:37 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime
[2011.04.28 20:09:31 | 000,000,000 | ---D | M] -- C:\Programme\RAR Password Cracker
[2011.04.04 16:27:10 | 000,000,000 | ---D | M] -- C:\Programme\Razer
[2011.04.28 20:56:09 | 000,000,000 | ---D | M] -- C:\Programme\Real
[2010.07.01 20:06:04 | 000,000,000 | ---D | M] -- C:\Programme\Realtek
[2009.07.14 06:52:30 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2011.02.13 14:13:11 | 000,000,000 | ---D | M] -- C:\Programme\Registry Mechanic
[2011.06.22 19:37:37 | 000,000,000 | ---D | M] -- C:\Programme\RIFT Game
[2010.08.19 00:13:39 | 000,000,000 | ---D | M] -- C:\Programme\RocketDock
[2010.12.19 20:39:51 | 000,000,000 | ---D | M] -- C:\Programme\Safari
[2011.03.28 13:47:20 | 000,000,000 | ---D | M] -- C:\Programme\Saitek
[2011.01.16 16:45:20 | 000,000,000 | ---D | M] -- C:\Programme\SC2 Replay Catcher
[2011.06.22 07:50:33 | 000,000,000 | R--D | M] -- C:\Programme\Skype
[2011.02.13 14:13:11 | 000,000,000 | ---D | M] -- C:\Programme\softonic-de3
[2010.07.02 16:18:21 | 000,000,000 | ---D | M] -- C:\Programme\Sony
[2011.06.07 12:59:56 | 000,000,000 | ---D | M] -- C:\Programme\Spybot - Search & Destroy
[2011.06.07 13:08:11 | 000,000,000 | ---D | M] -- C:\Programme\SpywareBlaster
[2011.03.13 20:13:52 | 000,000,000 | ---D | M] -- C:\Programme\SRS Labs
[2010.07.05 12:56:38 | 000,000,000 | ---D | M] -- C:\Programme\Stardock
[2011.02.19 14:24:21 | 000,000,000 | ---D | M] -- C:\Programme\Steam
[2011.04.10 14:47:41 | 000,000,000 | ---D | M] -- C:\Programme\SW-Tukupdater
[2011.05.20 21:47:18 | 000,000,000 | ---D | M] -- C:\Programme\TeamSpeak 3 Client
[2010.08.12 01:11:39 | 000,000,000 | ---D | M] -- C:\Programme\TechSmith
[2009.07.14 06:53:23 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2011.05.09 15:26:35 | 000,000,000 | ---D | M] -- C:\Programme\USM
[2011.02.13 14:13:11 | 000,000,000 | ---D | M] -- C:\Programme\uTorrentBar_DE
[2010.12.01 10:07:05 | 000,000,000 | ---D | M] -- C:\Programme\Ventrilo
[2011.01.06 02:14:46 | 000,000,000 | ---D | M] -- C:\Programme\VentSrv
[2011.03.17 14:31:34 | 000,000,000 | ---D | M] -- C:\Programme\Webocton - Scriptly
[2009.07.14 10:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2009.07.14 10:56:53 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal
[2011.05.16 00:23:28 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live
[2010.12.16 14:47:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2010.10.14 19:57:14 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2010.07.02 15:58:24 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media-Komponenten
[2010.07.01 19:32:23 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2009.07.14 10:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Viewer
[2009.07.14 06:52:32 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices
[2009.07.14 10:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2010.08.09 11:27:23 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR
[2011.05.24 19:42:35 | 000,000,000 | ---D | M] -- C:\Programme\World of Warcraft
[2011.03.28 13:48:17 | 000,000,000 | ---D | M] -- C:\Programme\WoW Leveling AddOns Downloader
[2011.01.15 14:56:26 | 000,000,000 | ---D | M] -- C:\Programme\Xenocode
[2010.09.25 07:52:58 | 000,000,000 | ---D | M] -- C:\Programme\Xfire
[2011.03.28 13:48:16 | 000,000,000 | ---D | M] -- C:\Programme\xp-AntiSpy
[2011.06.23 22:48:53 | 000,000,000 | ---D | M] -- C:\Programme\YABOT Editor
[2011.03.28 13:48:49 | 000,000,000 | ---D | M] -- C:\Programme\ZoneAlarm_Security
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Administrator\AppData\Local\Temp\RarSFX0\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Administrator\AppData\Local\Temp\RarSFX1\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Administrator\AppData\Local\Temp\RarSFX2\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Administrator\AppData\Local\Temp\RarSFX3\procs\explorer.exe
[2011.01.16 16:55:21 | 000,255,488 | ---- | M] () MD5=3C33B26F2F7FA61D882515F2D6078691 -- C:\Users\Administrator\AppData\Local\Temp\RarSFX4\procs\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Administrator\AppData\Local\Temp\RarSFX0\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Administrator\AppData\Local\Temp\RarSFX1\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Administrator\AppData\Local\Temp\RarSFX2\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Administrator\AppData\Local\Temp\RarSFX3\h\explorer.exe
[2005.08.16 02:54:58 | 000,001,536 | ---- | M] () MD5=ABC6379205DE2618851C4FCBF72112EB -- C:\Users\Administrator\AppData\Local\Temp\RarSFX4\h\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[2011.06.26 22:48:26 | 000,000,000 | ---- | M] () MD5=D41D8CD98F00B204E9800998ECF8427E -- C:\Users\Administrator\Downloads\eXplorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: SVCHOST.EXE  >
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX0\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX3\userinit.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX4\userinit.exe
 
< MD5 for: VOLSNAP.SYS  >
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX0\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX3\winlogon.exe
[2009.05.26 19:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\Administrator\AppData\Local\Temp\RarSFX4\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-06-27 01:00:26
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 95 bytes -> C:\ProgramData\Temp:5C321E34
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

   ---

Danke nochmals für deine bisherige Hilfe und ich hoffe wieder auf eine schnelle Antwort :)
Mfg, Deathkid

Hallo Deathkid,






Schritt # 1: Software mit Revo Uninstaller deinstallieren
Downloade Dir bitte den Revo Uninstaller

• Doppelklick auf die revosetup.exe.
• Installiere das Tool in den vorgegebenen Pfad.
• Doppelklick auf das Revo Uninstall Icon.
• Suche Dir nun folgende Software aus der Code-Box.
  
  Code:

  ---

  softonic-de3 Toolbar
uTorrentBar_DE Toolbar
Conduit Engine
ZoneAlarm_Security

  ---

  Klicke darauf und bestätige mit Ja.
• Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
• Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
• Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.

Bebilderte Anleitung

Starte den Rechner neu auf.






Schritt # 2: Fix mit OTL

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

• Schließe bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 3: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)

• Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt # 4: Systemscan mit OTL

• Starte bitte OTL.exe.
• Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
• Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• eine Rückmeldung bezüglich der Deinstallationen mit Revo Uninstaller,
• das Logfile des OTL-Fix,
• das Logfile von MBAM und
• die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

Hallo M-K-D-B,
Also folgendes:

1. Alles Deinstalliert, ausser ZoneAlarm_Security, das es nicht in der Liste stand, auch Such-Funktion half nichts
2. So, wenn unten in der "Textbox" steht "[Emptytemp]" bleibt das Programm hängen und stürzt ab

Soll ich solange einfach die nächsten Schritte machen?
Vielen Dank im vornhinein für deine Antwort,
Deathkid

Hallo Deathkid,



Führe den OTL-Fix erneut aus.

Auch wenn OTL bei Emptytemp eine Zeit lang verharrt bzw. "Keine Rückmeldung" im Fenster steht, bitte nichts unternehmen und etwas warten, hab Geduld.
Die Logfiles der OTL-Fixe findest du später auch unter C:\_OTL\MovedFiles\<time_date>.txt. Evtl. finden sich dort dann zwei Logfiles. Beide posten.

Anschließend kannst du mit dem nächsten Schritt weiter arbeiten. :daumenhoc

Hallo M-K-D-B,
Ich bringe dir den nächsten Schwall an Informationen ;)

1. OTL fixfile:
   Code:

   ---

   All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
File C:\Programme\ZoneAlarm_Security\tbZone.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Programme\uTorrentBar_DE\tbuTo1.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Programme\uTorrentBar_DE\tbuTo1.dll not found.
Prefs.js: "uTorrentBar_DE Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "hxxp://search.babylon.com/?babsrc=toolbar2&q=" removed from keyword.URL
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 49798 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files\ConduitEngine\prxConduitEngine.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
File C:\Programme\ZoneAlarm_Security\tbZone.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Programme\uTorrentBar_DE\tbuTo1.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{91da5e8a-3318-4f8c-b67e-5964de3ab546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\ not found.
File C:\Programme\ZoneAlarm_Security\tbZone.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{c840e246-6b95-475e-9bd7-caa1c7eca9f2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}\ not found.
File C:\Programme\uTorrentBar_DE\tbuTo1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Programme\ConduitEngine\prxConduitEngine.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}\ not found.
File C:\Programme\ZoneAlarm_Security\tbZone.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2}\ not found.
File C:\Programme\uTorrentBar_DE\tbuTo1.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\VirusKeeper\ not found.
Folder C:\Users\Administrator\AppData\Local\Conduit\ not found.
Folder C:\ProgramData\bL28601DaMcK28601\ not found.
File C:\Windows\tasks\YUGMFTV.job not found.
File C:\Windows\tasks\BearShareNAG.job not found.
File C:\Users\Administrator\AppData\Local\rj4sm7u3557mt40c3381ck7fynf7xuq55mfmt not found.
File C:\ProgramData\rj4sm7u3557mt40c3381ck7fynf7xuq55mfmt not found.
File C:\Users\Administrator\AppData\Roaming\DACE.97A not found.
Folder C:\Users\Administrator\AppData\Roaming\uTorrent\ not found.
C:\Windows\Tasks\SmartDefrag.job moved successfully.
Folder C:\Programme\Conduit\ not found.
Folder C:\Programme\ConduitEngine\ not found.
Folder C:\Programme\softonic-de3\ not found.
Folder C:\Programme\uTorrentBar_DE\ not found.
Folder C:\Programme\ZoneAlarm_Security\ not found.
Unable to delete ADS C:\ProgramData\Temp:5C321E34 .
Unable to delete ADS C:\ProgramData\Temp:D1B5B4F1 .
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 120167 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20991307 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 456 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Dennis
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 9835749858 bytes
 
Total Files Cleaned = 9.400,00 mb
 
 
OTL by OldTimer - Version 3.2.24.1 log created on 06272011_214512

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

   ---

2. MBAM Logfile:
   Code:

   ---

   Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6963

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.06.2011 22:49:25
mbam-log-2011-06-27 (22-49-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 174476
Laufzeit: 8 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

   ---

3. OTL Logfile:
   Code:

   ---

   OTL logfile created on: 27.06.2011 22:57:58 - Run 3
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 56,87% Memory free
6,98 Gb Paging File | 5,97 Gb Available in Paging File | 85,43% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 48,12 Gb Free Space | 31,31% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 9,27 Gb Free Space | 11,89% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Administrator\AppData\Local\Apps\2.0\W55HJDXV.742\KR5R0CNL.RO1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe (Curse)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (PCToolsSSDMonitorSvc) -- C:\Programme\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Programme\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SRS_AudioFusion_Service) -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CFA) -- C:\Windows\System32\drivers\SaiK0CFA.sys (Saitek)
DRV - (SaiU0CFA) -- C:\Windows\System32\drivers\SaiU0CFA.sys (Saitek)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SaiK0728) -- C:\Windows\System32\drivers\SaiK0728.sys (Saitek)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 5B 60 61 79 69 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.28 20:56:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.28 20:55:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.28 20:56:19 | 000,000,000 | ---D | M]
 
[2010.10.14 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011.06.27 19:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions
[2011.05.22 20:40:15 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.06.23 13:09:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.07 08:23:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\battlefieldplay4free@ea.com
[2010.12.16 13:56:14 | 000,000,931 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\conduit.xml
[2010.10.14 20:01:12 | 000,010,017 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\mywebsearch.xml
[2011.05.20 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
File not found (No name found) --
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2011.04.28 20:56:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 18:13:26 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.27 21:45:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.27 21:06:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.27 20:55:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.06.27 20:55:07 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2011.06.27 19:18:41 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RealUI 0612
[2011.06.27 12:09:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.26 22:50:35 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.06.26 21:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\bL28601DaMcK28601
[2011.06.24 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.06.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RIFT
[2011.06.22 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011.06.22 19:34:45 | 000,000,000 | ---D | C] -- C:\Programme\RIFT Game
[2011.06.22 07:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.20 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\LeilaUI 3.13
[2011.06.18 09:43:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.17 14:37:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.17 14:37:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.17 14:37:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.17 14:37:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.17 14:37:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.17 14:37:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.17 14:37:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.17 14:37:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.17 14:37:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.17 14:37:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.17 14:37:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2011.06.11 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.06.11 22:46:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 22:46:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 22:46:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:36 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011.06.10 21:15:36 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2011.06.10 21:15:36 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011.06.10 21:15:36 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011.06.10 21:15:36 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SYSINFO.OCX
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Programme\chessimo
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\8 x 8 Media AG
[2011.06.10 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011.06.07 13:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.06.07 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.05.30 14:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
[2011.05.30 14:47:09 | 000,009,472 | ---- | C] (Lenovo Corporation) -- C:\Windows\System32\drivers\AcpiVpc.sys
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.27 22:43:45 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.27 22:43:45 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.27 22:40:56 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.06.27 22:35:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.27 22:34:59 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 22:34:56 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2011.06.27 22:34:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.27 22:34:41 | 1406,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.27 22:19:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.27 22:09:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000UA.job
[2011.06.27 21:45:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.06.27 20:55:08 | 000,001,222 | ---- | M] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 20:09:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000Core.job
[2011.06.27 19:19:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:32:01 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.06.27 13:13:38 | 000,027,484 | ---- | M] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:26 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:09:21 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.27 12:05:08 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:15:41 | 000,000,150 | ---- | M] () -- C:\Users\Administrator\Desktop\rk-proxy.reg
[2011.06.26 23:12:02 | 001,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 10:05:41 | 000,518,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Unbenannt.PNG
[2011.06.24 10:38:56 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.20 19:12:48 | 000,095,049 | ---- | M] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.20 14:12:59 | 000,949,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.20 14:12:59 | 000,704,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.20 14:12:59 | 000,222,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.20 14:12:59 | 000,189,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.11 18:58:04 | 000,004,107 | ---- | M] () -- C:\Windows\wininit.ini
[2011.06.11 14:11:05 | 000,001,246 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.06.11 13:32:32 | 000,449,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.11 10:49:21 | 000,166,400 | RHS- | M] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog2.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.10 19:08:58 | 000,000,129 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat
[2011.06.10 19:07:59 | 000,000,034 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences.dat
[2011.06.07 13:06:07 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.05.29 09:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.29 09:11:20 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2011.06.27 22:34:59 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 20:55:08 | 000,001,222 | ---- | C] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 13:13:38 | 000,027,484 | ---- | C] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:18 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:04:42 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:02 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:15:41 | 000,000,150 | ---- | C] () -- C:\Users\Administrator\Desktop\rk-proxy.reg
[2011.06.26 23:11:45 | 001,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 09:56:45 | 000,095,049 | ---- | C] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.24 10:38:56 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track05.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track04.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track03.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track02.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track01.cda
[2011.06.11 14:33:23 | 000,004,107 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.11 10:49:21 | 000,166,400 | RHS- | C] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.10 21:16:36 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog2.dll
[2011.06.10 21:16:28 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.07 13:06:07 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.06.07 12:56:17 | 000,001,246 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.05.31 15:51:36 | 013,322,449 | ---- | C] () -- C:\Users\Administrator\Desktop\wowszene.de_Hoerspiel-Pinkcraft_01.mp3
[2011.05.29 20:20:41 | 029,118,798 | ---- | C] () -- C:\Users\Administrator\Desktop\AllimaniaDNG2.mp3
[2011.05.29 20:20:22 | 029,564,761 | ---- | C] () -- C:\Users\Administrator\Desktop\justnetwork.eu_AllimaniaDNG1.mp3
[2011.05.07 12:12:25 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.07 12:12:24 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011.05.07 12:11:54 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.05.07 12:11:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.13 20:14:06 | 000,390,944 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys
[2010.12.01 10:06:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 20:58:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.14 20:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.01 20:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.01 20:10:06 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010.07.01 20:02:18 | 000,006,088 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.10.22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.07.14 10:47:43 | 000,949,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,222,136 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,449,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,704,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,189,032 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.09 10:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

< End of report >

   ---

   OTL-Extras:
   Code:

   ---

   OTL Extras logfile created on: 27.06.2011 22:57:58 - Run 3
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,99 Gb Available Physical Memory | 56,87% Memory free
6,98 Gb Paging File | 5,97 Gb Available in Paging File | 85,43% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 48,12 Gb Free Space | 31,31% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 9,27 Gb Free Space | 11,89% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ACD183-EAEC-82C8-F71E-8FF0B6143D7B}" = CCC Help Portuguese
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{063BBC11-7F75-3BBA-02AA-A1B5FC0E17AC}" = CCC Help Polish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11C39430-2BC0-4C47-4541-B6C8150D4A65}" = Catalyst Control Center InstallProxy
"{1375616C-B818-9FC7-0BE3-AE9AC45F1188}" = CCC Help Chinese Standard
"{14AEA387-7A94-575A-4328-07BE82BD7F32}" = ATI Catalyst Install Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3253AC2A-EC76-DC6C-6ED1-EBA5E67A79A1}" = ccc-utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36B38C30-94C1-2B9C-B973-59B2FB37CCB0}" = CCC Help Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3931705A-D653-44A8-9BB5-759B7965BE99}_is1" = YABOT Build Order Editor version 1.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1FB742-A73A-2403-639F-C8CD64A70449}" = CCC Help Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{417CE154-54E7-3655-0C24-34FBFCA5163C}" = CCC Help Finnish
"{420F882E-36E5-9C3B-BF07-B0C1911F4739}" = CCC Help Italian
"{460495AF-988E-CDD4-591D-7E75AC1CAF4A}" = Catalyst Control Center Core Implementation
"{46E8BDC8-F7BD-3F44-8DA1-9B26DAB62205}" = CCC Help Swedish
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4E0BEC25-51C6-30AE-348D-AA208ABA3400}" = CCC Help Japanese
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6128B845-A2F4-283F-92B8-C02B393373A4}" = CCC Help Hungarian
"{613B9AA5-33A3-B2BB-D87D-BF7B1C02315E}" = Catalyst Control Center Localization All
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65C743AF-D881-B71D-A753-A95C5219E78B}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{836180C6-4998-B1EE-782A-EF196850A98F}" = CCC Help Turkish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84738B59-F709-5737-524D-CAC71D74C23F}" = CCC Help English
"{848249FC-EA31-81CC-914B-7401C37B03CE}" = CCC Help Russian
"{8518ECC0-0DE4-4475-D0C1-C8114A8F0C0B}" = CCC Help French
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA1963A-5234-BECC-B5E7-7469ABBC6514}" = Catalyst Control Center Graphics Light
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D540B8F-1325-CF57-0C84-B59B03B153FB}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93ABEBEB-EEE0-4AB9-A925-2F2EC791A4CE}" = Smart Technology Programming Software 7.0.2.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96CC86A2-997F-46BF-9ADF-3857DB648765}" = chessimo 3.42
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3D7DCF8-A79C-882D-1B6F-2A5106053F9B}" = CCC Help Danish
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B569783D-389B-BA36-6A8E-1457C12E77F1}" = CCC Help Thai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BDAFF03F-3E7D-427B-A658-3807C4C58B0C}" = Goldfinger 8
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C9A3120D-C729-875A-AD54-C3AE3F9C826B}" = CCC Help Korean
"{CA050D8C-770A-41A7-B966-0056456EA27E}" = Razer StarCraft II
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF051DB4-9E13-0A5B-314D-B0AC3B3BF9D9}" = CCC Help German
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8EDD457-B59B-FFC6-7E6B-749734E71D03}" = Catalyst Control Center Graphics Previews Common
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28FD821-1863-4BC0-8B8C-959EEE805FDE}" = SRS AudioFusion
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAADF6C-CB48-DE4C-C934-1A9C11F1D7AE}" = ccc-core-static
"{EF1D891C-1616-C383-AD0B-6C8B0A8F8CC9}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F231A12D-5C87-6201-DF65-25106365399D}" = Catalyst Control Center Graphics Full New
"{F25E99CD-A296-85C2-BF1A-9E6BCDE8FA4A}" = CCC Help Greek
"{F3DCF8E5-F5BA-492B-8113-7FAAED125BE0}" = capella 1200
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCB7CDF-534B-3297-8B3E-2E7587A4AE1A}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"CABAL Online: Episode IV_is1" = Cabal Online Europe - Episode IV
"Camtasia Studio 3" = Camtasia Studio 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube Download_is1" = Free YouTube Download 2.6
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"Game Maker 8.0" = Game Maker 8.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Notepad++" = Notepad++
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 12.0" = RealPlayer
"Registry Mechanic_is1" = Registry Mechanic 9.0
"Revo Uninstaller" = Revo Uninstaller 1.92
"RocketDock_is1" = RocketDock 1.3.5
"SC2 Replay Catcher_is1" = SC2 Replay Catcher version 0.1.0.3a
"Smart Defrag_is1" = Smart Defrag
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StarCraft II" = StarCraft II
"Stardock MyColors" = Stardock MyColors
"SW-Tukupdater_is1" = SW-TukUpdater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Uninstall_is1" = Uninstall 1.0.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"ccb6737a8af9d4ff" = Lenovo Driver Download Manager
"UnityWebPlayer" = Unity Web Player
"WinPump" = WinPump
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.06.2011 16:49:53 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Yabot Editor.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4d327028  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
 Zeitstempel: 0x4a5bdaae  Ausnahmecode: 0xe0434352  Fehleroffset: 0x00009617  ID des fehlerhaften
 Prozesses: 0x1b98  Startzeit der fehlerhaften Anwendung: 0x01cc31e70feedaea  Pfad der
 fehlerhaften Anwendung: C:\Program Files\YABOT Editor\Yabot Editor.exe  Pfad des
fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 57b7a669-9dda-11e0-bace-705ab65c33b2
 
Error - 24.06.2011 08:11:29 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 2.0.0.4094 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17a4    Startzeit:
 01cc31ca29dc9e07    Endzeit: 9449    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 eb3965d5-9e5a-11e0-bace-705ab65c33b2 
 
Error - 24.06.2011 08:11:49 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm SC2.exe, Version 1.3.4.18701 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 15d0    Startzeit:
 01cc32659933a740    Endzeit: 1548    Anwendungspfad: D:\games\StarCraft II\Versions\Base18574\SC2.exe

Berichts-ID:
 
 
Error - 26.06.2011 13:27:47 | Computer Name = Dennis-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 27.06.2011 02:03:44 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 27.06.2011 02:07:22 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.06.2011 02:14:03 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.06.2011 07:10:46 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pev.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d334d98  Name des fehlerhaften Moduls: ADVAPI32.dll_unloaded, Version: 0.0.0.0,
 Zeitstempel: 0x4a5bd97e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7785b663  ID des fehlerhaften
 Prozesses: 0x10ec  Startzeit der fehlerhaften Anwendung: 0x01cc34badcb26d09  Pfad der
 fehlerhaften Anwendung: C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX4\pev.exe  Pfad
 des fehlerhaften Moduls: ADVAPI32.dll  Berichtskennung: 1a9c5f98-a0ae-11e0-b70a-705ab65c33b2
 
Error - 27.06.2011 15:11:42 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.24.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e98    Startzeit:
01cc34fd433820d1    Endzeit: 15    Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID:
 4791b746-a0f1-11e0-b9c2-705ab65c33b2 
 
Error - 27.06.2011 15:17:00 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.24.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d74    Startzeit:
01cc34feaf5feadb    Endzeit: 0    Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID:
 05a386d6-a0f2-11e0-b7a3-705ab65c33b2 
 
[ Media Center Events ]
Error - 28.03.2011 07:25:42 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:41 - Fehler beim Herstellen der Internetverbindung.  13:25:41
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.03.2011 07:25:55 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:49 - Fehler beim Herstellen der Internetverbindung.  13:25:49
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 04:34:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:34:44 - Fehler beim Herstellen der Internetverbindung.  10:34:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 04:35:36 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:35:14 - Fehler beim Herstellen der Internetverbindung.  10:35:14
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 06:37:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:37:45 - Fehler beim Herstellen der Internetverbindung.  12:37:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 06:38:25 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:38:14 - Fehler beim Herstellen der Internetverbindung.  12:38:14
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 24.04.2011 03:57:10 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 09:54:53 - Directory konnte nicht abgerufen werden (Fehler: Die Anfrage
 wurde abgebrochen: Die Anfrage wurde abgebrochen..) 
 
Error - 24.04.2011 04:16:26 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 - MCESpotlight konnte nicht abgerufen werden (Fehler: Invalid
 security token.) 
 
[ OSession Events ]
Error - 28.09.2010 15:26:09 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3436
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 15:37:15 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1278
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 25.11.2010 16:24:56 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10330
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2010 16:19:25 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8119
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 27.06.2011 15:17:57 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.06.2011 15:17:58 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.06.2011 15:18:04 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.06.2011 15:18:04 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.06.2011 15:18:13 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
 abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
 
Error - 27.06.2011 16:34:35 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.06.2011 16:34:39 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.06.2011 16:34:46 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.06.2011 16:34:46 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 27.06.2011 16:34:56 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7003
Description = Der Dienst "SBSD Security Center Service" ist von folgendem Dienst
 abhängig: wscsvc. Dieser Dienst ist eventuell nicht installiert.
 
 
< End of report >

   ---

Danke schon mal im vorhinein für deine Antwort und für deine Mühen:)
MFG,
Deathkid

Hallo Deathkid535,



:lach:



:dankeschoen: Aber für gewöhnlich bedankt man sich erst nach getaner Arbeit. :)

Die Logfiles sehen zwar schon besser aus, aber wir sind noch nicht fertig:




Schritt # 1: Registry Cleaner
Ich sehe, dass Du sogenannte Registry Cleaner am System hast.
In deinem Fall Registry Mechanic 9.0.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

• Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
• Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
• Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.





Schritt # 2: ComboFix ausführen

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.





Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:

• Hast du diesen Dhcp-Server eingerichtet bzw. kennst du diese IP-Adresse?
  
  Zitat:

  O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138

  Gib mir bitte so viele Informationen dazu wie du hast.

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• das Logfile von ComboFix und
• die Beantwortung der gestellten Fragen.

Hallo M-K-D-B
Ich habe den AntiVir-Guard deaktiviert, und dann ComboFix gestartet, doch dieser schreibt, dass dieser noch immer aktiv ist.
Könntest du mir bitte sagen, wie man ihn Deaktiviert, da ich durch google-suche auch nicht draufgekommen bin:)
Zu der Frage:
Nein, den habe ich nicht eingerichtet, ich weiss nicht einmal, was das ist.
MFG,
Deathkid

Hallo Deathkid,


Bricht ComboFix einfach ab oder kannst du trotzdem mit der Bereinigung fortfahren? In der Regel macht Avira keine großen Probleme.

Es sollte genügen, wenn du rechts unten an der Taskleiste mit einem Rechtsklick auf das Icon von Avira klickst und darüber den AntiVir Guard deaktivierst.

Auch wenn ComboFix meckert, sollte es dennoch in der Lage sein, durchzulaufen.

Bitte nochmal versuchen und berichten. :)

Hallo M-K-D-B,
Nach einigen Stunden des durchlaufen lassens(sollte wohl nicht so sein), ist bis jetzt genau GAR NICHTS passiert.
Liegt das an dem AntiVir?
MFG,
Deathkid

Hallo Dathkid,



wir versuchen etwas anderes.




Schritt # 1: ComboFix über Befehlszeile ausführen
Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste und kopiere folgendes in die Ausführen Zeile
Poste bitte die Combofix.txt hier in dein Thema





Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• das Logfile von ComboFix.

Hallo M-K-D-B,
Bis jetzt ist noch immer nichts probiert, sieht auch so aus als würde auch die nächsten Stunden wieder nichts passieren.
Gruß,
Deathkid

Hallo Deathkid,


Ich erkundige mich intern im Team. Antwort folgt.

Hallo Deathkid,





Schritt # 1: GMER Rootkitscan
Bitte

• alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
• keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
• nichts am Rechner arbeiten,
• nach jedem Scan den Rechner neu starten.

Gmer scannen lassen

• Lade Dir Gmer von dieser Seite herunter
  (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
• Alle anderen Programme sollen geschlossen sein.
• Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  Vista und Win7 User mit Rechtsklick und als Administrator starten.
• Sollte sich ein Fenster mit folgender Warnung öffnen:

  WARNING !!!
  GMER has found system modification, which might have been caused by ROOTKIT activity.
  Do you want to fully scan your system ?

  Unbedingt auf "No" klicken.
• Entferne rechts den Haken bei:

  • IAT/EAT
  • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
  • Show all (sollte abgehackt sein)

• Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!





Schritt # 2: Systemscan mit OTL

• Starte bitte OTL.exe.
• Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
• Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:

• Wie läuft dein Rechner derzeit?
• Gibt es irgendwelche Probleme? Wenn ja, beschreibe diese bitte so gut es geht.

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• das Logfile von GMER,
• die beiden Logfiles von OTL (OTL.txt und Extras.txt) und
• die Beantwortung der gestellten Fragen.

Hallo M-K-D-B,
Und hier wieder einige Leseübungen :)

1. Das Logfile von GMER:
   Code:

   ---

   GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-30 11:59:08
Windows 6.1.7600  Harddisk0\DR0 -> \Device\00000058 ST925031 rev.0010
Running: drv0czgm.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwdirpog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKeyEx + 13BD                                                                                    82C46569 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                              82C6B092 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                                            section is writeable [0x8DC21000, 0x2CB104, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\Real\RealPlayer\Update\realsched.exe[3144] kernel32.dll!SetUnhandledExceptionFilter                76463162 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\0000004d                                                                                  halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Pro\
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x49 0x5E 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x2C 0x57 0xED 0x1D ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0xEC 0x14 0x3A 0x79 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xCE 0x5D 0x98 0x04 ...
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1                     
Reg            HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                0x6D 0x3B 0x58 0x6E ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Pro\
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x49 0x5E 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x2C 0x57 0xED 0x1D ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0xEC 0x14 0x3A 0x79 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xCE 0x5D 0x98 0x04 ...
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12                    0x6D 0x3B 0x58 0x6E ...

---- EOF - GMER 1.0.15 ----

   ---

2. Das OTL Logfile:
   Code:

   ---

   OTL logfile created on: 30.06.2011 12:04:20 - Run 4
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,49% Memory free
6,98 Gb Paging File | 5,43 Gb Available in Paging File | 77,71% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 47,83 Gb Free Space | 31,12% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 6,18 Gb Free Space | 7,93% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Administrator\AppData\Local\Apps\2.0\W55HJDXV.742\KR5R0CNL.RO1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe (Curse)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (PEVSystemStart) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Programme\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pwdirpog) -- C:\pwdirpog.sys (GMER)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (SRS_AudioFusion_Service) -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CFA) -- C:\Windows\System32\drivers\SaiK0CFA.sys (Saitek)
DRV - (SaiU0CFA) -- C:\Windows\System32\drivers\SaiU0CFA.sys (Saitek)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SaiK0728) -- C:\Windows\System32\drivers\SaiK0728.sys (Saitek)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 5B 60 61 79 69 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.28 20:56:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.28 20:55:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.28 20:56:19 | 000,000,000 | ---D | M]
 
[2010.10.14 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011.06.27 19:16:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions
[2011.05.22 20:40:15 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.06.23 13:09:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.07 08:23:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\battlefieldplay4free@ea.com
[2010.12.16 13:56:14 | 000,000,931 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\conduit.xml
[2010.10.14 20:01:12 | 000,010,017 | ---- | M] () -- C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\0q27vfov.default\searchplugins\mywebsearch.xml
[2011.05.20 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
File not found (No name found) --
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2011.04.28 20:56:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 18:13:26 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.27 21:45:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.06.30 09:05:29 | 000,100,736 | ---- | C] (GMER) -- C:\pwdirpog.sys
[2011.06.29 12:25:32 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 12:25:31 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 12:25:30 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 12:25:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 12:25:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 12:25:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.28 21:16:09 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.06.28 21:15:18 | 004,128,671 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.06.28 16:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.28 16:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.28 16:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.28 15:05:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.28 15:01:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2011.06.28 15:00:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.27 21:06:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.27 20:55:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.06.27 20:55:07 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2011.06.27 19:18:41 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RealUI 0612
[2011.06.27 12:09:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.26 22:50:35 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.06.26 21:29:44 | 000,000,000 | ---D | C] -- C:\ProgramData\bL28601DaMcK28601
[2011.06.24 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.06.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RIFT
[2011.06.22 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011.06.22 19:34:45 | 000,000,000 | ---D | C] -- C:\Programme\RIFT Game
[2011.06.22 07:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.20 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\LeilaUI 3.13
[2011.06.18 09:43:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.17 14:37:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.17 14:37:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.17 14:37:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.17 14:37:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.17 14:37:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.17 14:37:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.17 14:37:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.17 14:37:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.17 14:37:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.17 14:37:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.17 14:37:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2011.06.11 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.06.11 22:46:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 22:46:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 22:46:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:36 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011.06.10 21:15:36 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2011.06.10 21:15:36 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011.06.10 21:15:36 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011.06.10 21:15:36 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SYSINFO.OCX
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Programme\chessimo
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\8 x 8 Media AG
[2011.06.10 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011.06.07 13:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.06.07 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
 
========== Files - Modified Within 30 Days ==========
 
[2011.06.30 11:19:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.06.30 11:16:10 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.06.30 11:09:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000UA.job
[2011.06.30 09:05:29 | 000,100,736 | ---- | M] (GMER) -- C:\pwdirpog.sys
[2011.06.30 09:03:59 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.30 08:30:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.06.29 21:58:15 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.06.29 21:58:15 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.06.29 21:50:11 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.06.29 21:50:08 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2011.06.29 21:49:26 | 1406,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2011.06.29 21:29:22 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.06.29 20:09:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000Core.job
[2011.06.29 17:08:02 | 000,449,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.28 21:14:38 | 004,128,671 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.06.28 08:02:33 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 21:45:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.06.27 20:55:08 | 000,001,222 | ---- | M] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 19:19:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:13:38 | 000,027,484 | ---- | M] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:26 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:09:21 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.27 12:05:08 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:12:02 | 001,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 10:05:41 | 000,518,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Unbenannt.PNG
[2011.06.24 10:38:56 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.20 19:12:48 | 000,095,049 | ---- | M] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.20 14:12:59 | 000,949,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.20 14:12:59 | 000,704,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.20 14:12:59 | 000,222,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.20 14:12:59 | 000,189,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.11 18:58:04 | 000,004,107 | ---- | M] () -- C:\Windows\wininit.ini
[2011.06.11 14:11:05 | 000,001,246 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.06.11 10:49:21 | 000,166,400 | RHS- | M] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog2.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.10 19:08:58 | 000,000,129 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat
[2011.06.10 19:07:59 | 000,000,034 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences.dat
[2011.06.07 13:06:07 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
 
========== Files Created - No Company Name ==========
 
[2011.06.30 09:03:58 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.28 16:12:35 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.28 16:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.28 16:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.28 16:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.28 16:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.27 22:34:59 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 20:55:08 | 000,001,222 | ---- | C] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 13:13:38 | 000,027,484 | ---- | C] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:18 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:04:42 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:02 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:11:45 | 001,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 09:56:45 | 000,095,049 | ---- | C] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.24 10:38:56 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track05.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track04.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track03.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track02.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track01.cda
[2011.06.11 14:33:23 | 000,004,107 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.11 10:49:21 | 000,166,400 | RHS- | C] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.10 21:16:36 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog2.dll
[2011.06.10 21:16:28 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.07 13:06:07 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.06.07 12:56:17 | 000,001,246 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.05.31 15:51:36 | 013,322,449 | ---- | C] () -- C:\Users\Administrator\Desktop\wowszene.de_Hoerspiel-Pinkcraft_01.mp3
[2011.05.07 12:12:25 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.07 12:12:24 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011.05.07 12:11:54 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.05.07 12:11:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.13 20:14:06 | 000,390,944 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys
[2010.12.01 10:06:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 20:58:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.14 20:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.01 20:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.01 20:10:06 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010.07.01 20:02:18 | 000,006,088 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.10.22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.07.14 10:47:43 | 000,949,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,222,136 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,449,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,704,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,189,032 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.09 10:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >

   ---

3. Das OTL Extralogfile:
   Code:

   ---

   OTL Extras logfile created on: 30.06.2011 12:04:20 - Run 4
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,48 Gb Available Physical Memory | 27,49% Memory free
6,98 Gb Paging File | 5,43 Gb Available in Paging File | 77,71% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 47,83 Gb Free Space | 31,12% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 6,18 Gb Free Space | 7,93% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ACD183-EAEC-82C8-F71E-8FF0B6143D7B}" = CCC Help Portuguese
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{063BBC11-7F75-3BBA-02AA-A1B5FC0E17AC}" = CCC Help Polish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11C39430-2BC0-4C47-4541-B6C8150D4A65}" = Catalyst Control Center InstallProxy
"{1375616C-B818-9FC7-0BE3-AE9AC45F1188}" = CCC Help Chinese Standard
"{14AEA387-7A94-575A-4328-07BE82BD7F32}" = ATI Catalyst Install Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3253AC2A-EC76-DC6C-6ED1-EBA5E67A79A1}" = ccc-utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36B38C30-94C1-2B9C-B973-59B2FB37CCB0}" = CCC Help Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3931705A-D653-44A8-9BB5-759B7965BE99}_is1" = YABOT Build Order Editor version 1.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1FB742-A73A-2403-639F-C8CD64A70449}" = CCC Help Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{417CE154-54E7-3655-0C24-34FBFCA5163C}" = CCC Help Finnish
"{420F882E-36E5-9C3B-BF07-B0C1911F4739}" = CCC Help Italian
"{460495AF-988E-CDD4-591D-7E75AC1CAF4A}" = Catalyst Control Center Core Implementation
"{46E8BDC8-F7BD-3F44-8DA1-9B26DAB62205}" = CCC Help Swedish
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4E0BEC25-51C6-30AE-348D-AA208ABA3400}" = CCC Help Japanese
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6128B845-A2F4-283F-92B8-C02B393373A4}" = CCC Help Hungarian
"{613B9AA5-33A3-B2BB-D87D-BF7B1C02315E}" = Catalyst Control Center Localization All
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65C743AF-D881-B71D-A753-A95C5219E78B}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{836180C6-4998-B1EE-782A-EF196850A98F}" = CCC Help Turkish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84738B59-F709-5737-524D-CAC71D74C23F}" = CCC Help English
"{848249FC-EA31-81CC-914B-7401C37B03CE}" = CCC Help Russian
"{8518ECC0-0DE4-4475-D0C1-C8114A8F0C0B}" = CCC Help French
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA1963A-5234-BECC-B5E7-7469ABBC6514}" = Catalyst Control Center Graphics Light
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D540B8F-1325-CF57-0C84-B59B03B153FB}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93ABEBEB-EEE0-4AB9-A925-2F2EC791A4CE}" = Smart Technology Programming Software 7.0.2.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96CC86A2-997F-46BF-9ADF-3857DB648765}" = chessimo 3.42
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3D7DCF8-A79C-882D-1B6F-2A5106053F9B}" = CCC Help Danish
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B569783D-389B-BA36-6A8E-1457C12E77F1}" = CCC Help Thai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BDAFF03F-3E7D-427B-A658-3807C4C58B0C}" = Goldfinger 8
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C9A3120D-C729-875A-AD54-C3AE3F9C826B}" = CCC Help Korean
"{CA050D8C-770A-41A7-B966-0056456EA27E}" = Razer StarCraft II
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF051DB4-9E13-0A5B-314D-B0AC3B3BF9D9}" = CCC Help German
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8EDD457-B59B-FFC6-7E6B-749734E71D03}" = Catalyst Control Center Graphics Previews Common
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28FD821-1863-4BC0-8B8C-959EEE805FDE}" = SRS AudioFusion
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAADF6C-CB48-DE4C-C934-1A9C11F1D7AE}" = ccc-core-static
"{EF1D891C-1616-C383-AD0B-6C8B0A8F8CC9}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F231A12D-5C87-6201-DF65-25106365399D}" = Catalyst Control Center Graphics Full New
"{F25E99CD-A296-85C2-BF1A-9E6BCDE8FA4A}" = CCC Help Greek
"{F3DCF8E5-F5BA-492B-8113-7FAAED125BE0}" = capella 1200
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCB7CDF-534B-3297-8B3E-2E7587A4AE1A}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Babylon" = Babylon
"CABAL Online: Episode IV_is1" = Cabal Online Europe - Episode IV
"Camtasia Studio 3" = Camtasia Studio 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube Download_is1" = Free YouTube Download 2.6
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"Game Maker 8.0" = Game Maker 8.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Notepad++" = Notepad++
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"RocketDock_is1" = RocketDock 1.3.5
"SC2 Replay Catcher_is1" = SC2 Replay Catcher version 0.1.0.3a
"Smart Defrag_is1" = Smart Defrag
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StarCraft II" = StarCraft II
"Stardock MyColors" = Stardock MyColors
"SW-Tukupdater_is1" = SW-TukUpdater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Uninstall_is1" = Uninstall 1.0.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"ccb6737a8af9d4ff" = Lenovo Driver Download Manager
"UnityWebPlayer" = Unity Web Player
"WinPump" = WinPump
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2011 02:14:03 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 27.06.2011 07:10:46 | Computer Name = Dennis-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: pev.exe, Version: 0.0.0.0, Zeitstempel:
 0x4d334d98  Name des fehlerhaften Moduls: ADVAPI32.dll_unloaded, Version: 0.0.0.0,
 Zeitstempel: 0x4a5bd97e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7785b663  ID des fehlerhaften
 Prozesses: 0x10ec  Startzeit der fehlerhaften Anwendung: 0x01cc34badcb26d09  Pfad der
 fehlerhaften Anwendung: C:\Users\ADMINI~1\AppData\Local\Temp\RarSFX4\pev.exe  Pfad
 des fehlerhaften Moduls: ADVAPI32.dll  Berichtskennung: 1a9c5f98-a0ae-11e0-b70a-705ab65c33b2
 
Error - 27.06.2011 15:11:42 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.24.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: e98    Startzeit:
01cc34fd433820d1    Endzeit: 15    Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID:
 4791b746-a0f1-11e0-b9c2-705ab65c33b2 
 
Error - 27.06.2011 15:17:00 | Computer Name = Dennis-PC | Source = Application Hang | ID = 1002
Description = Programm OTL.exe, Version 3.2.24.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: d74    Startzeit:
01cc34feaf5feadb    Endzeit: 0    Anwendungspfad: C:\Users\Administrator\Desktop\OTL.exe

Berichts-ID:
 05a386d6-a0f2-11e0-b7a3-705ab65c33b2 
 
Error - 29.06.2011 02:53:30 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 29.06.2011 02:56:44 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.06.2011 03:02:24 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.06.2011 04:22:35 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 30.06.2011 04:25:11 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.06.2011 04:30:19 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 28.03.2011 07:25:42 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:41 - Fehler beim Herstellen der Internetverbindung.  13:25:41
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.03.2011 07:25:55 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:49 - Fehler beim Herstellen der Internetverbindung.  13:25:49
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 04:34:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:34:44 - Fehler beim Herstellen der Internetverbindung.  10:34:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 04:35:36 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:35:14 - Fehler beim Herstellen der Internetverbindung.  10:35:14
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 06:37:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:37:45 - Fehler beim Herstellen der Internetverbindung.  12:37:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 06:38:25 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:38:14 - Fehler beim Herstellen der Internetverbindung.  12:38:14
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 24.04.2011 03:57:10 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 09:54:53 - Directory konnte nicht abgerufen werden (Fehler: Die Anfrage
 wurde abgebrochen: Die Anfrage wurde abgebrochen..) 
 
Error - 24.04.2011 04:16:26 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 - MCESpotlight konnte nicht abgerufen werden (Fehler: Invalid
 security token.) 
 
[ OSession Events ]
Error - 28.09.2010 15:26:09 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3436
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 15:37:15 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1278
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 25.11.2010 16:24:56 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10330
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2010 16:19:25 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8119
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.06.2011 11:07:00 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 11:07:09 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 11:07:09 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 11:07:56 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 29.06.2011 11:12:44 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7022
Description = Der Dienst "Windows Search" wurde nicht richtig gestartet.
 
Error - 29.06.2011 15:49:23 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 15:49:24 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 15:49:31 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 15:49:31 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 29.06.2011 15:49:43 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
 
< End of report >

   ---

4. Zu den Fragen: Wie läuft dein Rechner derzeit? Er läuft eigentlich so wie immer.
   Gibt es irgendwelche Probleme? Wenn ja, beschreibe diese bitte so gut es geht. Wenn ich auf Google einen Link anklicke, leitet er mich manchmal auf falsche Seiten um. Zuerst kommt so ein "goingnearth" dann irgendeine Werbeseite. Bemerkt habe ich das gestern.

Grüße,
Deathkid

Hallo Deathkid,





Schritt # 1: TDSS Killer ausführen
Dowloade Dir bitte TDSS Killer.exe und speichere die Datei am Desktop.

• Schließe alle laufenden Programme.
• Trenne dich von Internet.
• Deaktiviere deine AntiViren Software.
• Starte TDSSkiller.exe mit Doppelklick.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Drücke auf Start scan.
  Mache während dem Scan nichts am Rechner
  
  1. Sollte das Tool keine Funde aufweisen, klicke Close um es zu schließen.
  2. Wurde etwas gefunden werden die Funde in Scan results - Select action for found objects angezeigt und geben 3 Auswahlmöglichkeiten.
     Gehe sicher das Cure ( default ) angehackt ist ! Drücke Continue --> Reboot.
• Die Logfile ist nach dem Neustart auf deinem Systemlaufwerk ( meist C: ) unter TDSSKiller_version_date_time_log.txt zu finden.
• Bitte poste mir den Inhalt hier in deinen Thread.

Schritt # 2: Benutzerdefinierter Scan mit OTL

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die http://image.hijackthis.eu/upload/hjt1-021.jpg Textbox.

• Schließe bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Nichts und danach den Scan Button.
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:

• Schau mal bitte auf das Laufwerk C. Findet sich dort ein Logfile ComboFix.txt?

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• das Logfile des TDSS Killers,
• das neue Logfile von OTL (OTL.txt) und
• die Beantwortung der gestellten Fragen.

Hallo M-K-D-B,

1. Das Logfile von TDSS-Killer(nichts gefunden):
   Code:

   ---

   2011/07/01 09:24:22.0083 5396        TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16
2011/07/01 09:24:22.0125 5396        ================================================================================
2011/07/01 09:24:22.0125 5396        SystemInfo:
2011/07/01 09:24:22.0125 5396       
2011/07/01 09:24:22.0126 5396        OS Version: 6.1.7600 ServicePack: 0.0
2011/07/01 09:24:22.0126 5396        Product type: Workstation
2011/07/01 09:24:22.0126 5396        ComputerName: DENNIS-PC
2011/07/01 09:24:22.0126 5396        UserName: Administrator
2011/07/01 09:24:22.0126 5396        Windows directory: C:\Windows
2011/07/01 09:24:22.0126 5396        System windows directory: C:\Windows
2011/07/01 09:24:22.0126 5396        Processor architecture: Intel x86
2011/07/01 09:24:22.0126 5396        Number of processors: 2
2011/07/01 09:24:22.0126 5396        Page size: 0x1000
2011/07/01 09:24:22.0126 5396        Boot type: Normal boot
2011/07/01 09:24:22.0126 5396        ================================================================================
2011/07/01 09:24:28.0258 5396        Initialize success
2011/07/01 09:24:39.0439 5348        ================================================================================
2011/07/01 09:24:39.0439 5348        Scan started
2011/07/01 09:24:39.0439 5348        Mode: Manual;
2011/07/01 09:24:39.0439 5348        ================================================================================
2011/07/01 09:24:45.0097 5348        1394ohci        (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/07/01 09:24:45.0606 5348        ACPI            (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
2011/07/01 09:24:46.0214 5348        AcpiPmi        (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/07/01 09:24:46.0978 5348        ACPIVPC        (5508e9f55799c6551d54dfbc4a068b68) C:\Windows\system32\DRIVERS\AcpiVpc.sys
2011/07/01 09:24:47.0777 5348        adp94xx        (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/07/01 09:24:47.0884 5348        adpahci        (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
2011/07/01 09:24:47.0962 5348        adpu320        (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
2011/07/01 09:24:48.0067 5348        AFD            (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
2011/07/01 09:24:48.0120 5348        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
2011/07/01 09:24:48.0194 5348        aic78xx        (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
2011/07/01 09:24:48.0308 5348        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
2011/07/01 09:24:48.0391 5348        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
2011/07/01 09:24:48.0480 5348        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
2011/07/01 09:24:48.0549 5348        AmdK8          (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
2011/07/01 09:24:48.0648 5348        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
2011/07/01 09:24:48.0731 5348        amdsata        (6f64c768a9a48fab7c6d6cee1b30f97f) C:\Windows\system32\DRIVERS\amdsata.sys
2011/07/01 09:24:48.0808 5348        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/07/01 09:24:48.0860 5348        amdxata        (e27866684780606bcce640a57937d88a) C:\Windows\system32\DRIVERS\amdxata.sys
2011/07/01 09:24:48.0968 5348        ApfiltrService  (fd6d4bc1cf7d1fec5a17588007ecafb5) C:\Windows\system32\DRIVERS\Apfiltr.sys
2011/07/01 09:24:49.0043 5348        AppID          (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
2011/07/01 09:24:49.0234 5348        arc            (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
2011/07/01 09:24:49.0288 5348        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
2011/07/01 09:24:49.0344 5348        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/07/01 09:24:49.0635 5348        atapi          (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
2011/07/01 09:24:49.0883 5348        atikmdag        (fcd4c95b1cb2a7dfbf8df5609c74734a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/07/01 09:24:50.0142 5348        AtiPcie        (aca01c43d065e546c6dc88ea669ceca6) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/07/01 09:24:50.0226 5348        avgntflt        (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/07/01 09:24:50.0345 5348        avipbb          (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/07/01 09:24:50.0689 5348        b06bdrv        (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
2011/07/01 09:24:50.0912 5348        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/07/01 09:24:51.0054 5348        BCM43XX        (61351a6aac26257f333d77ef738f3f3e) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/07/01 09:24:51.0228 5348        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
2011/07/01 09:24:51.0286 5348        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/07/01 09:24:51.0349 5348        bowser          (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
2011/07/01 09:24:51.0395 5348        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/07/01 09:24:51.0508 5348        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/07/01 09:24:51.0585 5348        Brserid        (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
2011/07/01 09:24:51.0665 5348        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/07/01 09:24:51.0711 5348        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/07/01 09:24:51.0743 5348        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/07/01 09:24:51.0771 5348        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/07/01 09:24:51.0916 5348        Cam5607        (760ea3827049d8aa59de8e413b40dfb6) C:\Windows\system32\Drivers\BisonC07.sys
2011/07/01 09:24:52.0120 5348        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
2011/07/01 09:24:52.0176 5348        cdrom          (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
2011/07/01 09:24:52.0225 5348        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
2011/07/01 09:24:52.0285 5348        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
2011/07/01 09:24:52.0409 5348        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/07/01 09:24:52.0464 5348        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
2011/07/01 09:24:52.0527 5348        CNG            (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
2011/07/01 09:24:52.0596 5348        CnxtHdAudService (bd1dc6fa3689ab875eedbf0548393900) C:\Windows\system32\drivers\CHDRT32.sys
2011/07/01 09:24:52.0716 5348        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
2011/07/01 09:24:52.0765 5348        CompositeBus    (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/07/01 09:24:52.0818 5348        crcdisk        (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/07/01 09:24:52.0925 5348        DfsC            (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
2011/07/01 09:24:52.0992 5348        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
2011/07/01 09:24:53.0025 5348        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
2011/07/01 09:24:53.0115 5348        drmkaud        (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
2011/07/01 09:24:53.0182 5348        DXGKrnl        (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
2011/07/01 09:24:53.0334 5348        ebdrv          (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
2011/07/01 09:24:53.0578 5348        elxstor        (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
2011/07/01 09:24:53.0697 5348        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
2011/07/01 09:24:53.0784 5348        exfat          (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
2011/07/01 09:24:53.0869 5348        fastfat        (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
2011/07/01 09:24:53.0963 5348        fdc            (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
2011/07/01 09:24:54.0066 5348        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
2011/07/01 09:24:54.0091 5348        Filetrace      (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
2011/07/01 09:24:54.0191 5348        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/07/01 09:24:54.0258 5348        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
2011/07/01 09:24:54.0335 5348        FsDepends      (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
2011/07/01 09:24:54.0413 5348        fssfltr        (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/07/01 09:24:54.0462 5348        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
2011/07/01 09:24:54.0521 5348        fvevol          (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
2011/07/01 09:24:54.0639 5348        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/07/01 09:24:54.0794 5348        GEARAspiWDM    (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/07/01 09:24:54.0957 5348        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
2011/07/01 09:24:55.0031 5348        HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
2011/07/01 09:24:55.0085 5348        HDAudBus        (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/07/01 09:24:55.0135 5348        HidBatt        (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/07/01 09:24:55.0235 5348        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
2011/07/01 09:24:55.0314 5348        HidIr          (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
2011/07/01 09:24:55.0390 5348        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
2011/07/01 09:24:55.0670 5348        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/07/01 09:24:55.0725 5348        HTTP            (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
2011/07/01 09:24:55.0757 5348        hwpolicy        (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
2011/07/01 09:24:55.0781 5348        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/07/01 09:24:55.0862 5348        iaStorV        (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
2011/07/01 09:24:56.0067 5348        iirsp          (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
2011/07/01 09:24:56.0152 5348        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
2011/07/01 09:24:56.0223 5348        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
2011/07/01 09:24:56.0302 5348        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/07/01 09:24:56.0354 5348        IPMIDRV        (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/07/01 09:24:56.0403 5348        IPNAT          (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
2011/07/01 09:24:56.0550 5348        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
2011/07/01 09:24:56.0595 5348        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
2011/07/01 09:24:56.0679 5348        iScsiPrt        (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/07/01 09:24:56.0764 5348        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/07/01 09:24:56.0811 5348        kbdhid          (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/07/01 09:24:56.0856 5348        KSecDD          (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
2011/07/01 09:24:56.0906 5348        KSecPkg        (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
2011/07/01 09:24:56.0968 5348        L1C            (3705b2273e8efc9a707864ab7324b614) C:\Windows\system32\DRIVERS\L1C62x86.sys
2011/07/01 09:24:57.0077 5348        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/07/01 09:24:57.0167 5348        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/07/01 09:24:57.0201 5348        LSI_SAS        (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/07/01 09:24:57.0252 5348        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/07/01 09:24:57.0291 5348        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/07/01 09:24:57.0344 5348        luafv          (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
2011/07/01 09:24:57.0429 5348        MBAMProtector  (3d2c13377763eeac0ca6fb46f57217ed) C:\Windows\system32\drivers\mbam.sys
2011/07/01 09:24:57.0564 5348        megasas        (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
2011/07/01 09:24:57.0677 5348        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/07/01 09:24:57.0827 5348        Modem          (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
2011/07/01 09:24:57.0920 5348        monitor        (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
2011/07/01 09:24:57.0980 5348        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
2011/07/01 09:24:58.0036 5348        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
2011/07/01 09:24:58.0093 5348        mountmgr        (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
2011/07/01 09:24:58.0141 5348        mpio            (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
2011/07/01 09:24:58.0185 5348        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
2011/07/01 09:24:58.0232 5348        MRxDAV          (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
2011/07/01 09:24:58.0295 5348        mrxsmb          (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/07/01 09:24:58.0332 5348        mrxsmb10        (c108952d3660375dcb716b222912e868) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/07/01 09:24:58.0369 5348        mrxsmb20        (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/07/01 09:24:58.0413 5348        msahci          (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
2011/07/01 09:24:58.0458 5348        msdsm          (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
2011/07/01 09:24:58.0499 5348        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
2011/07/01 09:24:58.0541 5348        mshidkmdf      (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
2011/07/01 09:24:58.0579 5348        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/07/01 09:24:58.0718 5348        MSKSSRV        (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
2011/07/01 09:24:58.0800 5348        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/07/01 09:24:58.0841 5348        MSPQM          (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
2011/07/01 09:24:58.0891 5348        MsRPC          (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
2011/07/01 09:24:58.0932 5348        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/07/01 09:24:58.0971 5348        MSTEE          (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
2011/07/01 09:24:59.0007 5348        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/07/01 09:24:59.0032 5348        Mup            (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
2011/07/01 09:24:59.0116 5348        NativeWifiP    (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
2011/07/01 09:24:59.0181 5348        NDIS            (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
2011/07/01 09:24:59.0242 5348        NdisCap        (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/07/01 09:24:59.0300 5348        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/07/01 09:24:59.0386 5348        Ndisuio        (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/07/01 09:24:59.0492 5348        NdisWan        (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/07/01 09:24:59.0538 5348        NDProxy        (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
2011/07/01 09:24:59.0582 5348        NetBIOS        (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
2011/07/01 09:24:59.0648 5348        NetBT          (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
2011/07/01 09:24:59.0808 5348        nfrd960        (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/07/01 09:24:59.0900 5348        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
2011/07/01 09:25:00.0050 5348        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
2011/07/01 09:25:00.0148 5348        Ntfs            (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
2011/07/01 09:25:00.0233 5348        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
2011/07/01 09:25:00.0291 5348        nvraid          (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
2011/07/01 09:25:00.0367 5348        nvstor          (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
2011/07/01 09:25:00.0495 5348        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/07/01 09:25:00.0571 5348        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/07/01 09:25:00.0734 5348        Parport        (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
2011/07/01 09:25:00.0770 5348        partmgr        (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
2011/07/01 09:25:00.0816 5348        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
2011/07/01 09:25:00.0871 5348        pci            (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
2011/07/01 09:25:00.0926 5348        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
2011/07/01 09:25:00.0959 5348        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/07/01 09:25:01.0003 5348        pcw            (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
2011/07/01 09:25:01.0047 5348        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
2011/07/01 09:25:01.0544 5348        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
2011/07/01 09:25:01.0602 5348        Processor      (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
2011/07/01 09:25:01.0702 5348        psadd          (651d3abc1d82d61b6cfb40cb947b3db3) C:\Windows\system32\DRIVERS\psadd.sys
2011/07/01 09:25:01.0756 5348        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
2011/07/01 09:25:01.0843 5348        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
2011/07/01 09:25:01.0923 5348        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/07/01 09:25:01.0969 5348        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
2011/07/01 09:25:02.0010 5348        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
2011/07/01 09:25:02.0076 5348        RasAgileVpn    (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/07/01 09:25:02.0128 5348        Rasl2tp        (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/07/01 09:25:02.0191 5348        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/07/01 09:25:02.0223 5348        RasSstp        (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
2011/07/01 09:25:02.0263 5348        rdbss          (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
2011/07/01 09:25:02.0312 5348        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/07/01 09:25:02.0350 5348        RDPCDD          (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/07/01 09:25:02.0397 5348        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
2011/07/01 09:25:02.0435 5348        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
2011/07/01 09:25:02.0477 5348        RDPWD          (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
2011/07/01 09:25:02.0529 5348        rdyboost        (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
2011/07/01 09:25:02.0593 5348        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
2011/07/01 09:25:02.0697 5348        RSUSBSTOR      (83f7a29b659771e60cd71999ef57aa0c) C:\Windows\system32\Drivers\RtsUStor.sys
2011/07/01 09:25:02.0782 5348        SaiK0728        (3c487b02017a5dd97e4a6b6032a3693b) C:\Windows\system32\DRIVERS\SaiK0728.sys
2011/07/01 09:25:02.0857 5348        SaiK0CFA        (f394d70aac064bdf56ccaa3ebb63db77) C:\Windows\system32\DRIVERS\SaiK0CFA.sys
2011/07/01 09:25:02.0939 5348        SaiMini        (c16d95bd9fdb381689053cb5ecac9e40) C:\Windows\system32\DRIVERS\SaiMini.sys
2011/07/01 09:25:02.0989 5348        SaiNtBus        (e549bf8b944a6cc6356b322cbb83c796) C:\Windows\system32\drivers\SaiBus.sys
2011/07/01 09:25:03.0047 5348        SaiU0CFA        (3ae01d8d88d1f360b6a1ecd50522b6f3) C:\Windows\system32\DRIVERS\SaiU0CFA.sys
2011/07/01 09:25:03.0114 5348        sbp2port        (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/07/01 09:25:03.0262 5348        SCDEmu          (20b2751cd4c8f3fd989739ca661b9f30) C:\Windows\system32\drivers\SCDEmu.sys
2011/07/01 09:25:03.0307 5348        scfilter        (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
2011/07/01 09:25:03.0388 5348        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/07/01 09:25:03.0448 5348        Serenum        (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
2011/07/01 09:25:03.0531 5348        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
2011/07/01 09:25:03.0580 5348        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
2011/07/01 09:25:03.0650 5348        sffdisk        (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/07/01 09:25:03.0677 5348        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/07/01 09:25:03.0715 5348        sffp_sd        (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/07/01 09:25:03.0741 5348        sfloppy        (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/07/01 09:25:03.0784 5348        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
2011/07/01 09:25:03.0837 5348        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/07/01 09:25:03.0871 5348        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/07/01 09:25:03.0930 5348        Smb            (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
2011/07/01 09:25:03.0993 5348        spldr          (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
2011/07/01 09:25:04.0094 5348        sptd            (c4bb8a12843d9cbb65f5ff617f389bbd) C:\Windows\System32\Drivers\sptd.sys
2011/07/01 09:25:04.0190 5348        SRS_AudioFusion_Service (959f0206d46ce43f1eb0a5b4d508b35f) C:\Windows\system32\drivers\SRS_AudioFusion_i386.sys
2011/07/01 09:25:04.0250 5348        srv            (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
2011/07/01 09:25:04.0309 5348        srv2            (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
2011/07/01 09:25:04.0371 5348        srvnet          (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
2011/07/01 09:25:04.0443 5348        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/07/01 09:25:04.0529 5348        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
2011/07/01 09:25:04.0680 5348        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
2011/07/01 09:25:04.0836 5348        Tcpip          (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\drivers\tcpip.sys
2011/07/01 09:25:04.0991 5348        TCPIP6          (0158d5e9982e9d6a90dfc802f618e130) C:\Windows\system32\DRIVERS\tcpip.sys
2011/07/01 09:25:05.0073 5348        tcpipreg        (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
2011/07/01 09:25:05.0127 5348        TDPIPE          (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
2011/07/01 09:25:05.0169 5348        TDTCP          (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
2011/07/01 09:25:05.0193 5348        tdx            (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
2011/07/01 09:25:05.0230 5348        TermDD          (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
2011/07/01 09:25:05.0290 5348        tssecsrv        (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/07/01 09:25:05.0337 5348        tunnel          (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
2011/07/01 09:25:05.0380 5348        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
2011/07/01 09:25:05.0459 5348        udfs            (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
2011/07/01 09:25:05.0534 5348        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/07/01 09:25:05.0574 5348        umbus          (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
2011/07/01 09:25:05.0660 5348        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
2011/07/01 09:25:05.0846 5348        usbaudio        (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
2011/07/01 09:25:05.0899 5348        usbccgp        (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/07/01 09:25:05.0948 5348        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
2011/07/01 09:25:06.0003 5348        usbehci        (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
2011/07/01 09:25:06.0067 5348        usbfilter      (2fed4ba0fde5eb4b624f20b629f8f9e2) C:\Windows\system32\DRIVERS\usbfilter.sys
2011/07/01 09:25:06.0120 5348        usbhub          (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
2011/07/01 09:25:06.0159 5348        usbohci        (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\DRIVERS\usbohci.sys
2011/07/01 09:25:06.0222 5348        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
2011/07/01 09:25:06.0283 5348        usbscan        (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
2011/07/01 09:25:06.0333 5348        USBSTOR        (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\drivers\USBSTOR.SYS
2011/07/01 09:25:06.0408 5348        usbuhci        (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\drivers\usbuhci.sys
2011/07/01 09:25:06.0463 5348        usbvideo        (b5f6a992d996282b7fae7048e50af83a) C:\Windows\System32\Drivers\usbvideo.sys
2011/07/01 09:25:06.0535 5348        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/07/01 09:25:06.0791 5348        vga            (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/07/01 09:25:06.0828 5348        VgaSave        (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
2011/07/01 09:25:06.0877 5348        vhdmp          (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/07/01 09:25:06.0940 5348        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
2011/07/01 09:25:06.0971 5348        ViaC7          (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
2011/07/01 09:25:07.0011 5348        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
2011/07/01 09:25:07.0054 5348        volmgr          (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/07/01 09:25:07.0093 5348        volmgrx        (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
2011/07/01 09:25:07.0129 5348        volsnap        (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
2011/07/01 09:25:07.0216 5348        vsmraid        (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/07/01 09:25:07.0264 5348        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/07/01 09:25:07.0305 5348        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/07/01 09:25:07.0361 5348        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
2011/07/01 09:25:07.0384 5348        WANARP          (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/01 09:25:07.0471 5348        Wanarpv6        (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
2011/07/01 09:25:07.0571 5348        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
2011/07/01 09:25:07.0656 5348        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
2011/07/01 09:25:07.0772 5348        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/07/01 09:25:07.0838 5348        WimFltr        (f9ad3a5e3fd7e0bdb18b8202b0fdd4e4) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/07/01 09:25:07.0880 5348        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
2011/07/01 09:25:08.0035 5348        WmiAcpi        (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/07/01 09:25:08.0117 5348        ws2ifsl        (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/07/01 09:25:08.0265 5348        wsvd            (baedc491374defd5e76336901d6d397d) C:\Windows\system32\DRIVERS\wsvd.sys
2011/07/01 09:25:08.0327 5348        WudfPf          (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
2011/07/01 09:25:08.0384 5348        WUDFRd          (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/07/01 09:25:08.0467 5348        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/07/01 09:25:08.0491 5348        Boot (0x1200)  (78ecc471e9908d9a489543a6f808b587) \Device\Harddisk0\DR0\Partition0
2011/07/01 09:25:08.0516 5348        Boot (0x1200)  (d2a26fbfb5b4009f6ba433bc7e8fbebc) \Device\Harddisk0\DR0\Partition1
2011/07/01 09:25:08.0551 5348        Boot (0x1200)  (c692a074ffaf54aeae7042934a2ff5f8) \Device\Harddisk0\DR0\Partition2
2011/07/01 09:25:08.0557 5348        ================================================================================
2011/07/01 09:25:08.0557 5348        Scan finished
2011/07/01 09:25:08.0557 5348        ================================================================================
2011/07/01 09:25:08.0572 1580        Detected object count: 0
2011/07/01 09:25:08.0572 1580        Actual detected object count: 0
2011/07/01 09:26:10.0178 5068        Deinitialize success

   ---

2. Das OTL Logfile:
   Code:

   ---

   OTL logfile created on: 01.07.2011 09:28:25 - Run 5
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,97 Gb Available Physical Memory | 55,63% Memory free
6,98 Gb Paging File | 5,98 Gb Available in Paging File | 85,61% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 47,85 Gb Free Space | 31,14% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 6,15 Gb Free Space | 7,88% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
 
< C:\ComboFix /S >
 
< C:\Qoobox /S >
 
< C:\ProgramData\bL28601DaMcK28601 /S >
[2011.06.26 22:58:36 | 000,000,192 | ---- | M] () -- C:\ProgramData\bL28601DaMcK28601\bL28601DaMcK28601
 
< C:\Windows\PIF /S >
 
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: VOLSNAP.SYS  >
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\drivers\volsnap.sys
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\System32\DriverStore\FileRepository\volume.inf_x86_neutral_29364d30156a24ca\volsnap.sys
[2009.07.14 03:19:10 | 000,245,328 | ---- | M] (Microsoft Corporation) MD5=58DF9D2481A56EDDE167E51B334D44FD -- C:\Windows\winsxs\x86_volume.inf_31bf3856ad364e35_6.1.7600.16385_none_158d0da45d68903e\volsnap.sys
[2010.11.20 14:30:16 | 000,245,632 | ---- | M] (Microsoft Corporation) MD5=F497F67932C6FA693D7DE2780631CFE7 -- C:\Windows\SoftwareDistribution\Download\18e2c83e42cc8f0cc17b5dbfaf982690\x86_volume.inf_31bf3856ad364e35_6.1.7601.17514_none_17be216c5a5713d8\volsnap.sys

< End of report >

   ---

3. Fragen: Schau mal bitte auf das Laufwerk C. Findet sich dort ein Logfile ComboFix.txt? Nein
   
   Grüße,
   Deathkid

Hallo Deathkid535,




Vielleicht bringen wir ComboFix zum Laufen, wenn wir vorher Avira deinstallieren.




Schritt # 1: Deinstallation von Programmen

• Folge folgendem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
• Suche in der Liste Software mit dem folgenden Namen
  • Avira AntiVir
  und deinstalliere das Programm.
• Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.

Achte darauf, dass du ComboFix mit Rechtsklick als Administrator ausführst!
Lösche die ComboFix.exe zuvor von deinem Desktop!




Schritt # 2: ComboFix ausführen

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

• Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
• Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
• ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
• Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.





Schritt # 3: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• das Logfile von ComboFix.

Hallo M-K-D-B,
Ich habe Avira deinstalliert, Computer neugestartet, aber Combofik bleibt bei "... kann sich die Zeit verdoppeln" hängen. Ich habe auch schon versucht, ComboFix über die Befehlszeile auszuführen. Ausserdem jammert das Programm noich immer rum, dass AntiVir Desktop aktiv ist.

Hallo Deathkid535,


Wenns nicht will, dann wills halt nicht. :)

Wir machen so weiter:



Schritt # 1: Fix mit OTL

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

• Schließe bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
  ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
  Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)

• Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
• Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
• Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
• Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
• Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
• Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt # 3: Scan mit SuperAntiSpyware (SAS)
Downloade Dir bitte SUPERAntiSpyware FREE Edition

• Installiere das Programm und lasse das Programm die neuesten Definition und Updates laden.
• Schließe alle Anwendungen inkl. Browser.
• Öffne SUPERAntiSpyware und klicke auf Ihren Computer durchsuchen.
• Setze ein Häkchen bei Kompletter Scan und klicke auf Weiter.
• Wenn der Suchlauf beendet ist, wird Dir eine Übersicht mit den Funden angezeigt, die Du mit OK zur Kenntnis nimmst.
• Achte darauf, dass bei allen Funden ein Häkchen steht, klicke dann auf Weiter und OK.
• Klicke auf Fertig stellen, was Dich ins Hauptfenster bringt.
• Es kann sein, dass Dein Rechner neu gestartet werden muss, um Malware mit dem Neustart vom System zu entfernen.
• Um das Logfile zu erhalten, musst du erst auf Präferenzen und dann auf den Statistiken und Protokolle klicken.
• Klicke auf das datierte Logfile, drücke auf Protokoll anzeigen. Nun erscheint ein Textfenster.
• Bitte kopiere diesen Bericht hier in den Thread.

Schritt # 4: Rootkitscan mit Rootkit Unhooker (RKU)
Downloade Dir bitte RKUnhookerLE
und speichere die Datei auf deinem Desktop.

• Trenne dich vom Internet ( Wlan nicht vergessen ), deaktiviere alle Hintergrundwächter, besonders den deiner Anti-Viren Software.
• Schließe alle offenen Programme.
• Starte die RKUnhookerLE.exe
  Windows Vista und Windows 7 mit Rechtsklick "Als Administrator ausführen"
• Klicke rechts auf Report und anschließend auf den Scan Button.
• Setze ein Häkchen vor
  • Drivers
  • Stealth Code
  • Code Hooks
• Entferne alle anderen Haken.
• Bestätige mit Ok.
• Wenn Du gefragt wirst, welcher Bereich gescannt werden soll, gehe sicher das dein Systemlaufwerk ( meistens C: ) angehakt ist. Deaktiviere alle anderen Laufwerke. Bestätige wieder mit Ok.
• Das Tool scannt nun deinen Rechner. Hab Geduld.
• Wenn der Scan beendet ist, klicke auf File -> Save Report
• Speichere die Datei als RKU.txt auf deinem Desktop.
• Klicke auf Close und bestätige mit Ja.
• Poste das Logfile mit deiner nächsten Antwort.

Hinweis: Solltest Du folgende Warnung bekommen
Klicke auf OK





Schritt # 5: Systemscan mit OTL

• Starte bitte OTL.exe.
• Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
• Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 6: Fragen beantworten
Bitte beantworte mir folgende Fragen:

• Wirst du immer noch auf Google-Suchen umgeleitet?
• Wenn ja, tritt das Problem mit dem Internet Explorer und Firefox auf? Teste und berichte bitte.

Schritt # 7: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• das Logfile des OTL-Fix,
• das Logfile von MBAM,
• das Logfile von SAS,
• das Logfile von RKU,
• die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt) und
• die Beantwortung der gestellten Fragen.

Hallo M-K-D-B,[LIST=1][*]Das OTL Fixfile: [*]Das Logfile von MBAM [*]Das File von SAS[*]Das RKU Logfile:

Das OTL Logfile:[*]Das OTL Extrascanfile: [*]Fragen: Wirst du immer noch auf Google-Suchen umgeleitet? Ja
Wenn ja, tritt das Problem mit dem Internet Explorer und Firefox auf? Teste und berichte bitte. Ja[/LIST]Achja, darf ich Avira wieder Installieren oder wäre das eher nicht empfehlenswert?
Sry, dass ich das ganze in 2 Seiten Posten musste, nicht genügend Schriftzeichenplätze :P
MFG,
Deathkid

Hallo Deathkid,



Aufgrund der Umleitungen vermute ich ein Rootkit. Wir müssen es möglichst schnell finden:



Schritt # 1: AV Programm installieren
Wenn du bei Avira bleiben möchtest, kannst du es wieder installieren.
Wir empfehlen seit kurzem Avira nicht mehr. Den Grund dafür findest du hier: aviras neue partner: uniblue und ask

Wir empfehlen nur noch Avast! Free und Microsoft Security Essentials. Solltest du dich dennoch für Avira entscheiden, so empfehle ich dir bei der Installation die vorgeschlagene Toolbar nicht mit zu installieren.





Schritt # 2: Kontrolle mit VirusTotal
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

• Klicke auf Durchsuchen
• Kopiere nun folgendes in die Suchleiste.
  
  Code:

  ---

  C:\Windows\System32\drivers\volsnap.sys

  ---

• und klicke auf Öffnen.
• Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen.
klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.





Schritt # 3: Benutzerdefinierter Scan mit OTL

• Starte bitte die OTL.exe.
  Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die http://image.hijackthis.eu/upload/hjt1-021.jpg Textbox.

• Schließe bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Nichts und danach den Scan Button.
• Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 4: Stoppen von Treibern mit Defogger

• Starte das Tool mit Doppelklick.
  Vista und Windows 7 User: Bitte mit Rechtsklick "als Administrator starten".
• Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
• Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
• Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
• DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.





Schritt # 5: aswMBR.exe ausführen

• Starte die aswMBR.exe - (aswMBR.exe Anleitung)
  Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
• Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
  Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
• Klicke auf Scan.
• Warte bitte bis Scan finished successfully im DOS Fenster steht.
• Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.





Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• den Link zum Ergebnis von VirusTotal,
• das Logfile von OTL (OTL.txt),
• das Logfile von Defogger und
• das Logfile von aswMBR.

Hallo M-K-D-B,
Hier die benötigten Infromationen:

1. hxxp://www.virustotal.com/file-scan/report.html?id=c77d7be83cf1c0dec80429c5a519e794fd2e8c1e6dad6f5c92b5eb5694ceb8ea-1309616936
2. Das Logfile von OTL:
   Code:

   ---

   OTL logfile created on: 03.07.2011 11:29:20 - Run 7
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,87 Gb Available Physical Memory | 49,88% Memory free
6,98 Gb Paging File | 5,87 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 70,74 Gb Free Space | 46,03% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 35,64 Gb Free Space | 45,68% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
 
========== Custom Scans ==========
 
 
< C:\ProgramData\bL28601DaMcK28601\bL28601DaMcK28601 /S >
[2011.06.26 22:58:36 | 000,000,192 | ---- | M] () -- C:\ProgramData\bL28601DaMcK28601\bL28601DaMcK28601
 
< C:\Qoobox /s >

< End of report >

   ---

3. Das Logfile von Defogger:
   Code:

   ---

   defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:39 on 03/07/2011 (Administrator)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Already disabled


-=E.O.F=-

   ---

4. Das Logfile von awsMBR:
   Code:

   ---

   aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-03 17:39:22
-----------------------------
17:39:22.779    OS Version: Windows 6.1.7600
17:39:22.779    Number of processors: 2 586 0x602
17:39:22.787    ComputerName: DENNIS-PC  UserName:
17:39:53.175    Initialize success
17:39:54.833    AVAST engine defs: 11070300
17:40:07.063    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
17:40:07.069    Disk 0 Vendor: ST925031 0010 Size: 238475MB BusType: 11
17:40:09.160    Disk 0 MBR read successfully
17:40:09.168    Disk 0 MBR scan
17:40:09.208    Disk 0 Windows 7 default MBR code
17:40:11.322    Disk 0 scanning sectors +488397168
17:40:11.333    Disk 0 scanning C:\Windows\system32\drivers
17:40:28.867    Service scanning
17:40:30.924    Disk 0 trace - called modules:
17:40:31.076    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys
17:40:31.087    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859937c8]
17:40:31.100    3 CLASSPNP.SYS[8857959e] -> nt!IofCallDriver -> [0x85968020]
17:40:31.113    5 amdxata.sys[881807b6] -> nt!IofCallDriver -> [0x85960908]
17:40:31.134    7 ACPI.sys[833a03b2] -> nt!IofCallDriver -> \Device\0000005b[0x8584f238]
17:40:35.819    AVAST engine scan C:\Windows
17:51:01.092    Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
17:51:01.164    The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"


aswMBR version 0.9.7.675 Copyright(c) 2011 AVAST Software
Run date: 2011-07-03 17:53:00
-----------------------------
17:53:00.818    OS Version: Windows 6.1.7600
17:53:00.818    Number of processors: 2 586 0x602
17:53:00.821    ComputerName: DENNIS-PC  UserName:
17:53:35.981    Initialize success
17:53:36.638    AVAST engine defs: 11070300
17:55:13.754    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
17:55:13.759    Disk 0 Vendor: ST925031 0010 Size: 238475MB BusType: 11
17:55:15.844    Disk 0 MBR read successfully
17:55:17.869    Disk 0 MBR scan
17:55:17.939    Disk 0 Windows 601 MBR fixed successfully
17:55:17.872    Disk 0 Windows 7 default MBR code
17:55:20.012    Disk 0 scanning sectors +488397168
17:55:20.031    Disk 0 scanning C:\Windows\system32\drivers
17:55:36.279    Service scanning
17:55:38.284    Disk 0 trace - called modules:
17:55:38.471    ntkrnlpa.exe CLASSPNP.SYS disk.sys amdxata.sys ACPI.sys halmacpi.dll storport.sys amdsata.sys
17:55:38.483    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x859937c8]
17:55:38.496    3 CLASSPNP.SYS[8857959e] -> nt!IofCallDriver -> [0x85968020]
17:55:38.518    5 amdxata.sys[881807b6] -> nt!IofCallDriver -> [0x85960908]
17:55:38.529    7 ACPI.sys[833a03b2] -> nt!IofCallDriver -> \Device\0000005b[0x8584f238]
17:55:44.254    AVAST engine scan C:\Windows
18:22:11.747    Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
18:22:11.832    The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

   ---

Grüße,
Deathkid

Hallo deathkid,





Schritt # 1: FixTDSS ausführen
Downloade dir bitte FixTDSS.exe und speichere die Datei am Desktop.

• Beende alle laufenden Programme und schließe alle offenen Fenster.
• Starte die FixTDSS.exe.
  Windows Vista und 7 Nutzer mit Rechtsklick "Als Administrator ausführen"
• Akzeptiere die Nutzungsbedingungen.
• Klicke anschließend auf Proceed und bestätige mit Ok.
• Das Tool wird dein Rechner neu starten.
• Gegebenenfalls musst du die Ausführung von FixTDSS.exe nochmals erlauben.
• Anschließend wird das Tool automatisch den Suchlauf starten.
• Nach Ende des Suchlaufs erscheint ein kleines Fenster von FixTDSS mit einer Nachricht.
  Poste diese mit deiner nächsten Antwort.
• Starte deinen Rechner zum Abschluss neu auf.

Schritt # 2: Batch Datei ausführen
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

• Wähle Datei --> Speichern unter
• Dateiname: fix1.bat
• Dateityp: Wähle Alle Dateien (*.*)
• Speichere die Datei auf deinem Desktop.
  Es sollte nun ungefähr so aussehen http://larusso.trojaner-board.de/Images/bat.jpg
• Starte die fix1.bat.
  Vista und Win7 User: Mit Rechtsklick "als Administrator starten"
• Es öffnet sich die Textdatei ergebnis.txt. Diese Datei befindet sich auch auf deinem Desktop.

Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:

• Wirst du immer noch auf Seiten umgeleitet, wenn du über Google nach etwas suchst?
• Hast du bei dem Tool aswMBR auf den Button Fix oder FixMBR gedrückt? Ich frage wegen dieser Zeile:
  
  Zitat:

  17:55:17.939 Disk 0 Windows 601 MBR fixed successfully

  Soweit ich weiß, fixt das Tool den MBR nicht von alleine.

Schritt # 4: Systemscan mit OTL

• Starte bitte OTL.exe.
• Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
• Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

• die Nachricht von FixTDSS,
• das Ergebnis der Batch Datei,
• die Beantwortung der gestellten Fragen und
• die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

Hallo M-K-D-B,

1. Die Nachricht von fixTDSS:
   Code:

   ---

   Backdoor.Tidserv has not been found on your computer

   ---

2. Ergebnis.txt:
   Code:

   ---

   Das System kann die angegebene Datei nicht finden.

   ---

3. Fragen:Wirst du immer noch auf Seiten umgeleitet, wenn du über Google nach etwas suchst? Ja.
   Hast du bei dem Tool aswMBR auf den Button Fix oder FixMBR gedrückt? Nicht, dass ich wüsste, vielleicht hab ich mich verklickt..
4. Das OTL Logfile:
   
   Code:

   ---

   OTL logfile created on: 03.07.2011 22:47:54 - Run 8
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 45,66% Memory free
6,98 Gb Paging File | 5,74 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 70,08 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 35,21 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
PRC - C:\Programme\Google\Update\1.3.21.57\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Users\Administrator\AppData\Local\Apps\2.0\W55HJDXV.742\KR5R0CNL.RO1\curs..tion_eee711038731a406_0004.0000_efb506202a7c3b08\CurseClient.exe (Curse)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\IObit\IObit SmartDefrag\IObit SmartDefrag.exe (IObit)
PRC - C:\Programme\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
PRC - C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Administrator\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcr90.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcp90.dll (Microsoft Corporation)
MOD - C:\Programme\AVAST Software\Avast\snxhk.dll (AVAST Software)
MOD - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome10browserrecordhelper.dll (RealNetworks, Inc.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (SUService) -- C:\Program Files\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AcSvc) -- C:\Programme\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Programme\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WindowBlinds) -- C:\Programme\Stardock\MyColors\VistaSrv.exe (Stardock Corporation)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (SRS_AudioFusion_Service) -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (SaiNtBus) -- C:\Windows\System32\drivers\SaiBus.sys (Saitek)
DRV - (SaiMini) -- C:\Windows\System32\drivers\SaiMini.sys (Saitek)
DRV - (SaiK0CFA) -- C:\Windows\System32\drivers\SaiK0CFA.sys (Saitek)
DRV - (SaiU0CFA) -- C:\Windows\System32\drivers\SaiU0CFA.sys (Saitek)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (wsvd) -- C:\Windows\System32\drivers\wsvd.sys (CyberLink)
DRV - (WimFltr) -- C:\Windows\System32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (SaiK0728) -- C:\Windows\System32\drivers\SaiK0728.sys (Saitek)
DRV - (ACPIVPC) -- C:\Windows\System32\drivers\AcpiVpc.sys (Lenovo Corporation)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 5B 60 61 79 69 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2851647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.com/ig"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=toolbar2&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.03.13 19:28:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.04.28 20:56:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.02 16:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.28 20:55:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.28 20:56:19 | 000,000,000 | ---D | M]
 
[2010.10.14 20:00:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Extensions
[2011.07.03 13:22:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions
[2011.05.22 20:40:15 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2011.06.23 13:09:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.05.07 08:23:55 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Administrator\AppData\Roaming\mozilla\Firefox\Profiles\0q27vfov.default\extensions\battlefieldplay4free@ea.com
[2011.05.20 21:44:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Programme\Mozilla Firefox\extensions\adapter@babylontc.com
File not found (No name found) --
[2011.07.02 16:23:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2010.07.02 16:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.02 17:21:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.12.16 14:31:09 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.04.26 18:15:44 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\ADAPTER@BABYLONTC.COM
[2011.04.28 20:56:01 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{20A82645-C095-46ED-80E3-08825760534B}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
() (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0Q27VFOV.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM.XPI
[2011.03.18 19:56:37 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2010.11.12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.26 18:13:26 | 000,002,226 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.27 21:45:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1      localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (@C:\Program Files\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Programme\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)
O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(Beijing)Limited)
O4 - HKLM..\Run: [Google Quick Search Box] C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe (Google Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 192.168.0.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GO36F4~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\configure\command - "" = H:\SETUP.EXE
O33 - MountPoints2\H\Shell\install\command - "" = H:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.03 22:15:02 | 001,932,256 | ---- | C] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixTDSS.exe
[2011.07.02 16:24:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.07.02 16:24:39 | 000,019,544 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2011.07.02 16:24:38 | 000,307,928 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2011.07.02 16:24:29 | 000,025,432 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2011.07.02 16:24:28 | 000,049,240 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2011.07.02 16:24:25 | 000,441,176 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2011.07.02 16:24:21 | 000,053,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2011.07.02 16:23:54 | 000,040,112 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.07.02 16:23:53 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2011.07.02 16:23:44 | 000,000,000 | ---D | C] -- C:\Programme\AVAST Software
[2011.07.02 16:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2011.07.01 19:33:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\!BugGrabber
[2011.07.01 17:51:29 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\SUPERAntiSpyware.com
[2011.07.01 17:51:29 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.07.01 17:50:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.07.01 17:50:14 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.07.01 14:17:01 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011.07.01 09:21:05 | 001,448,752 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2011.06.30 09:05:29 | 000,100,736 | ---- | C] (GMER) -- C:\pwdirpog.sys
[2011.06.29 12:25:32 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011.06.29 12:25:31 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011.06.29 12:25:30 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011.06.29 12:25:30 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011.06.29 12:25:30 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011.06.29 12:25:30 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011.06.28 21:15:18 | 004,130,198 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.06.28 16:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.06.28 16:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.06.28 16:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.06.28 15:05:22 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.06.28 15:00:55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.06.27 21:06:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.06.27 20:55:08 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011.06.27 20:55:07 | 000,000,000 | ---D | C] -- C:\Programme\VS Revo Group
[2011.06.27 19:18:41 | 001,904,128 | ---- | C] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\RealUI 0612
[2011.06.27 12:09:11 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.26 22:50:35 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2011.06.24 10:38:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.06.22 19:34:53 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\RIFT
[2011.06.22 19:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RIFT
[2011.06.22 19:34:45 | 000,000,000 | ---D | C] -- C:\Programme\RIFT Game
[2011.06.22 07:50:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.06.20 19:16:22 | 000,000,000 | ---D | C] -- C:\Users\Administrator\Desktop\LeilaUI 3.13
[2011.06.18 09:43:48 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011.06.17 14:37:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.06.17 14:37:45 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.06.17 14:37:45 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.06.17 14:37:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.06.17 14:37:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.06.17 14:37:44 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.06.17 14:37:44 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.06.17 14:37:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.06.17 14:37:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.06.17 14:37:43 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.06.17 14:37:43 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.06.16 13:23:54 | 000,000,000 | ---D | C] -- C:\Users\Administrator\dwhelper
[2011.06.11 22:47:19 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2011.06.11 22:46:37 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.06.11 22:46:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.06.11 22:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.06.11 22:46:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.06.11 22:46:31 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.06.10 21:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\chessimo
[2011.06.10 21:15:36 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RICHTX32.OCX
[2011.06.10 21:15:36 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSFLXGRD.OCX
[2011.06.10 21:15:36 | 000,152,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\COMDLG32.OCX
[2011.06.10 21:15:36 | 000,132,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2011.06.10 21:15:36 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SYSINFO.OCX
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Programme\chessimo
[2011.06.10 21:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\8 x 8 Media AG
[2011.06.10 21:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011.06.07 13:06:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.06.07 12:56:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.03 22:48:28 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.03 22:48:28 | 000,015,008 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.03 22:42:14 | 000,001,022 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.07.03 22:39:57 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.03 22:39:56 | 000,000,398 | ---- | M] () -- C:\Windows\tasks\AutoSmartDefrag.job
[2011.07.03 22:39:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.03 22:39:35 | 1406,300,160 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.03 22:19:13 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.03 22:15:34 | 001,932,256 | ---- | M] (Symantec Corporation) -- C:\Users\Administrator\Desktop\FixTDSS.exe
[2011.07.03 22:09:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000UA.job
[2011.07.03 22:00:27 | 000,000,400 | ---- | M] () -- C:\Windows\tasks\SmartDefrag.job
[2011.07.03 20:49:05 | 000,000,728 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011.07.03 20:09:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1140944107-3424129360-3757389648-1000Core.job
[2011.07.03 18:22:11 | 000,000,512 | ---- | M] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011.07.02 16:24:41 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.02 16:24:21 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.07.01 19:21:43 | 000,139,264 | ---- | M] () -- C:\Users\Administrator\Desktop\RKUnhookerLE.EXE
[2011.07.01 17:50:19 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.07.01 13:42:05 | 004,130,198 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2011.07.01 09:21:11 | 001,448,752 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Administrator\Desktop\tdsskiller.exe
[2011.06.30 09:05:29 | 000,100,736 | ---- | M] (GMER) -- C:\pwdirpog.sys
[2011.06.30 09:03:59 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.29 17:08:02 | 000,449,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.06.27 21:45:14 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011.06.27 20:55:08 | 000,001,222 | ---- | M] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 19:19:02 | 001,904,128 | ---- | M] (AVAST Software) -- C:\Users\Administrator\Desktop\aswMBR.exe
[2011.06.27 13:13:38 | 000,027,484 | ---- | M] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:26 | 000,302,592 | ---- | M] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:09:21 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
[2011.06.27 12:05:08 | 000,000,020 | ---- | M] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:04 | 000,050,477 | ---- | M] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:12:02 | 001,007,120 | ---- | M] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 10:05:41 | 000,518,050 | ---- | M] () -- C:\Users\Administrator\Desktop\Unbenannt.PNG
[2011.06.26 08:45:56 | 000,256,000 | ---- | M] () -- C:\Windows\PEV.exe
[2011.06.24 10:38:56 | 000,002,170 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.20 19:12:48 | 000,095,049 | ---- | M] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.20 14:12:59 | 000,949,916 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.06.20 14:12:59 | 000,704,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.06.20 14:12:59 | 000,222,136 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.06.20 14:12:59 | 000,189,032 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.06.11 18:58:04 | 000,004,107 | ---- | M] () -- C:\Windows\wininit.ini
[2011.06.11 14:11:05 | 000,001,246 | ---- | M] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.06.11 10:49:21 | 000,166,400 | RHS- | M] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog2.dll
[2011.06.11 10:45:29 | 000,000,152 | ---- | M] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.10 19:08:58 | 000,000,129 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences2.dat
[2011.06.10 19:07:59 | 000,000,034 | ---- | M] () -- C:\Users\Administrator\jagex_runescape_preferences.dat
[2011.06.07 13:06:07 | 000,000,973 | ---- | M] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
 
========== Files Created - No Company Name ==========
 
[2011.07.03 18:22:11 | 000,000,512 | ---- | C] () -- C:\Users\Administrator\Desktop\MBR.dat
[2011.07.02 16:24:41 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.01 19:21:40 | 000,139,264 | ---- | C] () -- C:\Users\Administrator\Desktop\RKUnhookerLE.EXE
[2011.07.01 17:50:19 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.06.30 09:03:58 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\drv0czgm.exe
[2011.06.28 16:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.06.28 16:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.06.28 16:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.06.28 16:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.06.28 16:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.06.27 22:34:59 | 000,000,400 | ---- | C] () -- C:\Windows\tasks\SmartDefrag.job
[2011.06.27 20:55:08 | 000,001,222 | ---- | C] () -- C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
[2011.06.27 13:13:38 | 000,027,484 | ---- | C] () -- C:\Users\Administrator\Desktop\Logfiles.zip
[2011.06.27 12:33:18 | 000,302,592 | ---- | C] () -- C:\Users\Administrator\Desktop\c06dgghb.exe
[2011.06.27 12:04:42 | 000,000,020 | ---- | C] () -- C:\Users\Administrator\defogger_reenable
[2011.06.27 12:03:02 | 000,050,477 | ---- | C] () -- C:\Users\Administrator\Desktop\Defogger.exe
[2011.06.26 23:11:45 | 001,007,120 | ---- | C] () -- C:\Users\Administrator\Desktop\duadas.exe
[2011.06.26 09:56:45 | 000,095,049 | ---- | C] () -- C:\Users\Administrator\Desktop\IceHUD_RealUI.lua
[2011.06.24 10:38:56 | 000,002,170 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.06.22 07:50:33 | 000,002,503 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track05.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track04.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track03.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track02.cda
[2011.06.13 12:57:16 | 000,000,044 | ---- | C] () -- C:\Users\Administrator\Desktop\Track01.cda
[2011.06.11 14:33:23 | 000,004,107 | ---- | C] () -- C:\Windows\wininit.ini
[2011.06.11 10:49:21 | 000,166,400 | RHS- | C] () -- C:\Windows\System32\KBDINMALV.dll
[2011.06.10 21:16:36 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog2.dll
[2011.06.10 21:16:28 | 000,000,152 | ---- | C] () -- C:\Windows\System32\sysplog.dll
[2011.06.10 21:15:42 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\chessimo.lnk
[2011.06.07 13:06:07 | 000,000,973 | ---- | C] () -- C:\Users\Administrator\Desktop\SpywareBlaster.lnk
[2011.06.07 12:56:17 | 000,001,246 | ---- | C] () -- C:\Users\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2011.05.07 12:12:25 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.05.07 12:12:24 | 000,138,056 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\PnkBstrK.sys
[2011.05.07 12:11:54 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.05.07 12:11:18 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.03.13 20:14:06 | 000,390,944 | ---- | C] () -- C:\Windows\System32\drivers\SRS_AudioFusion_i386.sys
[2010.12.01 10:06:58 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010.10.14 20:58:05 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010.10.14 20:00:49 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010.07.01 20:16:11 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.07.01 20:10:06 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2010.07.01 20:02:18 | 000,006,088 | ---- | C] () -- C:\Windows\System32\drivers\CDConfig.bin
[2009.10.22 17:59:00 | 000,196,565 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.07.14 10:47:43 | 000,949,916 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,222,136 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,449,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,704,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,189,032 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.06.09 10:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll
[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

< End of report >

   ---

   --- --- ---
   
5. Das OTL Extrafile:
   
   Code:

   ---

   OTL Extras logfile created on: 03.07.2011 22:47:54 - Run 8
OTL by OldTimer - Version 3.2.24.1    Folder = C:\Users\Administrator\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 45,66% Memory free
6,98 Gb Paging File | 5,74 Gb Available in Paging File | 82,25% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 153,68 Gb Total Space | 70,08 Gb Free Space | 45,61% Space Free | Partition Type: NTFS
Drive D: | 78,03 Gb Total Space | 35,21 Gb Free Space | 45,13% Space Free | Partition Type: NTFS
 
Computer Name: DENNIS-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ACD183-EAEC-82C8-F71E-8FF0B6143D7B}" = CCC Help Portuguese
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{063BBC11-7F75-3BBA-02AA-A1B5FC0E17AC}" = CCC Help Polish
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11C39430-2BC0-4C47-4541-B6C8150D4A65}" = Catalyst Control Center InstallProxy
"{1375616C-B818-9FC7-0BE3-AE9AC45F1188}" = CCC Help Chinese Standard
"{14AEA387-7A94-575A-4328-07BE82BD7F32}" = ATI Catalyst Install Manager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{25C64847-B900-48AD-A164-1B4F9B774650}" = System Update
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3253AC2A-EC76-DC6C-6ED1-EBA5E67A79A1}" = ccc-utility
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{36B38C30-94C1-2B9C-B973-59B2FB37CCB0}" = CCC Help Dutch
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3931705A-D653-44A8-9BB5-759B7965BE99}_is1" = YABOT Build Order Editor version 1.0
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D1FB742-A73A-2403-639F-C8CD64A70449}" = CCC Help Chinese Traditional
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{417CE154-54E7-3655-0C24-34FBFCA5163C}" = CCC Help Finnish
"{420F882E-36E5-9C3B-BF07-B0C1911F4739}" = CCC Help Italian
"{460495AF-988E-CDD4-591D-7E75AC1CAF4A}" = Catalyst Control Center Core Implementation
"{46E8BDC8-F7BD-3F44-8DA1-9B26DAB62205}" = CCC Help Swedish
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{4761EB82-E8BD-45A4-B19B-586FA9D1D7E6}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Lenovo EasyCamera
"{4E0BEC25-51C6-30AE-348D-AA208ABA3400}" = CCC Help Japanese
"{55718B4B90B54F7EADC5621C750A14E6}" = DivX Author 1.5
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6128B845-A2F4-283F-92B8-C02B393373A4}" = CCC Help Hungarian
"{613B9AA5-33A3-B2BB-D87D-BF7B1C02315E}" = Catalyst Control Center Localization All
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{65C743AF-D881-B71D-A753-A95C5219E78B}" = Catalyst Control Center Graphics Full Existing
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6F7614CC-F33A-4877-8814-49856F441F3C}" = Stardock MyColors
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{836180C6-4998-B1EE-782A-EF196850A98F}" = CCC Help Turkish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{84738B59-F709-5737-524D-CAC71D74C23F}" = CCC Help English
"{848249FC-EA31-81CC-914B-7401C37B03CE}" = CCC Help Russian
"{8518ECC0-0DE4-4475-D0C1-C8114A8F0C0B}" = CCC Help French
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8AA1963A-5234-BECC-B5E7-7469ABBC6514}" = Catalyst Control Center Graphics Light
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D540B8F-1325-CF57-0C84-B59B03B153FB}" = CCC Help Spanish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90140000-0015-0416-0000-0000000FF1CE}" = Microsoft Office Access MUI (Portuguese (Brazil)) 2010
"{90140000-0016-0416-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
"{90140000-0018-0416-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
"{90140000-0019-0416-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
"{90140000-001A-0416-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
"{90140000-001B-0416-0000-0000000FF1CE}" = Microsoft Office Word MUI (Portuguese (Brazil)) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0416-0000-0000000FF1CE}" = Microsoft Office Proofing (Portuguese (Brazil)) 2010
"{90140000-0044-0416-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
"{90140000-006E-0416-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
"{90140000-00A1-0416-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
"{90140000-00BA-0416-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93ABEBEB-EEE0-4AB9-A925-2F2EC791A4CE}" = Smart Technology Programming Software 7.0.2.7
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{96CC86A2-997F-46BF-9ADF-3857DB648765}" = chessimo 3.42
"{97BBECCF-B1FD-4010-8D4B-EFC9E3CCEECF}" = Driver Whiz
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3D7DCF8-A79C-882D-1B6F-2A5106053F9B}" = CCC Help Danish
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96BFADF-A159-4395-8E9C-A9E2F059A3BB}" = Camtasia Studio 7
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA1AF34D-9056-4B72-A588-D9A7B8CB305B}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.3 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B569783D-389B-BA36-6A8E-1457C12E77F1}" = CCC Help Thai
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BDAFF03F-3E7D-427B-A658-3807C4C58B0C}" = Goldfinger 8
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C8E95BF5-C07F-4D98-BB42-F58FC98BC03E}" = Google Apps
"{C9A3120D-C729-875A-AD54-C3AE3F9C826B}" = CCC Help Korean
"{CA050D8C-770A-41A7-B966-0056456EA27E}" = Razer StarCraft II
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF051DB4-9E13-0A5B-314D-B0AC3B3BF9D9}" = CCC Help German
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{D8EDD457-B59B-FFC6-7E6B-749734E71D03}" = Catalyst Control Center Graphics Previews Common
"{D9D1A2FD-56B2-4F21-B959-745FE43CAB8C}" = Vegas Pro 9.0
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28FD821-1863-4BC0-8B8C-959EEE805FDE}" = SRS AudioFusion
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEAADF6C-CB48-DE4C-C934-1A9C11F1D7AE}" = ccc-core-static
"{EF1D891C-1616-C383-AD0B-6C8B0A8F8CC9}" = CCC Help Czech
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F231A12D-5C87-6201-DF65-25106365399D}" = Catalyst Control Center Graphics Full New
"{F25E99CD-A296-85C2-BF1A-9E6BCDE8FA4A}" = CCC Help Greek
"{F3DCF8E5-F5BA-492B-8113-7FAAED125BE0}" = capella 1200
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFCB7CDF-534B-3297-8B3E-2E7587A4AE1A}" = CCC Help Norwegian
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"Babylon" = Babylon
"CABAL Online: Episode IV_is1" = Cabal Online Europe - Episode IV
"Camtasia Studio 3" = Camtasia Studio 3
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Der Schreibtrainer" = Der Schreibtrainer 3.7
"DivX Setup.divx.com" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"Free YouTube Download_is1" = Free YouTube Download 2.6
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"Game Maker 8.0" = Game Maker 8.0
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.0.1200
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Notepad++" = Notepad++
"PC SECURITY TEST 2009_is1" = PC SECURITY TEST 2009
"Picasa 3" = Picasa 3
"PowerISO" = PowerISO
"PunkBusterSvc" = PunkBuster Services
"RAR Password Cracker" = RAR Password Cracker 4.12
"RealPlayer 12.0" = RealPlayer
"Revo Uninstaller" = Revo Uninstaller 1.92
"RocketDock_is1" = RocketDock 1.3.5
"SC2 Replay Catcher_is1" = SC2 Replay Catcher version 0.1.0.3a
"Smart Defrag_is1" = Smart Defrag
"SpywareBlaster_is1" = SpywareBlaster 4.4
"StarCraft II" = StarCraft II
"Stardock MyColors" = Stardock MyColors
"SW-Tukupdater_is1" = SW-TukUpdater
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Test Drive Unlimited 2_is1" = Test Drive Unlimited 2
"Uninstall_is1" = Uninstall 1.0.0.1
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"Xfire" = Xfire (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"ccb6737a8af9d4ff" = Lenovo Driver Download Manager
"UnityWebPlayer" = Unity Web Player
"WinPump" = WinPump
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 29.06.2011 03:02:24 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 30.06.2011 04:22:35 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 30.06.2011 04:25:11 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 30.06.2011 04:30:19 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.07.2011 14:08:08 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 01.07.2011 14:11:12 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.07.2011 14:15:51 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 01.07.2011 18:31:47 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Lenovo\Access
 Connections\AcCryptHlpr.dll". Fehler in Manifest- oder Richtliniendatei "C:\Program
 Files\Lenovo\Access Connections\AcCryptHlpr.dll" in Zeile 0.  Ungültige XML-Syntax.
 
Error - 01.07.2011 18:33:15 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Razer\Drivers\RzSynapse\DPInst_amd64.exe".
Die
 abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.07.2011 18:35:33 | Computer Name = Dennis-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 28.03.2011 07:25:42 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:41 - Fehler beim Herstellen der Internetverbindung.  13:25:41
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 28.03.2011 07:25:55 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 13:25:49 - Fehler beim Herstellen der Internetverbindung.  13:25:49
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 04:34:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:34:44 - Fehler beim Herstellen der Internetverbindung.  10:34:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 04:35:36 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:35:14 - Fehler beim Herstellen der Internetverbindung.  10:35:14
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 06:37:45 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:37:45 - Fehler beim Herstellen der Internetverbindung.  12:37:45
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 16.04.2011 06:38:25 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 12:38:14 - Fehler beim Herstellen der Internetverbindung.  12:38:14
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 24.04.2011 03:57:10 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 09:54:53 - Directory konnte nicht abgerufen werden (Fehler: Die Anfrage
 wurde abgebrochen: Die Anfrage wurde abgebrochen..) 
 
Error - 24.04.2011 04:16:26 | Computer Name = Dennis-PC | Source = MCUpdate | ID = 0
Description = 10:15:06 - MCESpotlight konnte nicht abgerufen werden (Fehler: Invalid
 security token.) 
 
[ OSession Events ]
Error - 28.09.2010 15:26:09 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3436
 seconds with 480 seconds of active time.  This session ended with a crash.
 
Error - 05.10.2010 15:37:15 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 1278
 seconds with 300 seconds of active time.  This session ended with a crash.
 
Error - 25.11.2010 16:24:56 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 10330
 seconds with 2460 seconds of active time.  This session ended with a crash.
 
Error - 13.12.2010 16:19:25 | Computer Name = Dennis-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 8119
 seconds with 780 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.07.2011 16:25:51 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:25:52 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:26:00 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:26:00 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:26:21 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
Error - 03.07.2011 16:39:31 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:39:31 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:39:37 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:39:37 | Computer Name = Dennis-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.07.2011 16:39:56 | Computer Name = Dennis-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SBSD Security Center Service" ist vom Dienst "wscsvc"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1058
 
 
< End of report >

   ---

   --- --- ---
   

Greetz,
Deathkid