Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Akzente werden doppelt geschrieben (https://www.trojaner-board.de/100910-akzente-doppelt-geschrieben.html)

LeijaT 30.06.2011 14:53
Akzente werden doppelt geschrieben
 
Hallo zusammen,

ich beziehe mich auf ein bereits geklärtes Thema von euch und erhoffe mir daraus, dass ihr mir bei meinem Problem helfen könnt.

Altes Thema von euch: http://www.trojaner-board.de/88670-d...r-prozess.html

Dort konntet ihr das Problem ja scheinbar lösen. Da ich selber allerdings nichts von dem verstehe, was mir die Logfiles da ausgeben, lasse ich euch da lieber entscheiden, was zu tun ist ;]

Hier also meine Logfiles:

OTL.txt
Code:
OTL logfile created on: 30-Jun-11 15:41:23 - Run 1
OTL by OldTimer - Version 3.2.24.2    Folder = E:\[D]ownloadz
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
 
3.12 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 54.40% Memory free
17.18 Gb Paging File | 15.45 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.02 Gb Total Space | 15.33 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 14.35 Gb Free Space | 73.50% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 66.22 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
 
Computer Name: NICOGAMINGPC | User Name: LeijaT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - E:\[D]ownloadz\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avscan.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - E:\[P]rogramme\Moziall Firefox IV\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - E:\[P]rogramme\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - E:\[P]rogramme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Windows\DAODx.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - E:\[D]ownloadz\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\wkscli.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Hamachi2Svc) -- E:\[P]rogramme\Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SDWSCService) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
SRV - (SDUpdateService) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
SRV - (SDMonitorService) -- C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe (Safer-Networking Ltd.)
SRV - (SDFirewallService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe (Safer-Networking Ltd.)
SRV - (SDScannerService) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TeamViewer6) -- C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (TuneUp.UtilitiesSvc) -- E:\[P]rogramme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Poweroff) -- C:\Windows\System32\poweroff.exe (Jorgen Bosman)
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SbieSvc) -- E:\[P]rogramme\Sandboxie\SbieSvc.exe (tzuk)
SRV - (CPUCooLServer) -- E:\[P]rogramme\CPUCooL\CooLSRV.exe ()
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (TuneUpUtilitiesDrv) -- E:\[P]rogramme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (USBMULCD) -- C:\Windows\System32\drivers\CM106.sys (C-Media Electronics Inc)
DRV - (SbieDrv) -- E:\[P]rogramme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (nusb3xhc) -- C:\Windows\System32\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV - (nusb3hub) -- C:\Windows\System32\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV - (VIAHdAudAddService) -- C:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys ()
DRV - (usbfilter) -- C:\Windows\System32\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AtiPcie) AMD PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (hid7906) -- C:\Windows\System32\drivers\hid7906.sys (Compuware Corporation)
DRV - (SNP2STD) USB2.0 PC Camera (SNP2STD) -- C:\Windows\System32\drivers\snp2sxp.sys ()
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/iat/us_de.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 1D 5C 3D E6 AD CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: eafo3fflauncher@ea.com:1.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20110323
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.7
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:3.3.2.1
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011-03-05 21:19:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011-03-05 21:19:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: E:\[P]rogramme\Moziall Firefox IV\components [2011-06-23 12:25:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: E:\[P]rogramme\Moziall Firefox IV\plugins
 
[2010-12-08 02:44:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Extensions
[2011-05-25 18:45:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\extensions
[2011-05-17 20:15:14 | 000,000,000 | ---D | M] (WOT) -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011-04-03 14:03:01 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011-03-22 17:40:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\extensions\engine@conduit.com
[2011-05-30 02:02:37 | 000,002,606 | ---- | M] () -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\searchplugins\diablo-wiki-de.xml
[2011-05-30 02:03:27 | 000,007,015 | ---- | M] () -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\searchplugins\diablo-wiki-en.xml
[2010-12-10 21:32:00 | 000,001,660 | ---- | M] () -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\searchplugins\leo-deu-eng.xml
[2010-12-13 17:56:19 | 000,001,328 | ---- | M] () -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\searchplugins\wikipedia-de.xml
[2010-12-09 13:27:45 | 000,002,057 | ---- | M] () -- C:\Users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\searchplugins\youtube-video-search.xml
[2011-05-15 23:55:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010-12-09 03:19:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011-01-03 14:40:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\LEIJAT\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XUDFUMRZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2010-11-12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010-12-09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
O1 HOSTS File: ([2011-06-30 15:32:30 | 000,434,537 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        activate.adobe.com
O1 - Hosts: 127.0.0.1        practivate.adobe.com
O1 - Hosts: 127.0.0.1        ereg.adobe.com
O1 - Hosts: 127.0.0.1        activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1        wip3.adobe.com
O1 - Hosts: 127.0.0.1        3dns-3.adobe.com
O1 - Hosts: 127.0.0.1        3dns-2.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1        adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1        ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1        activate-sea.adobe.com
O1 - Hosts: 127.0.0.1        wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1        activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 14952 more lines...
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - E:\[P]rogramme\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WinampAgent] E:\[P]rogramme\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [{9635BFEC-5D77-17FB-1C5F-AB469C268DA2}]  File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] E:\[P]rogramme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [LG LinkAir]  File not found
O4 - HKCU..\Run: [SandboxieControl] E:\[P]rogramme\Sandboxie\SbieCtrl.exe (tzuk)
O4 - HKLM..\RunOnce: [SpybotDeletingA1001] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA3194] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA3544] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4169] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingA4589] C:\Windows\System32\COMMAND.COM ()
O4 - HKLM..\RunOnce: [SpybotDeletingC5839] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC6386] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC853] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC8626] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [SpybotDeletingC9656] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingB187] C:\Windows\System32\COMMAND.COM ()
O4 - HKCU..\RunOnce: [SpybotDeletingB2309] C:\Windows\System32\COMMAND.COM ()
O4 - HKCU..\RunOnce: [SpybotDeletingB2668] C:\Windows\System32\COMMAND.COM ()
O4 - HKCU..\RunOnce: [SpybotDeletingB4073] C:\Windows\System32\COMMAND.COM ()
O4 - HKCU..\RunOnce: [SpybotDeletingB8073] C:\Windows\System32\COMMAND.COM ()
O4 - HKCU..\RunOnce: [SpybotDeletingD3425] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD3528] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD6334] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD7277] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [SpybotDeletingD8129] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\LeijaT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} Reg Error: Key error. (Shockwave Flash Object)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009-06-10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010-03-13 21:08:32 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{24551661-02f2-11e0-893b-20cf30e3cb7e}\Shell - "" = AutoRun
O33 - MountPoints2\{24551661-02f2-11e0-893b-20cf30e3cb7e}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{24551685-02f2-11e0-893b-20cf30e3cb7e}\Shell - "" = AutoRun
O33 - MountPoints2\{24551685-02f2-11e0-893b-20cf30e3cb7e}\Shell\AutoRun\command - "" = H:\SETUP.EXE
O33 - MountPoints2\{24551686-02f2-11e0-893b-20cf30e3cb7e}\Shell - "" = AutoRun
O33 - MountPoints2\{24551686-02f2-11e0-893b-20cf30e3cb7e}\Shell\AutoRun\command - "" = I:\SETUP.EXE
O33 - MountPoints2\{55a68249-fe94-11d5-9aa7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55a68249-fe94-11d5-9aa7-806e6f6e6963}\Shell\AutoRun\command - "" = E:\.\Bin\ASSETUP.exe
O33 - MountPoints2\{7b10d16a-628e-11e0-aa58-20cf30e3cb7e}\Shell - "" = AutoRun
O33 - MountPoints2\{7b10d16a-628e-11e0-aa58-20cf30e3cb7e}\Shell\AutoRun\command - "" = F:\LGAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011-06-28 23:46:00 | 001,549,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll
[2011-06-28 23:46:00 | 001,401,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll
[2011-06-28 23:45:59 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll
[2011-06-28 23:45:59 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll
[2011-06-28 23:45:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll
[2011-06-28 23:45:59 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll
[2011-06-28 20:53:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011-06-28 20:30:07 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011-06-28 20:23:25 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2011-06-28 20:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011-06-28 20:23:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011-06-28 20:23:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2011-06-28 20:13:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011-06-28 20:13:39 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2011-06-28 20:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2011-06-28 16:30:00 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Roaming\Cyxuwu
[2011-06-26 13:48:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adria
[2011-06-26 13:48:48 | 000,000,000 | ---D | C] -- C:\Program Files\Adria
[2011-06-26 13:45:09 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Local\by_Muddy_Waters
[2011-06-25 21:51:52 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\Documents\EA Games
[2011-06-25 21:50:51 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Local\EA Games
[2011-06-21 20:45:59 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Local\{642D5421-DF52-4B28-A884-3C87264B6F5C}
[2011-06-21 00:30:54 | 000,172,032 | ---- | C] (Jorgen Bosman) -- C:\Windows\System32\poweroff.exe
[2011-06-19 12:10:55 | 000,290,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011-06-19 12:10:54 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011-06-18 22:44:11 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Roaming\StealthBot
[2011-06-18 22:43:47 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StealthBot 2.7
[2011-06-17 23:02:21 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Local\Google
[2011-06-17 23:02:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011-06-16 21:53:32 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Local\{2FEEECEF-192B-4712-8E53-DC605B249DFA}
[2011-06-16 01:17:44 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011-06-16 01:17:37 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011-06-16 01:17:37 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011-06-16 01:17:37 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011-06-16 01:17:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011-06-09 19:48:38 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\dW3GParser
[2011-06-09 19:48:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dW3GParser
[2011-06-04 21:26:50 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\Desktop\D2NT30_NTBot41
[2011-06-02 13:03:36 | 016,456,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2011-06-02 13:03:36 | 013,011,560 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2011-06-02 13:03:36 | 011,992,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2011-06-02 13:03:36 | 010,589,800 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2011-06-02 13:03:36 | 005,301,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2011-06-02 13:03:36 | 002,804,328 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2011-06-02 13:03:36 | 002,082,408 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2011-06-02 13:03:36 | 000,899,688 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3220150.dll
[2011-06-02 13:03:36 | 000,865,896 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco322090.dll
[2011-06-02 13:03:36 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011-06-02 13:03:36 | 000,012,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvBridge.kmd
[2011-06-02 12:47:55 | 104,518,529 | ---- | C] (NVIDIA Corporation) -- C:\Users\LeijaT\Desktop\275.33-desktop-win7-winvista-32bit-english-whql.exe
[2011-05-31 16:38:29 | 000,000,000 | ---D | C] -- C:\Users\LeijaT\Desktop\D2NT
[2011-01-04 04:40:42 | 000,151,552 | ---- | C] ( ) -- C:\Windows\System32\rsnp2std.dll
[2011-01-04 04:40:42 | 000,077,824 | ---- | C] ( ) -- C:\Windows\System32\csnp2std.dll
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011-06-30 15:40:14 | 000,000,600 | ---- | M] () -- C:\Users\LeijaT\AppData\Roaming\winscp.rnd
[2011-06-30 15:32:30 | 000,434,537 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011-06-30 15:31:52 | 000,000,736 | ---- | M] () -- C:\Windows\wininit.ini
[2011-06-30 15:28:16 | 000,434,537 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20110630-153229.backup
[2011-06-30 15:13:43 | 000,000,227 | RHS- | M] () -- C:\boot.ini
[2011-06-30 15:07:25 | 000,020,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011-06-30 15:07:25 | 000,020,624 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011-06-30 14:59:56 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011-06-30 14:59:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011-06-30 14:59:15 | 2515,148,800 | -HS- | M] () -- C:\hiberfil.sys
[2011-06-29 13:31:03 | 000,662,484 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011-06-29 13:31:03 | 000,121,352 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011-06-29 03:17:27 | 002,565,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011-06-28 20:30:06 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2011-06-28 20:30:04 | 000,016,432 | ---- | M] () -- C:\Windows\System32\lsdelete.exe
[2011-06-28 20:23:40 | 000,001,039 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011-06-28 19:55:36 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2011-06-28 19:55:36 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2011-06-27 17:08:10 | 000,001,032 | ---- | M] () -- C:\Users\LeijaT\Desktop\RD Blocker.lnk
[2011-06-26 14:25:36 | 000,000,908 | ---- | M] () -- C:\Users\LeijaT\Application Data\Microsoft\Internet Explorer\Quick Launch\Adria.lnk
[2011-06-26 13:01:21 | 000,001,082 | ---- | M] () -- C:\Users\LeijaT\Desktop\Dead Space 2.lnk
[2011-06-25 23:04:23 | 000,036,903 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011-06-25 21:25:17 | 000,003,328 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2011-06-25 20:39:13 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Hunted The Demons Forge.lnk
[2011-06-25 07:40:51 | 000,001,076 | ---- | M] () -- C:\Users\LeijaT\Desktop\Diablo II - 1.lnk
[2011-06-21 16:28:01 | 000,000,507 | ---- | M] () -- C:\Users\LeijaT\Desktop\StealthBot - JSPDuells.lnk
[2011-06-21 16:27:33 | 000,000,511 | ---- | M] () -- C:\Users\LeijaT\Desktop\StealthBot - NemoTheGeek.lnk
[2011-06-20 21:44:05 | 000,067,118 | ---- | M] () -- C:\Users\LeijaT\Desktop\Standard.m3u
[2011-06-20 14:01:39 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011-06-19 12:11:11 | 000,003,470 | ---- | M] () -- C:\Windows\ST6UNST.000
[2011-06-19 12:10:55 | 000,290,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2011-06-19 12:10:54 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2011-06-18 22:53:47 | 000,001,465 | ---- | M] () -- C:\Users\LeijaT\Desktop\StealthBot Scripts.lnk
[2011-06-17 22:47:52 | 000,000,834 | ---- | M] () -- C:\Users\LeijaT\AppData\Roaming\MPQEditor.ini
[2011-06-13 22:51:56 | 000,001,051 | ---- | M] () -- C:\Users\LeijaT\Desktop\D2NT Manager.exe - Shortcut.lnk
[2011-06-03 20:38:20 | 000,018,536 | ---- | M] () -- C:\Users\LeijaT\Desktop\partymusik.m3u
[2011-06-02 12:52:37 | 104,518,529 | ---- | M] (NVIDIA Corporation) -- C:\Users\LeijaT\Desktop\275.33-desktop-win7-winvista-32bit-english-whql.exe
[4 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011-06-30 15:31:52 | 000,000,736 | ---- | C] () -- C:\Windows\wininit.ini
[2011-06-30 14:59:56 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2011-06-28 20:41:39 | 000,016,432 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2011-06-28 20:23:40 | 000,001,039 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011-06-27 17:08:10 | 000,001,032 | ---- | C] () -- C:\Users\LeijaT\Desktop\RD Blocker.lnk
[2011-06-26 14:19:03 | 000,000,908 | ---- | C] () -- C:\Users\LeijaT\Application Data\Microsoft\Internet Explorer\Quick Launch\Adria.lnk
[2011-06-26 13:01:21 | 000,001,082 | ---- | C] () -- C:\Users\LeijaT\Desktop\Dead Space 2.lnk
[2011-06-25 20:39:13 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Hunted The Demons Forge.lnk
[2011-06-21 16:42:56 | 000,001,076 | ---- | C] () -- C:\Users\LeijaT\Desktop\Diablo II - 1.lnk
[2011-06-21 16:28:01 | 000,000,507 | ---- | C] () -- C:\Users\LeijaT\Desktop\StealthBot - JSPDuells.lnk
[2011-06-21 16:27:33 | 000,000,511 | ---- | C] () -- C:\Users\LeijaT\Desktop\StealthBot - NemoTheGeek.lnk
[2011-06-19 12:10:54 | 000,003,470 | ---- | C] () -- C:\Windows\ST6UNST.000
[2011-06-18 22:53:47 | 000,001,465 | ---- | C] () -- C:\Users\LeijaT\Desktop\StealthBot Scripts.lnk
[2011-06-17 22:46:20 | 000,000,834 | ---- | C] () -- C:\Users\LeijaT\AppData\Roaming\MPQEditor.ini
[2011-06-13 22:51:56 | 000,001,051 | ---- | C] () -- C:\Users\LeijaT\Desktop\D2NT Manager.exe - Shortcut.lnk
[2011-05-22 21:12:56 | 000,003,328 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011-05-22 15:31:52 | 000,000,106 | ---- | C] () -- C:\Windows\System32\pluginloader.ini
[2011-05-21 22:54:17 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2011-05-21 22:54:16 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2011-05-21 22:54:16 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2011-05-21 22:19:57 | 000,036,903 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011-05-20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe
[2011-05-03 11:16:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011-05-03 11:15:33 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011-04-30 17:05:51 | 000,004,608 | ---- | C] () -- C:\Users\LeijaT\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011-04-19 21:25:40 | 000,046,742 | ---- | C] () -- C:\Users\LeijaT\AppData\Roaming\room.dat
[2011-04-09 23:41:07 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2011-04-09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011-03-12 22:07:47 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011-02-25 01:24:03 | 000,000,600 | ---- | C] () -- C:\Users\LeijaT\AppData\Roaming\winscp.rnd
[2011-02-22 21:44:54 | 000,000,600 | ---- | C] () -- C:\Users\LeijaT\AppData\Local\PUTTY.RND
[2011-01-24 22:37:57 | 000,007,604 | ---- | C] () -- C:\Users\LeijaT\AppData\Local\Resmon.ResmonCfg
[2011-01-04 04:40:43 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011-01-04 04:40:42 | 012,027,904 | ---- | C] () -- C:\Windows\System32\drivers\snp2sxp.sys
[2011-01-04 04:40:42 | 000,025,472 | ---- | C] () -- C:\Windows\System32\drivers\sncamd.sys
[2011-01-04 04:40:42 | 000,015,497 | ---- | C] () -- C:\Windows\snp2std.ini
[2010-12-26 14:07:38 | 000,000,113 | ---- | C] () -- C:\Windows\(null)toolkit.ini
[2010-12-25 17:24:26 | 000,139,152 | ---- | C] () -- C:\Users\LeijaT\AppData\Roaming\PnkBstrK.sys
[2010-12-25 17:23:59 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010-12-18 19:01:22 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010-12-18 19:01:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010-12-15 21:37:01 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010-12-15 21:36:52 | 000,138,184 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010-12-15 21:36:46 | 000,183,112 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010-12-09 17:00:57 | 000,164,352 | ---- | C] () -- C:\Windows\System32\ztvunrar37.dll
[2010-12-09 17:00:57 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010-12-08 18:12:10 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010-12-08 02:44:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010-12-08 02:21:13 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010-12-08 02:17:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010-12-08 02:17:32 | 000,030,214 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010-10-05 01:59:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\StarOpen.sys
[2010-01-03 20:28:18 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010-01-03 20:28:18 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys
[2009-07-16 05:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009-07-14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009-07-14 06:33:53 | 002,565,920 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009-07-14 04:05:48 | 000,662,484 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009-07-14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009-07-14 04:05:48 | 000,121,352 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009-07-14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009-07-14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009-07-14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009-07-14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009-07-14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009-07-14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009-06-10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009-04-02 14:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2009-03-30 08:32:40 | 000,032,768 | R--- | C] () -- C:\Windows\DAODx.exe
[2000-02-10 00:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
[1996-04-03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:260575F1

< End of report >
Extras.txt
Code:
OTL Extras logfile created on: 30-Jun-11 15:41:23 - Run 1
OTL by OldTimer - Version 3.2.24.2    Folder = E:\[D]ownloadz
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd-MMM-yy
 
3.12 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 54.40% Memory free
17.18 Gb Paging File | 15.45 Gb Available in Paging File | 89.94% Paging File free
Paging file location(s): [Binary data over 100 bytes]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55.02 Gb Total Space | 15.33 Gb Free Space | 27.86% Space Free | Partition Type: NTFS
Drive D: | 19.53 Gb Total Space | 14.35 Gb Free Space | 73.50% Space Free | Partition Type: NTFS
Drive E: | 596.17 Gb Total Space | 66.22 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
 
Computer Name: NICOGAMINGPC | User Name: LeijaT | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- E:\[P]rogramme\Moziall Firefox IV\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [open_e_project] -- "E:\[P]rogramme\e-Editor\e.exe" "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "E:\[P]rogramme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\[P]rogramme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\[P]rogramme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"E:\[P]rogramme\FlashFXP\FlashFXP.exe" = E:\[P]rogramme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"E:\[P]rogramme\FlashFXP 4.0\FlashFXP.exe" = E:\[P]rogramme\FlashFXP 4.0\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"E:\[P]rogramme\FlashFXP\FlashFXP.exe" = E:\[P]rogramme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (IniCom Networks, Inc.)
"E:\[P]rogramme\FlashFXP 4.0\FlashFXP.exe" = E:\[P]rogramme\FlashFXP 4.0\FlashFXP.exe:*:Enabled:FlashFXP v3 -- (OpenSight Software, LLC)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Disabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFWSvc.exe:*:Enabled:Spybot-S&D 2 Firewall service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDMonSvc.exe:*:Enabled:Spybot-S&D 2 On-Access monitor service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDSODSvc.exe:*:Enabled:Spybot-S&D 2 Scan On Demand service
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{01339AE5-04D4-43F8-008E-13AD788DC4F7}" = SimCity 4
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1023383E-D9F6-478C-A965-23A4657B3C9A}" = Sacred 2
"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10
"{1246FF64-3035-4A92-8FE6-A968275495EB}" = Sony Vegas Pro 8.0
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{176A02AC-6C89-A8B2-6D0A-F11DBA363C3F}" = ATI Catalyst Install Manager
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2184D9EA-4E5B-43FD-914E-4563CF028C94}" = MetalGearSolid2 Substance
"{23BE4DF2-293D-4077-82F4-1FD8C269277C}" = TuneUp Utilities Language Pack (en-US)
"{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}" = TuneUp Utilities 2011
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{2A558A06-A44E-400D-95AD-D9FAA89AFD36}" = USB Network Joystick
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = The Battle for Middle-earth (tm) II
"{2B673C6F-BDEA-48AE-AB59-7479BF04EF6E}" = Nail'd
"{2BB047B7-E613-4686-BE0C-E63BB26BE121}" = Sacred 2 - Elite
"{2EC1A4D5-4217-4ABF-A783-3706EE405716}" = Mashed
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call of Pripyat [v1.6.02]
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{679F739E-5C76-4A41-B562-F9392156B6DD}" = System Requirements Lab CYRI
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C90C4C4-559D-4FE8-A4BF-37550E74D1FC}" = Bloodline Champions
"{6FE3B0CE-37C1-4825-908A-5A84C9B4EC2F}" = EA SPORTS(TM) FIFA Online
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{732A67B6-2581-4434-AE64-9A34CCF943D1}" = Jagd Simulator 2011
"{75438C0E-9925-412E-AD85-D0E71C6CE2ED}" = USB2.0 WEB CAMERA
"{75E9A522-65D2-4200-A95F-C3EF89703263}" = Lyrics Plugin for Winamp
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79F86C69-2B17-4368-9234-472A23639E16}" = Ad-Aware
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81DD0597-29EB-4FA0-8223-4F41362B2E72}" = NBA 2K11
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{907B4640-266B-4A21-92FB-CD1A86CD0F63}" = RollerCoaster Tycoon 3
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95468B00-C081-4B27-AC96-0A2A31359E60}" = Adobe Flash Player 10 ActiveX
"{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2
"{96E3AED5-3D0B-4BB0-84C2-1EDADB204487}" = FlashFXP v4.0
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{987B04C4-B5AC-4AD6-A7E9-8D681085B850}" = AMD USB Filter Driver
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B63540D-D942-4C38-B42E-A48AE0145970}" = Virtua Tennis(TM) 2009
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C27ADE1-EAFB-4BB7-9FE3-5DD9BA9A3DD2}" = Crashday
"{A2433A63-5F5D-40E5-B529-9123C2B3E734}" = Anno 1701
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 275.33
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy 2
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BA9E9ED5-FFF3-4E0D-95B9-62527672268B}_is1" = Der Planer 4 1.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C05DEB30-501D-4106-958D-C5E147D2BF7E}" = StealthBot 2.7
"{C0CB32ED-02A4-6705-79EB-A71EDE5628A6}" = Minigolf Adventures
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D2A63BC7-3592-4B8B-A23F-E936C5AAB9C0}_is1" = Adria 4.4.0 Beta
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{E71AC707-179D-458D-A1E8-F52977CAEAB4}" = M.U.D. TV
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{EE55714B-B67C-4D08-97AE-0CF4AC5A3A77}" = StuffIt Expander 2010
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EEF985E8-8B36-4230-B174-117A2381C17F}" = LogMeIn Hamachi
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Access 97rt PAN EURO G" = Access 97rt PAN EURO G
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Alien Breed 3: Descent_is1" = Alien Breed 3: Descent
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BFG-Mystery Case Files - Ravenhearst" = Mystery Case Files: Ravenhearst ™
"Blitzkrieg 2" = Blitzkrieg 2
"Call of Duty: Black Ops_is1" = Call of Duty: Black Ops
"CamStudio" = CamStudio
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Company of Heroes" = Company of Heroes
"CPUCooL" = CPUCooL (remove only)
"Cursed Mountain" = Cursed Mountain
"Diablo II" = Diablo II
"DivX Setup.divx.com" = DivX Setup
"DotAzilla" = DotAzilla
"e_is1" = e - v1.0.42b
"Emergency 2012" = Emergency 2012
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9.35.324
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Hunted The Demons Forge_is1" = Hunted The Demons Forge
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platform Device Manager
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"LastFM_is1" = Last.fm 1.5.4.27091
"LEGO Star Wars III The Clone Wars" = LEGO Star Wars III The Clone Wars
"LEGOIsland" = Abenteuer Auf der LEGO Insel
"LG PC Suite IV" = LG PC Suite IV
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MTA:SA Race" = MTA:SA Race 1.1.2
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Postal 2_is1" = Portal 2
"PSZip_is1" = PSZip
"PunkBusterSvc" = PunkBuster Services
"Rune" = Rune
"S2TNG" = The Settlers II - 10th Anniversary
"S3" = Die Siedler III Gold Edition
"Sandboxie" = Sandboxie 3.46
"SimCity 3000" = SimCity 3000
"SimCity 3000 Deutschland" = SimCity 3000 Deutschland
"Sins of a Solar Empire" = Sins of a Solar Empire
"sp6" = Logitech SetPoint 6.20
"SpeedFan" = SpeedFan (remove only)
"Steam App 640" = Alien Swarm - SDK
"Summer Athletics_is1" = Summer Athletics
"SystemRequirementsLab" = System Requirements Lab
"TeamViewer 5" = TeamViewer 5
"TeamViewer 6" = TeamViewer 6
"TuneUp Utilities 2011" = TuneUp Utilities 2011
"UltimateZip_is1" = UltimateZip
"Uninstall_is1" = Uninstall 1.0.0.1
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"WinRAR" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CodeBlocks" = CodeBlocks
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
Hoffe ihr könnt mir bei dem Problem zur Lösung verhelfen. Ich bedanke mich bereits im Voraus für eure Zeit.

Gruß
Nico

markusg 30.06.2011 15:03
hi, lass mich raten, du hast hier sandboxie, aber dieses programm nicht zum täglichen surfen genutzt?
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

LeijaT 30.06.2011 15:23
Sandboxie benutze ich lediglich für ein Spiel, ansonsten läuft es sinnlos im Hintergrund :x

Hier die Logfile von ComboFix:
Code:
ComboFix 11-06-30.01 - LeijaT 30-Jun-11  16:10:46.1.6 - x86
CyberWareZ Cyber 7 v2  6.1.7601.1.1252.1.1033.18.3198.1874 [GMT 2:00]
Running from: e:\[d]ownloadz\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((  Other Deletions  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\LeijaT\AppData\Roaming\Ynagqe\zoyk.exe
c:\windows\iexplore.exe
c:\windows\IsUn0407.exe
c:\windows\ST6UNST.000
c:\windows\system32\cftmon.exe
.
.
(((((((((((((((((((((((((  Files Created from 2011-05-28 to 2011-06-30  )))))))))))))))))))))))))))))))
.
.
2011-06-30 14:16 . 2011-06-30 14:16        --------        d-----w-        c:\users\LeijaT\AppData\Local\temp
2011-06-30 14:01 . 2011-06-30 14:02        --------        d-----w-        c:\users\LeijaT\AppData\Roaming\Cyxuwu
2011-06-28 21:46 . 2011-05-24 10:44        293376        ----a-w-        c:\windows\system32\umpnpmgr.dll
2011-06-28 21:46 . 2011-05-04 04:34        1549312        ----a-w-        c:\windows\system32\tquery.dll
2011-06-28 21:46 . 2011-05-04 04:32        1401344        ----a-w-        c:\windows\system32\mssrch.dll
2011-06-28 21:46 . 2011-05-04 04:28        427520        ----a-w-        c:\windows\system32\SearchIndexer.exe
2011-06-28 21:45 . 2011-05-04 04:32        666624        ----a-w-        c:\windows\system32\mssvp.dll
2011-06-28 21:45 . 2011-05-04 04:32        337408        ----a-w-        c:\windows\system32\mssph.dll
2011-06-28 21:45 . 2011-05-04 04:32        197120        ----a-w-        c:\windows\system32\mssphtb.dll
2011-06-28 21:45 . 2011-05-04 04:32        59392        ----a-w-        c:\windows\system32\msscntrs.dll
2011-06-28 21:45 . 2011-05-04 04:28        86528        ----a-w-        c:\windows\system32\SearchFilterHost.exe
2011-06-28 21:45 . 2011-05-04 04:28        164352        ----a-w-        c:\windows\system32\SearchProtocolHost.exe
2011-06-28 21:44 . 2011-06-07 15:55        7074640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1FBBF46-117F-4AEA-8FDC-4ABE652137D0}\mpengine.dll
2011-06-28 18:41 . 2011-06-28 18:30        16432        ----a-w-        c:\windows\system32\lsdelete.exe
2011-06-28 18:30 . 2011-06-28 18:30        101720        ----a-w-        c:\windows\system32\drivers\SBREDrv.sys
2011-06-28 18:23 . 2011-04-29 10:12        64512        ----a-w-        c:\windows\system32\drivers\Lbd.sys
2011-06-28 18:23 . 2011-06-28 18:23        --------        d-----w-        c:\programdata\Lavasoft
2011-06-28 18:23 . 2011-06-28 18:23        --------        d-----w-        c:\program files\Lavasoft
2011-06-28 18:13 . 2011-06-30 13:23        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2011-06-28 18:13 . 2009-01-25 11:14        15224        ----a-w-        c:\windows\system32\sdnclean.exe
2011-06-28 18:13 . 2011-06-30 13:31        --------        d-----w-        c:\program files\Spybot - Search & Destroy 2
2011-06-26 11:48 . 2011-06-29 20:45        --------        d-----w-        c:\program files\Adria
2011-06-25 19:50 . 2011-06-25 19:50        --------        d-----w-        c:\users\LeijaT\AppData\Local\EA Games
2011-06-21 18:45 . 2011-06-21 18:46        --------        d-----w-        c:\users\LeijaT\AppData\Local\{642D5421-DF52-4B28-A884-3C87264B6F5C}
2011-06-20 22:30 . 2010-10-19 22:51        172032        ----a-w-        c:\windows\system32\poweroff.exe
2011-06-19 10:10 . 2011-06-19 10:10        290816        ------w-        c:\windows\Setup1.exe
2011-06-19 10:10 . 2011-06-19 10:10        74752        ----a-w-        c:\windows\ST6UNST.EXE
2011-06-18 20:44 . 2011-06-28 17:58        --------        d-----w-        c:\users\LeijaT\AppData\Roaming\StealthBot
2011-06-17 21:02 . 2011-06-28 18:53        --------        d-----w-        c:\program files\Google
2011-06-17 21:02 . 2011-06-28 18:53        --------        d-----w-        c:\users\LeijaT\AppData\Local\Google
2011-06-16 19:53 . 2011-06-16 19:53        --------        d-----w-        c:\users\LeijaT\AppData\Local\{2FEEECEF-192B-4712-8E53-DC605B249DFA}
2011-06-02 11:03 . 2011-05-25 06:09        899688        ----a-w-        c:\windows\system32\nvdispco3220150.dll
2011-06-02 11:03 . 2011-05-25 06:09        865896        ----a-w-        c:\windows\system32\nvgenco322090.dll
2011-06-02 11:03 . 2011-05-25 06:09        57960        ----a-w-        c:\windows\system32\OpenCL.dll
2011-06-02 11:03 . 2011-05-25 06:09        16456296        ----a-w-        c:\windows\system32\nvoglv32.dll
2011-06-02 11:03 . 2011-05-25 06:09        11992680        ----a-w-        c:\windows\system32\nvd3dum.dll
2011-06-02 11:03 . 2011-05-25 06:09        10589800        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2011-06-02 11:03 . 2011-05-25 06:09        5301352        ----a-w-        c:\windows\system32\nvcuda.dll
2011-06-02 11:03 . 2011-05-25 06:09        2804328        ----a-w-        c:\windows\system32\nvcuvid.dll
2011-06-02 11:03 . 2011-05-25 06:09        2082408        ----a-w-        c:\windows\system32\nvcuvenc.dll
2011-06-02 11:03 . 2011-05-25 06:09        13011560        ----a-w-        c:\windows\system32\nvcompiler.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((  Find3M Report  ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-28 17:55 . 2011-01-24 20:47        66616        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2011-06-28 17:55 . 2011-01-24 20:47        138192        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-06-20 12:01 . 2011-05-15 21:54        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-25 06:09 . 2011-04-07 20:45        615528        ----a-w-        c:\windows\system32\nvvsvc.exe
2011-05-25 06:09 . 2011-04-07 20:45        111208        ----a-w-        c:\windows\system32\nvmctray.dll
2011-05-25 06:09 . 2011-04-07 20:44        2557544        ----a-w-        c:\windows\system32\nvsvc.dll
2011-05-25 06:09 . 2010-10-16 11:42        66664        ----a-w-        c:\windows\system32\nvshext.dll
2011-05-25 06:09 . 2011-04-07 20:45        543336        ----a-w-        c:\windows\system32\easyupdatusapiu.dll
2011-05-25 06:09 . 2011-04-07 20:44        3693672        ----a-w-        c:\windows\system32\nvcpl.dll
2011-05-25 06:09 . 2009-07-13 22:09        6555240        ----a-w-        c:\windows\system32\nvwgf2um.dll
2011-05-25 06:09 . 2011-06-02 11:03        12392        ----a-w-        c:\windows\system32\drivers\nvBridge.kmd
2011-05-25 06:09 . 2010-12-08 19:16        2335848        ----a-w-        c:\windows\system32\nvapi.dll
2011-05-24 17:14 . 2010-12-10 13:50        222080        ------w-        c:\windows\system32\MpSigStub.exe
2011-05-21 20:54 . 2011-05-21 20:54        21840        ----a-w-        c:\windows\system32\SIntfNT.dll
2011-05-21 20:54 . 2011-05-21 20:54        17212        ----a-w-        c:\windows\system32\SIntf32.dll
2011-05-21 20:54 . 2011-05-21 20:54        12067        ----a-w-        c:\windows\system32\SIntf16.dll
2011-05-21 20:19 . 2011-05-21 20:19        2829        ----a-w-        c:\windows\DIIUnin.pif
2011-05-21 20:19 . 2011-05-21 20:19        102400        ----a-w-        c:\windows\DIIUnin.exe
2011-05-20 20:35 . 2011-05-20 20:35        304744        ----a-w-        c:\windows\system32\nvStreaming.exe
2011-05-03 09:23 . 2009-07-14 02:05        152576        ----a-w-        c:\windows\system32\msclmd.dll
2011-04-25 11:24 . 2010-12-12 18:43        107888        ----a-w-        c:\windows\system32\CmdLineExt.dll
2011-04-25 11:23 . 2011-04-25 11:23        413696        ----a-w-        c:\windows\system32\wrap_oal.dll
2011-04-25 11:23 . 2011-04-25 11:23        110592        ----a-w-        c:\windows\system32\OpenAL32.dll
2011-04-22 19:14 . 2011-05-24 17:29        27008        ----a-w-        c:\windows\system32\drivers\Diskdump.sys
2011-04-14 20:40 . 2010-12-08 16:40        16400        ----a-w-        c:\windows\system32\drivers\LNonPnP.sys
2011-04-09 16:55 . 2011-04-09 16:55        15453336        ----a-w-        c:\windows\system32\xlive.dll
2011-04-09 16:55 . 2011-04-09 16:55        13642904        ----a-w-        c:\windows\system32\xlivefnt.dll
2011-04-09 06:02 . 2011-05-11 03:47        3967872        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-04-09 06:02 . 2011-05-11 03:47        3912576        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-04-09 05:56 . 2011-05-11 23:16        123904        ----a-w-        c:\windows\system32\poqexec.exe
2011-04-08 05:14 . 2011-05-14 16:31        944232        ----a-w-        c:\windows\system32\nvdispco3220140.dll
2011-04-08 05:14 . 2011-05-14 16:31        855656        ----a-w-        c:\windows\system32\nvgenco322060.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2009-07-14 . 4CA5F9407170D6890CBF253C258FD05E . 1297408 . . [2001.12.8530.16385] . . c:\windows\System32\comres.dll
[-] 2009-07-14 . 4CA5F9407170D6890CBF253C258FD05E . 1297408 . . [2001.12.8530.16385] . . c:\windows\winsxs\x86_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_2c8730fb47856e94\comres.dll
.
[-] 2010-02-05 . B87F8D497CDF8E6F24A089DB34C38E12 . 472064 . . [6.1.7600.16385] . . c:\windows\regedit.exe
[-] 2010-01-22 . 0B0D6F65CC88C332D3A1030FA7558891 . 528896 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
.
(((((((((((((((((((((((((((((((((((((  Reg Loading Points  ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"DAEMON Tools Lite"="e:\[p]rogramme\DAEMON Tools Lite\DTLite.exe" [2010-04-01 09:16 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1352272]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"WinampAgent"="e:\[p]rogramme\Winamp\winampa.exe" [2010-12-09 10:45 74752]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2011-05-10 5607080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"SpybotDeletingC5839"="del" [X]
"SpybotDeletingC8626"="del" [X]
"SpybotDeletingC6386"="del" [X]
"SpybotDeletingC9656"="del" [X]
"SpybotDeletingC853"="del" [X]
"SpybotDeletingA4589"="command.com" [2009-07-13 50648]
"SpybotDeletingA3544"="command.com" [2009-07-13 50648]
"SpybotDeletingA3194"="command.com" [2009-07-13 50648]
"SpybotDeletingA4169"="command.com" [2009-07-13 50648]
"SpybotDeletingA1001"="command.com" [2009-07-13 50648]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-10-28 10:13        64592        ----a-w-        c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean.exe\0lsdelete
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 06:58        611712        ----a-w-        c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16        357696        ----a-w-        e:\[p]rogramme\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-09-16 20:04        1164584        ----a-w-        c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FixCamera]
2007-01-30 16:50        20480        ----a-w-        c:\windows\FixCamera.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2008-10-25 10:44        31072        ----a-w-        c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck]
2010-03-15 09:21        1780224        ----a-w-        c:\program files\VIA\VIAudioi\VDeck\VDeck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2011-05-25 15:29        1951112        ----a-w-        e:\[p]rogramme\Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-11-10 01:54        4240760        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NUSB3MON]
2010-04-27 02:09        113288        ----a-w-        c:\program files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 16:38        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17        1174016        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2std]
2007-02-02 11:07        675840        ----a-w-        c:\windows\vsnp2std.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 10:44        248552        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tsnp2std]
2007-02-02 09:23        258048        ----a-w-        c:\windows\tsnp2std.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USB Gamepad]
2007-05-23 15:25        704512        ----a-w-        c:\windows\USB Vibration\7906\USB Gamepad.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29        37888        ----a-w-        c:\[p]rogramme\Winamp\winampa.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" /background
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-06-28 2151640]
R3 ALSysIO;ALSysIO;c:\users\LeijaT\AppData\Local\Temp\ALSysIO.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\[p]rogramme\GArena\safedrv.sys [x]
R3 hid7906;MAP2A10K;c:\windows\system32\drivers\hid7906.sys [2007-05-23 34793]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-04-29 15232]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;e:\[p]rogramme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [2010-11-29 18:27 10064]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;e:\[p]rogramme\Hamachi\hamachi-2.exe [2011-05-25 15:29 1336712]
R4 Poweroff;Poweroff;c:\windows\system32\poweroff.exe [2010-10-19 172032]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
R4 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-07-06 173352]
R4 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-03-01 2296696]
R4 TuneUp.UtilitiesSvc;TuneUp Utilities Service;e:\[p]rogramme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [2011-02-18 12:27 1517376]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-04-29 64512]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-08 691696]
S1 ntiomin;ntiomin; [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-30 136360]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 SDFirewallService;Spybot-S&D 2 Firewall Service;c:\program files\Spybot - Search & Destroy 2\SDFWSvc.exe [2011-05-10 3585696]
S2 SDMonitorService;Spybot-S&D 2 Monitoring Service;c:\program files\Spybot - Search & Destroy 2\SDMonSvc.exe [2011-05-10 3834456]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe [2011-05-10 3515656]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2011-05-10 3769048]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe [2011-05-11 167040]
S3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [2009-09-29 12160]
S3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [2009-09-29 10496]
S3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [2009-09-29 12928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 64904]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 146568]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-05-31 267880]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 30392]
S3 USBMULCD;USB Multi-Channel Audio Device Interface;c:\windows\system32\drivers\CM106.sys [2010-08-23 1517056]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-03-02 1127936]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - giveio
*Deregistered* - speedfan
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-29 11:19]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\LeijaT\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: Interfaces\{369DAA72-F16E-4D7E-ADF1-424BCB3AC3EC}: NameServer = 192.168.2.1
FF - ProfilePath - c:\users\LeijaT\AppData\Roaming\Mozilla\Firefox\Profiles\xudfumrz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-LG LinkAir - (no file)
HKCU-Run-{9635BFEC-5D77-17FB-1C5F-AB469C268DA2} - c:\users\LeijaT\AppData\Roaming\Ynagqe\zoyk.exe
MSConfigStartUp-RGSC - e:\[s]piele\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
AddRemove-Access 97rt PAN EURO G - c:\programme\Microsoft Office\setup\setup.exe
AddRemove-S3 - c:\windows\IsUn0407.exe
AddRemove-SimCity 3000 - c:\windows\IsUn0407.exe
AddRemove-SimCity 3000 Deutschland - c:\windows\IsUn0407.exe
.
.
"ImagePath"="E:\
[P]rogramme\CPUCooL\CooLSrv.exe"
.
--
"ImagePath"="\??\C:\
[P]rogramme\GArena\safedrv.sys"
.
--
"ImagePath"="E:\
[P]rogramme\Hamachi\hamachi-2.exe -s"
.
--
"ImagePath"="\"E:\
[P]rogramme\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe\""
.
"ImagePath"="\??\E:\
[P]rogramme\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CPUCooLServer]
"ImagePath"="E:\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\GGSAFERDriver]
"ImagePath"="\??\C:\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Hamachi2Svc]
"ImagePath"="E:\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TuneUp.UtilitiesSvc]
"ImagePath"="\"E:\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\TuneUpUtilitiesDrv]
"ImagePath"="\??\E:\
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-589549205-500431062-4280801314-1000\Software\SecuROM\License information*]
"datasecu"=hex:16,75,2f,6b,e8,70,40,70,83,10,28,11,3a,ed,d9,48,24,70,89,a4,a9,
  14,d9,ab,8b,7e,0c,83,df,df,61,d7,f9,f8,23,40,e6,8d,90,4b,e4,98,69,85,24,b5,\
"rkeysecu"=hex:7f,0a,84,38,63,fe,07,cd,89,1e,37,d6,e7,d4,dd,c2
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(612)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2011-06-30  16:18:11
ComboFix-quarantined-files.txt  2011-06-30 14:18
.
Pre-Run: 16,225,820,672 bytes free
Post-Run: 16,140,472,320 bytes free
.
- - End Of File - - E0694C7BD5F8D6FDDEBB41D8B86D34E8

markusg 30.06.2011 15:31
tja, schön "blöd" würdest du nämlich immer in der sandbox surfen, wäre das nicht passiert. dafür ist das programm schließlich da.
öffne computer c: qoobox rechtsklick quarantain, mit winrar oder zip packen, hochladen.
http://www.trojaner-board.de/54791-a...ner-board.html

LeijaT 30.06.2011 15:35
Erledigt. Der Fehler scheint nach dem ComboFix + Neustart behoben zu sein, herzlichen Dank dafür, war schon fast verzweifelt ;)

Aus reinem Interesse: Was genau war denn nun das Problem?

markusg 30.06.2011 15:42
hi, machst du onlinebanking einkäufe oder sonst was wichtiges mit diesem gerät?

LeijaT 30.06.2011 15:49
Gelegentlich benutze ich online-banking, ja. Wieso?

markusg 30.06.2011 16:08
ok, du hast nen zbot trojaner, der stiehlt banking daten.
1. rufe sofort die bank an, lasse es sperren.
falls die bank zu hatt, notfall nummer:
116 116
2. müssen wir das system neu aufsetzen, heißt formatieren, windows neu instalieren, keine angst, du bekommst hilfe dabei.
sichere jetzt alle deine daten, bilder, dokumente (persönliches)
3. formatiere das system, instaliere windows neu, falls hilfe nötig ist, sag bescheid.
4. danach zeige ich dir, wie man das system absichert, dazu gehört zb, dass man ausschließlich in der sandbox surft, nicht nur zum spielen, denn dass hätte den ganzen ärger warscheinlich schon verhindert.
5. endere alle passwörter.

LeijaT 30.06.2011 16:14
Ist der zBot nach dem ComboFix noch drauf? Denn ich hatte, länger als das Akzentproblem, kein Online-Banking benutzt. Oder besteht da noch gefahr, dass der immer noch drauf ist?

Falls nicht wäre der Aufwand unnötig, deswegen frag ich *g*

markusg 30.06.2011 16:18
wenn ich dir sage, dass du formatieren sollst, mache ich das sicher nicht aus langer weile, und der aufwand ist nicht unnötig, denn solche malware kann, je nach "ausrüstung" weitere enderungen im system machen die wir evtl. nicht aufspüren können, dies heißt also, dieses system ist eine gefahr für dich und für andere.
zb spam versand, ddos angriffe auf fremde websites usw.usw.

LeijaT 30.06.2011 16:22
Hm okay, dann fang ich mal fix an das System neu aufzusetzen. Ärgerliche Sache :(

Melde mich dann wieder, wenn ich fertig bin.

markusg 30.06.2011 16:24
ok, aber noch nichts weiter instalieren. kommt dann alles drann.


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:40 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131