Trojaner-Board - Viren Yabectot, Malware-gen, GenericBT beseitigt?

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Viren Yabectot, Malware-gen, GenericBT beseitigt? (https://www.trojaner-board.de/103367-viren-yabectot-malware-gen-genericbt-beseitigt.html)

Viren Yabectot, Malware-gen, GenericBT beseitigt?

Ich habe bei einem Virensuchlauf mit Avast!free 6 Virenfunde angezeigt bekommen - erstmalig. Das Avast-Programm hat vorgeschlagen, eine "Startzeit-Prüfung" durchzuführen, also vor dem Starten des Windows-Vista-Betriebssystems nach Viren zu suchen.
Dabei wurden gefunden:
"eBaysShurtcuts.exe ist infiziert von Win32:Yabector"

Vor Schreck habe ich hier "löschen" löschen gewählt :confused:

Außerdem habe ich dann in den Virencontainer von Avast verschoben und isoliert:
Malware-gen
Name:38870422-76a11923
Ursprünglicher Ort: C:\User\a\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34

Malware-gen
VBGScan.zip
C:\Program Files

Malware-gen
auf einer externen Festplatte mit Sicherungen
I:\09.11.09\AppData\local\Temp\Temp1_VBGScan.zip
VBGScan.exe

Ich habe jetzt im abgesicherten Modus Avast! und Spybot sowie Ad-Aware über das System laufen lassen.
Dabei hat Ad-Aware noch
1by1_166.exe
einen kleinen Musikplayer, den ich schon lange nicht mehr genutzt habe, als Schadsoftware gemeldet, so dass ich auch diese Datei in den Container verschoben und isoliert habe.

Avast meldet nun keine Viren mehr. Aber ist das System jetzt sauber?
Ich habe, wie hier empfohlen, defogger laufen lassen,

Code:

defogger_disable by jpshortstuff (23.02.10.1)

Log created at 19:30 on 12/09/2011 (a)
 

Checking for autostart values...

HKCU\~\Run values retrieved.

HKLM\~\Run values retrieved.
 

Checking for services/drivers...
 
 

-=E.O.F=-

dann OTL

Code:

OTL logfile created on: 12.09.2011 19:39:28 - Run 1

OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\a\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 58,86% Memory free

6,69 Gb Paging File | 5,54 Gb Available in Paging File | 82,82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 911,50 Gb Total Space | 665,33 Gb Free Space | 72,99% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32

 

Computer Name: A-PC | User Name: a | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

PRC - [2011.09.12 17:14:31 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe

PRC - [2011.09.12 17:14:31 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe

PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe

PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe

PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

PRC - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

PRC - [2008.09.09 18:32:00 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.10.09 01:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe

PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

PRC - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

PRC - [2005.01.27 21:48:34 | 000,057,344 | ---- | M] (KYOCERA MITA Corporation) -- C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe

PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe

MOD - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe

MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

MOD - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.09.12 17:14:31 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)

SRV - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009.07.03 10:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)

DRV - [2008.09.25 15:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)

DRV - [2008.09.22 20:10:00 | 007,400,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.08.21 11:57:22 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

DRV - [2006.11.07 02:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 12:10:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:28:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.22 11:49:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions

[2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.08.24 17:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions

[2009.09.24 16:43:56 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}

[2010.04.27 15:45:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.04 13:01:16 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2008.12.13 18:52:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)

[2011.01.02 18:07:03 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}

[2011.08.18 14:41:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.11.18 17:52:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2011.08.11 12:20:47 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\https-everywhere@eff.org

[2010.11.04 14:53:01 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\quickstores@quickstores.de

[2011.09.10 12:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.07.07 20:55:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010.12.20 13:40:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.03.18 13:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.06 19:11:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

[2011.07.29 16:43:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.08.28 13:08:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2010.08.01 14:49:17 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de

[2011.09.09 12:10:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.07.19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.03.22 18:03:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.03.22 18:03:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.03.22 18:03:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.03.22 18:03:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.03.22 18:03:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.03.22 18:03:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.02.19 19:06:35 | 000,297,607 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.123topsearch.com

O1 - Hosts: 127.0.0.1        123topsearch.com

O1 - Hosts: 127.0.0.1        www.132.com

O1 - Hosts: 127.0.0.1        132.com

O1 - Hosts: 127.0.0.1        www.136136.net

O1 - Hosts: 127.0.0.1        136136.net

O1 - Hosts: 127.0.0.1        www.163ns.com

O1 - Hosts: 10280 more lines...

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (T3ToolbarHelper Class) - {164E93C4-09BF-4647-9E0B-D5FBB1D35E63} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll ()

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (DasÖrtliche Toolbar) - {6E5B18CB-0EB6-4461-88B8-33B4683613D5} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll ()

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Launcher] C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe (KYOCERA MITA Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C8ED1F3-C984-4D61-A8E2-D71FD759C5F5}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB6241D3-9F10-462A-85BB-34F3A7719B35}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE0E0CB-E7E0-4248-AF95-3F2A8DBC94A4}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell - "" = AutoRun

O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\Shell\AutoRun\command - "" = K:\Menu.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.12 18:50:33 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

[2011.09.12 17:12:09 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2011.09.12 17:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2011.09.12 17:10:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.08.28 13:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011.08.28 13:06:18 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe

[2011.05.30 16:17:28 | 003,096,424 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup307.exe

[2011.04.23 14:33:32 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe

[2011.04.23 13:59:39 | 000,568,648 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe

[2011.04.04 19:24:26 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup305.exe

[2011.03.20 16:06:40 | 000,772,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.performance.exe

[2011.03.20 16:05:43 | 000,772,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.printing.exe

[2011.03.18 13:52:24 | 006,277,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe

[2011.01.26 18:52:49 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup303.exe

[2011.01.13 22:01:31 | 002,827,728 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe

[2011.01.06 17:49:33 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe

[2010.12.30 17:03:35 | 004,044,900 | ---- | C] ((c) 2006-2008, Tom Thielicke                                ) -- C:\Program Files\tipp10_win_v2-0-3.exe

[2010.12.20 13:43:43 | 004,750,496 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe

[2010.10.14 21:42:28 | 004,229,377 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitSetup4.0.3.exe

[2010.08.10 16:04:16 | 128,750,008 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareInstall.exe

[2010.05.03 13:02:38 | 005,461,276 | ---- | C] (Igor Pavlov) -- C:\Program Files\TMViewerSetup.exe

[2010.04.07 14:40:38 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup230.exe

[2010.03.02 14:31:34 | 008,853,856 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 3.0.3.exe

[2010.01.31 15:22:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll

[2010.01.31 15:22:17 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll

[2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

[2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

[2010.01.29 19:37:52 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup228.exe

[2010.01.28 19:18:12 | 002,572,472 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitDownloaderSetup.exe

[2009.12.02 14:06:33 | 001,128,916 | ---- | C] (www.hellopdf.com                                            ) -- C:\Program Files\pdf2wordsetup.exe

[2009.11.29 22:12:00 | 012,543,460 | ---- | C] (Andrea Vacondio) -- C:\Program Files\pdfsam-win32inst-v2_0_0.exe

[2009.10.26 15:44:08 | 077,086,488 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareInstallation.exe

[2009.10.14 14:26:51 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe

[2009.05.15 13:43:03 | 003,227,248 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup219.exe

[2009.05.01 11:28:15 | 218,474,518 | ---- | C] (Igor Pavlov) -- C:\Program Files\OOO31CBE.exe

[2009.04.27 15:16:35 | 003,190,688 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup218.exe

[2009.04.21 14:16:06 | 034,543,112 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareAE.exe

[2009.02.19 18:59:10 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Program Files\spybotsd162.exe

[2008.12.31 16:43:22 | 001,018,074 | ---- | C] (Heinzle Christof) -- C:\Program Files\lameplugin.exe

[2008.12.31 16:11:25 | 015,083,520 | ---- | C] (Safer Networking Limited                                    ) -- C:\Program Files\spybotsd160.exe

[2008.12.31 15:51:14 | 003,165,824 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup215.exe

[2008.12.30 15:12:28 | 002,170,309 | ---- | C] (Free Software Foundation) -- C:\Program Files\gnupg-w32cli-1.4.9.exe

[2008.12.29 19:36:10 | 002,188,592 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitDownloader281Setup.exe

[2008.12.13 22:19:13 | 006,557,639 | ---- | C] (Thorsten Fritz                                              ) -- C:\Program Files\kompozer-0.77.de-DE.win32.installer.exe

[2008.12.13 22:19:04 | 000,735,964 | ---- | C] (GegenStandpunkt Verlag, München) -- C:\Program Files\GS_Index_20071215.exe

[2008.12.13 22:19:02 | 004,986,208 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfplugin.exe

[2008.12.13 22:19:01 | 012,785,408 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfbrewer.exe

[2008.12.13 22:18:51 | 002,955,128 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup213.exe

[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe

[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.12 19:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

[2011.09.12 19:38:08 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.09.12 19:38:08 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.09.12 19:38:08 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.09.12 19:38:08 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.09.12 19:33:59 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011.09.12 19:33:44 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.12 19:33:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.12 19:33:36 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.12 19:33:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.12 19:33:30 | 3485,663,232 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.12 19:30:36 | 000,000,000 | ---- | M] () -- C:\Users\a\defogger_reenable

[2011.09.12 19:11:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.12 18:51:34 | 000,302,592 | ---- | M] () -- C:\Users\a\Desktop\5mox39wg.exe

[2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

[2011.09.12 18:50:18 | 000,050,477 | ---- | M] () -- C:\Users\a\Desktop\Defogger.exe

[2011.09.12 17:12:10 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.09.12 17:08:00 | 010,268,672 | ---- | M] () -- C:\Program Files\Ad-Aware95Install.msi

[2011.09.10 00:05:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

 
 ========== Files Created - No Company Name ==========

 

[2011.09.12 19:33:58 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011.09.12 19:30:36 | 000,000,000 | ---- | C] () -- C:\Users\a\defogger_reenable

[2011.09.12 18:51:31 | 000,302,592 | ---- | C] () -- C:\Users\a\Desktop\5mox39wg.exe

[2011.09.12 18:50:17 | 000,050,477 | ---- | C] () -- C:\Users\a\Desktop\Defogger.exe

[2011.09.12 17:12:10 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.09.12 17:07:55 | 010,268,672 | ---- | C] () -- C:\Program Files\Ad-Aware95Install.msi

[2011.09.10 22:21:30 | 3485,663,232 | -HS- | C] () -- C:\hiberfil.sys

[2011.08.13 13:33:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011.08.13 13:33:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011.08.03 18:11:00 | 021,073,936 | ---- | C] () -- C:\Program Files\vlc-1.1.11-win32.exe

[2011.07.29 16:37:17 | 002,448,352 | ---- | C] () -- C:\Program Files\mp3tagv249setup.exe

[2011.06.28 15:09:07 | 021,022,914 | ---- | C] () -- C:\Program Files\vlc-1.1.10-win32.exe

[2011.05.30 22:08:50 | 000,001,940 | ---- | C] () -- C:\Program Files\HiJackThis.lnk

[2011.05.30 22:07:51 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi

[2011.04.28 16:07:16 | 002,446,680 | ---- | C] () -- C:\Program Files\mp3tagv248setup.exe

[2011.04.26 18:03:55 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe

[2011.04.04 17:08:58 | 000,247,053 | ---- | C] () -- C:\Program Files\mp3DC213.exe

[2011.03.31 13:08:00 | 020,586,196 | ---- | C] () -- C:\Program Files\vlc-1.1.8-win32.exe

[2011.03.18 13:56:26 | 020,364,702 | ---- | C] () -- C:\Program Files\vlc-1.1.7-win32.exe

[2011.03.14 19:59:08 | 004,437,496 | ---- | C] () -- C:\Program Files\Songr_1_9_17.zip

[2011.02.20 17:36:14 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe

[2010.12.22 23:45:41 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI

[2010.12.09 17:21:36 | 019,985,265 | ---- | C] () -- C:\Program Files\vlc-1.1.5-win32.exe

[2010.10.26 17:08:18 | 000,226,402 | ---- | C] () -- C:\Program Files\mp3DC212.exe

[2010.10.14 21:43:16 | 000,008,619 | ---- | C] () -- C:\Program Files\obdeu.zip

[2010.08.28 12:44:33 | 019,657,194 | ---- | C] () -- C:\Program Files\vlc-1.1.4-win32.exe

[2010.08.20 14:23:40 | 019,563,096 | ---- | C] () -- C:\Program Files\vlc-1.1.3-win32.exe

[2010.08.08 14:51:33 | 000,058,984 | ---- | C] () -- C:\Program Files\225p1es_00_dwv_eng.zip

[2010.08.02 14:14:46 | 019,461,015 | ---- | C] () -- C:\Program Files\vlc-1.1.2-win32.exe

[2010.08.01 14:43:51 | 001,295,402 | ---- | C] () -- C:\Program Files\ag_mp3_plugin_setup.exe

[2010.07.27 14:10:19 | 151,343,200 | ---- | C] () -- C:\Program Files\OOo_3.2.1_Win_x86_install_de.exe

[2010.05.25 20:43:14 | 003,099,136 | ---- | C] () -- C:\Program Files\openofficeorg32.msi

[2010.05.25 20:41:42 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe

[2010.05.25 20:40:04 | 145,988,770 | ---- | C] () -- C:\Program Files\openofficeorg1.cab

[2010.05.25 19:46:20 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

[2010.05.20 15:50:50 | 000,150,358 | ---- | C] () -- C:\Program Files\1by1_169.exe

[2010.05.03 13:26:03 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe

[2010.04.08 17:00:16 | 002,439,075 | ---- | C] () -- C:\Program Files\fc_setup_ (2).zip

[2010.03.04 17:10:43 | 167,555,440 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de.exe

[2010.03.02 16:44:27 | 002,024,035 | ---- | C] () -- C:\Program Files\Firesave.exe

[2010.03.02 14:48:37 | 001,222,286 | ---- | C] () -- C:\Program Files\enigmail-1.0.1-tb-win.xpi

[2010.03.02 14:20:10 | 000,000,213 | ---- | C] () -- C:\Program Files\PFADE.ini

[2010.03.02 14:06:40 | 001,772,267 | ---- | C] () -- C:\Program Files\Thundersave_1.0.exe

[2010.02.19 14:40:40 | 044,518,776 | ---- | C] () -- C:\Program Files\setup_av_free_2_.exe

[2010.02.06 16:06:34 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe

[2010.01.31 15:22:18 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe

[2010.01.31 15:22:18 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe

[2010.01.31 15:22:17 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[2010.01.28 19:53:14 | 000,127,083 | ---- | C] () -- C:\Program Files\1by1_168.exe

[2009.11.29 22:05:33 | 001,137,763 | ---- | C] () -- C:\Program Files\sun-pdfimport10.zip

[2009.10.07 13:45:28 | 149,845,064 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe

[2009.07.11 14:35:13 | 017,828,326 | ---- | C] () -- C:\Program Files\vlc-1.0.0-win32.exe

[2009.06.26 17:59:35 | 000,728,103 | ---- | C] () -- C:\Program Files\VAL v1.1.1 Setup.exe

[2009.05.26 18:53:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.05.26 18:52:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.08 23:15:49 | 016,742,799 | ---- | C] () -- C:\Program Files\vlc-0.9.9-win32.exe

[2009.05.07 15:31:52 | 147,695,064 | ---- | C] () -- C:\Program Files\OOo_3.1.0_Win32Intel_install_de.exe

[2009.05.05 16:01:41 | 000,212,713 | ---- | C] () -- C:\Program Files\mp3DC211.exe

[2009.05.05 15:59:51 | 000,121,784 | ---- | C] () -- C:\Program Files\1by1_167.exe

[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Program Files\openofficeorg31.msi

[2009.04.16 15:33:14 | 000,049,230 | ---- | C] () -- C:\Program Files\download_manager_tweak-0.7.2-fx.xpi

[2009.04.09 19:58:43 | 001,300,755 | ---- | C] () -- C:\Program Files\KKiller_v3.4.4.zip

[2009.02.26 18:29:19 | 000,037,658 | ---- | C] () -- C:\Program Files\duplicate_contact_manager-0.6-tb.xpi

[2009.01.27 20:28:46 | 000,111,016 | ---- | C] () -- C:\Program Files\image_zoom-0.3.1-fx+mz+tb+sm.xpi

[2009.01.10 21:37:39 | 156,172,680 | ---- | C] () -- C:\Program Files\ooo300.exe

[2009.01.04 19:29:10 | 000,938,576 | ---- | C] () -- C:\Program Files\7z463.exe

[2009.01.02 17:05:44 | 016,320,472 | ---- | C] () -- C:\Program Files\vlc-0.9.8a-win32.exe

[2008.12.31 18:34:50 | 007,949,158 | ---- | C] () -- C:\Program Files\kompozer-0.7.10-win32.zip

[2008.12.31 16:28:55 | 023,804,784 | ---- | C] () -- C:\Program Files\aaw2008_11n.exe

[2008.12.31 16:03:51 | 000,017,920 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.13 22:19:02 | 001,176,154 | ---- | C] () -- C:\Program Files\enigmail-0.95.6-tb+sm.xpi

[2008.12.13 22:18:50 | 000,189,429 | ---- | C] () -- C:\Program Files\mp3DC209.exe

[2008.12.13 20:35:07 | 000,000,296 | ---- | C] () -- C:\Users\a\AppData\Roaming\wklnhst.dat

[2008.12.13 18:50:37 | 000,792,771 | ---- | C] () -- C:\Program Files\MozBackup-1.4.8-DE.exe

[2008.12.13 18:29:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL

[2008.12.13 18:27:40 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll

[2008.12.13 18:25:25 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2008.12.13 13:59:31 | 000,007,592 | ---- | C] () -- C:\Users\a\AppData\Local\d3d9caps.dat

[2008.10.20 10:35:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008.10.17 17:15:05 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini

[2008.10.17 16:56:47 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

[2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_11.bin

[2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_1.bin

[2008.10.17 16:56:47 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_000116BE_1.bin

[2008.10.08 14:51:57 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe

[2008.10.08 13:26:22 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

[2008.10.08 13:01:08 | 000,000,023 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT

[2008.10.08 12:00:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,342,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2004.08.09 12:33:42 | 000,002,120 | ---- | C] () -- C:\Windows\System32\SETUP.INI

[1996.12.14 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL

[1996.12.14 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

 
 ========== LOP Check ==========

 

[2010.05.21 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\1by1

[2008.12.23 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Canon

[2008.12.29 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FreeCommander

[2011.04.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\gnupg

[2009.03.20 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\GrabPro

[2008.12.31 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\KompoZer

[2010.10.27 00:46:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mp3DirectCut

[2011.08.15 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mp3tag

[2009.07.13 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NewSoft

[2009.01.11 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\OpenOffice.org

[2011.08.12 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Orbit

[2010.10.14 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ProgSense

[2010.08.01 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\QuickStoresToolbar

[2008.12.13 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ScanSoft

[2008.12.11 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\T-Online

[2010.11.07 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Template

[2010.03.02 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Thunderbird

[2011.09.12 19:33:59 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2011.09.12 19:32:37 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.09.12 19:40:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

 
 ========== Purity Check ==========

 

 
 

< End of report >

Code:

OTL Extras logfile created on: 12.09.2011 19:39:28 - Run 1

OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\a\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 58,86% Memory free

6,69 Gb Paging File | 5,54 Gb Available in Paging File | 82,82% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 911,50 Gb Total Space | 665,33 Gb Free Space | 72,99% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32

 

Computer Name: A-PC | User Name: a | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 1

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{16F0F7F3-488C-4AA1-ABAB-22FAF3223912}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5F4397CD-37C3-40E3-B0B1-7274D6F100F9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{0EFF7527-4F0F-45D1-A5C0-2B0E4065E938}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 

"{2BC8FB88-0687-40C3-A27F-49EE217CA7E7}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 

"{2C2E74A2-D96F-48DA-8108-4873693CCE58}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 

"{310ECEC3-7B74-4397-9743-F16D50E33FBC}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 

"{45309D49-E570-4F8B-8509-F5EBC2F6295C}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 

"{60D7F137-EDE0-437C-9F60-1C6270FECC32}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{67FD3586-C46B-485F-BDD0-CBBD5D3B4182}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 

"{778542EF-662A-4ECC-B4D8-10073B7F1560}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{86D163A6-DF5D-4587-B47E-A24F199CB735}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 

"{971F723D-E217-476B-92EC-F53560FEEC1D}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 

"{C26D8B14-A27E-4318-ADBD-8D9F44435B78}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 

"{EA561401-BF6A-4197-A382-4B9B84ADADED}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 

"{F8FB2EF4-15A9-4C7A-A817-D4ACCEBB7F85}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 

"TCP Query User{0DBCEF11-A161-4FC9-A43C-B3A6DF67CB66}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{2269A1AC-35EA-4A68-B944-62B199FB548F}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{4786D182-205D-4DA7-B821-1C4117C3F511}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"TCP Query User{7F554A2A-7692-4D32-816B-73AB91F69D76}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 

"TCP Query User{A1A7E116-EBE9-46DD-8BA0-1F485550A3BC}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{AD95235C-E55F-413A-9869-787161E0FCC0}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"TCP Query User{AE0903ED-5D4A-40C0-B731-50E45B24D9AA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{C9242C20-292C-4928-9FFD-A8F831B16242}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 

"UDP Query User{372DBCEF-F778-423E-A119-3B6A210795EB}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{45A757A6-C8A4-4D5E-A3DC-40B3D07BB8F7}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe | 

"UDP Query User{485BA21F-C68B-4F9E-B9FB-DCFEC2400C68}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 

"UDP Query User{9BFEB6C3-CC44-498C-A550-89DC12F80897}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{ADBFAA37-3FF7-4C78-9103-D33B5F14525E}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 

"UDP Query User{AE07151E-0FD6-4254-8FFD-3F1D671150A1}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{CCE7C458-827B-478D-9B66-797464074B01}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe | 

"UDP Query User{E1B0A721-4AF7-4A04-B9BB-C19638606219}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2411" = CanoScan LiDE 70

"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 27

"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card

"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3

"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{5079F5CA-210A-4C0C-9FBF-02CF77FB0EAC}" = NVIDIA PhysX v8.09.19

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer

"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail

"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)

"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne

"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie

"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54}" = Intel(R) Network Connections 13.2.8.0

"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3

"{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}" = Google Earth

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars

"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer

"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]

"{C1E693A4-B1D5-4DCD-B68D-2087835B7184}" = ScanSoft OmniPage SE 4.0

"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}" = Presto! PageManager 7.15.17

"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3

"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance

"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218

"{ECD03DA7-5952-406A-8156-5F0C93618D1F}" = Trust Webcam

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{FB32F52B-0D1C-4214-91A6-5B2DA15A5238}" = Ad-Aware

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"7-Zip" = 7-Zip 4.63

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Audiograbber" = Audiograbber 1.83 SE 

"Audiograbber-Lame" = Audiograbber MP3-Plugin

"avast" = avast! Free Antivirus

"CanoScan Toolbox 5.0" = Canon CanoScan Toolbox 5.0

"CCleaner" = CCleaner

"Das Örtliche Toolbar" = Das Örtliche Toolbar

"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1

"FreeCommander_is1" = FreeCommander 2009.02a

"FS-720 Utilities" = Kyocera FS-720 Version 1.0

"HijackThis" = HijackThis 2.0.2

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow

"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer

"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector

"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow

"KompoZer_is1" = KompoZer 0.77

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox 6.0.2 (x86 de)" = Mozilla Firefox 6.0.2 (x86 de)

"Mozilla Thunderbird (6.0.2)" = Mozilla Thunderbird (6.0.2)

"Mp3tag" = Mp3tag v2.49

"Neue deutsche Rechtschreibung für Microsoft Office 9x" = Neue deutsche Rechtschreibung für Microsoft Office 9x

"NVIDIA Drivers" = NVIDIA Drivers

"Office8.0" = Microsoft Office 97, Professional Edition

"Orbit_is1" = Orbit Downloader

"Picasa 3" = Picasa 3

"PropFix" = Microsoft Office 97 Unique Identifier Removal Tool

"PROSetDX" = Intel(R) Network Connections 13.2.8.0

"QuickStores-Toolbar_is1" = QuickStores-Toolbar 1.0.0

"Songr" = Songr

"TIPP10_is1" = TIPP10 Version 2.0.3

"VLC media player" = VLC media player 1.1.11

"X10Hardware" = X10 Hardware(TM)

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"pdfsam" = pdfsam

 
 ========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 04.08.2009 06:47:28 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 29.08.2009 11:49:32 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 19.09.2009 07:29:50 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 13.10.2009 08:48:02 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 14.10.2009 07:17:59 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 10.11.2009 06:50:43 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 29.12.2009 13:34:52 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 03.02.2010 05:39:40 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 04.02.2010 07:48:58 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

Error - 16.02.2010 17:06:50 | Computer Name = a-PC | Source = avast! | ID = 33554522

Description = 

 

[ Application Events ]

Error - 09.09.2011 08:33:47 | Computer Name = a-PC | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 09.09.2011 08:33:47 | Computer Name = a-PC | Source = Windows Search Service | ID = 3013

Description = 

 

Error - 09.09.2011 21:17:07 | Computer Name = a-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10.09.2011 11:01:11 | Computer Name = a-PC | Source = EventSystem | ID = 4609

Description = 

 

Error - 10.09.2011 11:01:46 | Computer Name = a-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10.09.2011 16:22:21 | Computer Name = a-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 10.09.2011 17:31:45 | Computer Name = a-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 11.09.2011 05:27:13 | Computer Name = a-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.09.2011 05:49:50 | Computer Name = a-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 12.09.2011 13:33:55 | Computer Name = a-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7026

Description = 

 

Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 10.09.2011 11:01:47 | Computer Name = a-PC | Source = Service Control Manager | ID = 7001

Description = 

 

Error - 11.09.2011 09:04:19 | Computer Name = a-PC | Source = Service Control Manager | ID = 7011

Description = 

 

Error - 11.09.2011 09:35:07 | Computer Name = a-PC | Source = Server | ID = 2505

Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht

 \Device\NetBT_Tcpip_{BFE0E0CB-E7E0-4248-AF95-3F2A8DBC94A4} vom Serverdienst nicht

 gebunden werden. Der Serverdienst konnte nicht gestartet werden.

 

Error - 11.09.2011 09:35:07 | Computer Name = a-PC | Source = netbt | ID = 4321

Description = Der Name "A-PC           :20" konnte nicht auf der Schnittstelle mit

 IP-Adresse 0.0.0.0  registriert werden. Der Computer mit IP-Adresse 192.168.2.100

 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.

 

Error - 12.09.2011 11:12:10 | Computer Name = a-PC | Source = Service Control Manager | ID = 7000

Description = 

 

 

< End of report >

Hier noch das Gmer-Log.
Beim Hochladen wurde mir angezeigt, es sei eine "Ungültige Datei", daher als zip.

Außerdem das Malwarebytes' Log (ich habe gesehen, dass das in einen anderen Thread hier vom kundigen Cosinus empfohlen wurde).

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 7708
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421
 

13.09.2011 14:07:18

mbam-log-2011-09-13 (14-07-18).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 169166

Laufzeit: 2 Minute(n), 46 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Führe danach auch bitte ESET aus, danach sehen wir weiter.

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hier schon einmal der Vollscan von Malwarebytes, ich hatte schon mal diesen Schritt erahnt...

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 7708
 

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421
 

13.09.2011 15:20:38

mbam-log-2011-09-13 (15-20-38).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Durchsuchte Objekte: 350228

Laufzeit: 51 Minute(n), 36 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Hier das erfreuliche Ergebnis von ESET

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6528

# api_version=3.0.2

# EOSSerial=64f3865ced9e534a86ddcac0eae771c3

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-09-13 03:16:33

# local_time=2011-09-13 05:16:33 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.0.6002 NT Service Pack 2

# compatibility_mode=512 16777215 100 0 79391430 79391430 0 0

# compatibility_mode=768 16777215 100 0 308782 308782 0 0

# compatibility_mode=5892 16776573 100 100 15441 153454224 0 0

# compatibility_mode=8192 67108863 100 0 306 306 0 0

# scanned=305168

# found=0

# cleaned=0

# scan_time=5496

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox.

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier der Custom-OTL-Scan

Code:

OTL logfile created on: 13.09.2011 21:01:36 - Run 2

OTL by OldTimer - Version 3.2.28.0     Folder = C:\Users\a\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 59,62% Memory free

6,69 Gb Paging File | 5,51 Gb Available in Paging File | 82,38% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 911,50 Gb Total Space | 664,11 Gb Free Space | 72,86% Space Free | Partition Type: NTFS

Drive D: | 20,00 Gb Total Space | 8,33 Gb Free Space | 41,64% Space Free | Partition Type: FAT32

Drive I: | 596,02 Gb Total Space | 306,53 Gb Free Space | 51,43% Space Free | Partition Type: FAT32

 

Computer Name: A-PC | User Name: a | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

PRC - [2011.09.06 22:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastUI.exe

PRC - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Programme\Alwil Software\Avast5\AvastSvc.exe

PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe

PRC - [2009.04.10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2009.04.10 23:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe

PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe

PRC - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe

PRC - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () -- C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe

PRC - [2008.09.09 18:32:00 | 006,281,760 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe

PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe

PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe

PRC - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe

PRC - [2007.10.09 01:19:20 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe

PRC - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe

PRC - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe

PRC - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

PRC - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

PRC - [2005.01.27 21:48:34 | 000,057,344 | ---- | M] (KYOCERA MITA Corporation) -- C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe

PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2009.06.30 17:20:08 | 000,339,968 | ---- | M] () -- C:\Windows\tsnpstd3.exe

MOD - [2007.05.10 14:18:26 | 000,835,584 | ---- | M] () -- C:\Windows\vsnpstd3.exe

MOD - [2006.09.20 08:35:26 | 000,020,480 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe

MOD - [2006.09.19 16:05:32 | 000,024,576 | ---- | M] () -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.09.12 17:14:31 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)

SRV - [2011.09.06 22:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)

SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)

SRV - [2008.10.14 02:52:50 | 000,376,937 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe -- (TVECapSvc) TVEnhance Background Capture Service (TBCS)

SRV - [2008.10.14 02:52:50 | 000,184,423 | ---- | M] () [Auto | Running] -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe -- (TVESched) TVEnhance Task Scheduler (TTS))

SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007.10.09 01:19:22 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2007.06.05 13:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)

SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)

DRV - [2009.07.03 10:15:12 | 010,526,464 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)

DRV - [2008.09.25 15:28:06 | 001,332,576 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)

DRV - [2008.09.22 20:10:00 | 007,400,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008.08.21 11:57:22 | 000,645,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)

DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)

DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)

DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)

DRV - [2006.11.07 02:00:00 | 000,014,976 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\avmunet.sys -- (AVMUNET)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll File not found

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.09 12:10:10 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.06.18 12:28:53 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.08.22 11:49:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions

[2010.03.02 16:03:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.08.24 17:02:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions

[2009.09.24 16:43:56 | 000,000,000 | ---D | M] (Nuke Anything Enhanced) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{1ced4832-f06e-413f-aa14-9eb63ad40ace}

[2010.04.27 15:45:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.04 13:01:16 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2008.12.13 18:52:56 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(2)

[2011.01.02 18:07:03 | 000,000,000 | ---D | M] (Context Search) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}

[2011.08.18 14:41:16 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.11.18 17:52:06 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\de-DE@dictionaries.addons.mozilla.org

[2011.08.11 12:20:47 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\https-everywhere@eff.org

[2010.11.04 14:53:01 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Users\a\AppData\Roaming\mozilla\Firefox\Profiles\xce0990k.default\extensions\quickstores@quickstores.de

[2011.09.10 12:37:03 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.07.07 20:55:27 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2010.12.20 13:40:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011.03.18 13:46:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.06.06 19:11:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

[2011.07.29 16:43:25 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

[2011.08.28 13:08:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA}

[2010.08.01 14:49:17 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Programme\Mozilla Firefox\extensions\quickstores@quickstores.de

[2011.09.09 12:10:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.07.19 05:05:25 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.03.22 18:03:43 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.03.22 18:03:43 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.03.22 18:03:43 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.03.22 18:03:43 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.03.22 18:03:43 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.03.22 18:03:43 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.02.19 19:06:35 | 000,297,607 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O1 - Hosts: 127.0.0.1        www.007guard.com

O1 - Hosts: 127.0.0.1        007guard.com

O1 - Hosts: 127.0.0.1        008i.com

O1 - Hosts: 127.0.0.1        www.008k.com

O1 - Hosts: 127.0.0.1        008k.com

O1 - Hosts: 127.0.0.1        www.00hq.com

O1 - Hosts: 127.0.0.1        00hq.com

O1 - Hosts: 127.0.0.1        010402.com

O1 - Hosts: 127.0.0.1        www.032439.com

O1 - Hosts: 127.0.0.1        032439.com

O1 - Hosts: 127.0.0.1        www.100888290cs.com

O1 - Hosts: 127.0.0.1        100888290cs.com

O1 - Hosts: 127.0.0.1        www.100sexlinks.com

O1 - Hosts: 127.0.0.1        100sexlinks.com

O1 - Hosts: 127.0.0.1        www.10sek.com

O1 - Hosts: 127.0.0.1        10sek.com

O1 - Hosts: 127.0.0.1        www.123topsearch.com

O1 - Hosts: 127.0.0.1        123topsearch.com

O1 - Hosts: 127.0.0.1        www.132.com

O1 - Hosts: 127.0.0.1        132.com

O1 - Hosts: 127.0.0.1        www.136136.net

O1 - Hosts: 127.0.0.1        136136.net

O1 - Hosts: 127.0.0.1        www.163ns.com

O1 - Hosts: 10280 more lines...

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Programme\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (T3ToolbarHelper Class) - {164E93C4-09BF-4647-9E0B-D5FBB1D35E63} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll ()

O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (DasÖrtliche Toolbar) - {6E5B18CB-0EB6-4461-88B8-33B4683613D5} - C:\Programme\Das Örtliche Toolbar\DasOertlicheToolbar.dll ()

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Programme\Orbitdownloader\GrabPro.dll ()

O4 - HKLM..\Run: [avast] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [Launcher] C:\Programme\Kyocera\FS-720 Utilities\KMGLNC.exe (KYOCERA MITA Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()

O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe ()

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C8ED1F3-C984-4D61-A8E2-D71FD759C5F5}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AB6241D3-9F10-462A-85BB-34F3A7719B35}: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BFE0E0CB-E7E0-4248-AF95-3F2A8DBC94A4}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell - "" = AutoRun

O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\Shell\AutoRun\command - "" = K:\Menu.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: Ad-Watch - hkey= - key= - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: Google EULA Launcher - hkey= - key= - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)

MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)

MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)

MsConfig - StartUpReg: OpwareSE4 - hkey= - key= - C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)

MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)

MsConfig - StartUpReg: SSBkgdUpdate - hkey= - key= - C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: swg - hkey= - key= - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)

MsConfig - StartUpReg: TVEService - hkey= - key= - C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)

MsConfig - State: "startup" - 2

MsConfig - State: "bootini" - 0

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SafeBootNet: WudfPf - Driver

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codecp -  File not found

Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.09.13 15:39:50 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011.09.13 15:39:32 | 002,322,184 | ---- | C] (ESET) -- C:\Program Files\esetsmartinstaller_enu.exe

[2011.09.13 14:01:51 | 000,000,000 | ---D | C] -- C:\Users\a\AppData\Roaming\Malwarebytes

[2011.09.13 14:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.09.13 14:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.09.13 14:01:40 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.09.13 14:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2011.09.13 14:00:10 | 009,466,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe

[2011.09.12 18:50:33 | 000,581,632 | ---- | C] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

[2011.09.12 17:12:09 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

[2011.09.12 17:12:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft

[2011.09.12 17:10:42 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.08.28 13:08:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java

[2011.08.28 13:06:18 | 000,908,576 | ---- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe

[2011.05.30 16:17:28 | 003,096,424 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup307.exe

[2011.04.23 14:33:32 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe

[2011.04.23 13:59:39 | 000,568,648 | ---- | C] (Google Inc.) -- C:\Program Files\GoogleEarthSetup.exe

[2011.04.04 19:24:26 | 003,050,664 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup305.exe

[2011.03.20 16:06:40 | 000,772,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.performance.exe

[2011.03.20 16:05:43 | 000,772,896 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Mats_Run.printing.exe

[2011.03.18 13:52:24 | 006,277,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe

[2011.01.26 18:52:49 | 003,006,368 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup303.exe

[2011.01.13 22:01:31 | 002,827,728 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player_ax.exe

[2011.01.06 17:49:33 | 038,147,376 | ---- | C] (Apple Inc.) -- C:\Program Files\QuickTimeInstaller.exe

[2010.12.30 17:03:35 | 004,044,900 | ---- | C] ((c) 2006-2008, Tom Thielicke                                ) -- C:\Program Files\tipp10_win_v2-0-3.exe

[2010.12.20 13:43:43 | 004,750,496 | ---- | C] (Adobe Systems Inc.) -- C:\Program Files\Shockwave_Installer_Slim.exe

[2010.10.14 21:42:28 | 004,229,377 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitSetup4.0.3.exe

[2010.08.10 16:04:16 | 128,750,008 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareInstall.exe

[2010.05.03 13:02:38 | 005,461,276 | ---- | C] (Igor Pavlov) -- C:\Program Files\TMViewerSetup.exe

[2010.04.07 14:40:38 | 003,376,656 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup230.exe

[2010.03.02 14:31:34 | 008,853,856 | ---- | C] (Mozilla) -- C:\Program Files\Thunderbird Setup 3.0.3.exe

[2010.01.31 15:22:17 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd3.dll

[2010.01.31 15:22:17 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll

[2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll

[2010.01.31 15:22:17 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll

[2010.01.29 19:37:52 | 003,370,400 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup228.exe

[2010.01.28 19:18:12 | 002,572,472 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitDownloaderSetup.exe

[2009.12.02 14:06:33 | 001,128,916 | ---- | C] (www.hellopdf.com                                            ) -- C:\Program Files\pdf2wordsetup.exe

[2009.11.29 22:12:00 | 012,543,460 | ---- | C] (Andrea Vacondio) -- C:\Program Files\pdfsam-win32inst-v2_0_0.exe

[2009.10.26 15:44:08 | 077,086,488 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareInstallation.exe

[2009.10.14 14:26:51 | 003,309,072 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup224.exe

[2009.05.15 13:43:03 | 003,227,248 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup219.exe

[2009.05.01 11:28:15 | 218,474,518 | ---- | C] (Igor Pavlov) -- C:\Program Files\OOO31CBE.exe

[2009.04.27 15:16:35 | 003,190,688 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup218.exe

[2009.04.21 14:16:06 | 034,543,112 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Program Files\Ad-AwareAE.exe

[2009.02.19 18:59:10 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Program Files\spybotsd162.exe

[2008.12.31 16:43:22 | 001,018,074 | ---- | C] (Heinzle Christof) -- C:\Program Files\lameplugin.exe

[2008.12.31 16:11:25 | 015,083,520 | ---- | C] (Safer Networking Limited                                    ) -- C:\Program Files\spybotsd160.exe

[2008.12.31 15:51:14 | 003,165,824 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup215.exe

[2008.12.30 15:12:28 | 002,170,309 | ---- | C] (Free Software Foundation) -- C:\Program Files\gnupg-w32cli-1.4.9.exe

[2008.12.29 19:36:10 | 002,188,592 | ---- | C] (www.orbitdownloader.com                                     ) -- C:\Program Files\OrbitDownloader281Setup.exe

[2008.12.13 22:19:13 | 006,557,639 | ---- | C] (Thorsten Fritz                                              ) -- C:\Program Files\kompozer-0.77.de-DE.win32.installer.exe

[2008.12.13 22:19:04 | 000,735,964 | ---- | C] (GegenStandpunkt Verlag, München) -- C:\Program Files\GS_Index_20071215.exe

[2008.12.13 22:19:02 | 004,986,208 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfplugin.exe

[2008.12.13 22:19:01 | 012,785,408 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\cibpdfbrewer.exe

[2008.12.13 22:18:51 | 002,955,128 | ---- | C] (Piriform Ltd) -- C:\Program Files\ccsetup213.exe

[2002.03.11 11:06:30 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe

[2002.03.11 10:45:04 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsia.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.09.13 21:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

[2011.09.13 20:11:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.09.13 19:34:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.09.13 19:34:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.09.13 15:39:34 | 002,322,184 | ---- | M] (ESET) -- C:\Program Files\esetsmartinstaller_enu.exe

[2011.09.13 15:39:06 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.09.13 15:39:06 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.09.13 15:39:06 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.09.13 15:39:06 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.09.13 14:01:45 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.09.13 14:00:12 | 009,466,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Program Files\mbam-setup-1.51.1.1800.exe

[2011.09.13 13:43:27 | 000,010,722 | ---- | M] () -- C:\Users\a\Desktop\Gmer-Scanlog.zip

[2011.09.13 13:36:55 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.09.13 13:35:09 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011.09.13 13:34:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.09.13 13:34:45 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys

[2011.09.13 12:44:41 | 000,013,990 | ---- | M] () -- C:\Users\a\Desktop\OTL.zip

[2011.09.12 19:30:36 | 000,000,000 | ---- | M] () -- C:\Users\a\defogger_reenable

[2011.09.12 18:51:34 | 000,302,592 | ---- | M] () -- C:\Users\a\Desktop\5mox39wg.exe

[2011.09.12 18:50:36 | 000,581,632 | ---- | M] (OldTimer Tools) -- C:\Users\a\Desktop\OTL.exe

[2011.09.12 18:50:18 | 000,050,477 | ---- | M] () -- C:\Users\a\Desktop\Defogger.exe

[2011.09.12 17:12:10 | 000,000,941 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.09.12 17:08:00 | 010,268,672 | ---- | M] () -- C:\Program Files\Ad-Aware95Install.msi

[2011.09.10 00:05:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt

[2011.09.06 22:45:29 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe

[2011.09.06 22:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

[2011.09.06 22:38:05 | 000,442,200 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys

[2011.09.06 22:37:53 | 000,320,856 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys

[2011.09.06 22:36:38 | 000,034,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys

[2011.09.06 22:36:36 | 000,052,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys

[2011.09.06 22:36:26 | 000,054,616 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys

[2011.09.06 22:36:12 | 000,020,568 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys

[2011.08.31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.08.18 15:25:12 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys

 
 ========== Files Created - No Company Name ==========

 

[2011.09.13 14:01:45 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.09.13 13:43:27 | 000,010,722 | ---- | C] () -- C:\Users\a\Desktop\Gmer-Scanlog.zip

[2011.09.13 12:44:40 | 000,013,990 | ---- | C] () -- C:\Users\a\Desktop\OTL.zip

[2011.09.12 19:33:58 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2011.09.12 19:30:36 | 000,000,000 | ---- | C] () -- C:\Users\a\defogger_reenable

[2011.09.12 18:51:31 | 000,302,592 | ---- | C] () -- C:\Users\a\Desktop\5mox39wg.exe

[2011.09.12 18:50:17 | 000,050,477 | ---- | C] () -- C:\Users\a\Desktop\Defogger.exe

[2011.09.12 17:12:10 | 000,000,941 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk

[2011.09.12 17:07:55 | 010,268,672 | ---- | C] () -- C:\Program Files\Ad-Aware95Install.msi

[2011.09.10 22:21:30 | 3487,748,096 | -HS- | C] () -- C:\hiberfil.sys

[2011.08.13 13:33:54 | 000,000,064 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2011.08.13 13:33:54 | 000,000,044 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2011.08.03 18:11:00 | 021,073,936 | ---- | C] () -- C:\Program Files\vlc-1.1.11-win32.exe

[2011.07.29 16:37:17 | 002,448,352 | ---- | C] () -- C:\Program Files\mp3tagv249setup.exe

[2011.06.28 15:09:07 | 021,022,914 | ---- | C] () -- C:\Program Files\vlc-1.1.10-win32.exe

[2011.05.30 22:08:50 | 000,001,940 | ---- | C] () -- C:\Program Files\HiJackThis.lnk

[2011.05.30 22:07:51 | 001,402,880 | ---- | C] () -- C:\Program Files\HiJackThis.msi

[2011.04.28 16:07:16 | 002,446,680 | ---- | C] () -- C:\Program Files\mp3tagv248setup.exe

[2011.04.26 18:03:55 | 020,533,281 | ---- | C] () -- C:\Program Files\vlc-1.1.9-win32.exe

[2011.04.04 17:08:58 | 000,247,053 | ---- | C] () -- C:\Program Files\mp3DC213.exe

[2011.03.31 13:08:00 | 020,586,196 | ---- | C] () -- C:\Program Files\vlc-1.1.8-win32.exe

[2011.03.18 13:56:26 | 020,364,702 | ---- | C] () -- C:\Program Files\vlc-1.1.7-win32.exe

[2011.03.14 19:59:08 | 004,437,496 | ---- | C] () -- C:\Program Files\Songr_1_9_17.zip

[2011.02.20 17:36:14 | 168,166,968 | ---- | C] () -- C:\Program Files\OOo_3.3.0_Win_x86_install-wJRE_de.exe

[2010.12.22 23:45:41 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI

[2010.12.09 17:21:36 | 019,985,265 | ---- | C] () -- C:\Program Files\vlc-1.1.5-win32.exe

[2010.10.26 17:08:18 | 000,226,402 | ---- | C] () -- C:\Program Files\mp3DC212.exe

[2010.10.14 21:43:16 | 000,008,619 | ---- | C] () -- C:\Program Files\obdeu.zip

[2010.08.28 12:44:33 | 019,657,194 | ---- | C] () -- C:\Program Files\vlc-1.1.4-win32.exe

[2010.08.20 14:23:40 | 019,563,096 | ---- | C] () -- C:\Program Files\vlc-1.1.3-win32.exe

[2010.08.08 14:51:33 | 000,058,984 | ---- | C] () -- C:\Program Files\225p1es_00_dwv_eng.zip

[2010.08.02 14:14:46 | 019,461,015 | ---- | C] () -- C:\Program Files\vlc-1.1.2-win32.exe

[2010.08.01 14:43:51 | 001,295,402 | ---- | C] () -- C:\Program Files\ag_mp3_plugin_setup.exe

[2010.07.27 14:10:19 | 151,343,200 | ---- | C] () -- C:\Program Files\OOo_3.2.1_Win_x86_install_de.exe

[2010.05.25 20:43:14 | 003,099,136 | ---- | C] () -- C:\Program Files\openofficeorg32.msi

[2010.05.25 20:41:42 | 000,460,088 | ---- | C] () -- C:\Program Files\setup.exe

[2010.05.25 20:40:04 | 145,988,770 | ---- | C] () -- C:\Program Files\openofficeorg1.cab

[2010.05.25 19:46:20 | 000,000,290 | ---- | C] () -- C:\Program Files\setup.ini

[2010.05.20 15:50:50 | 000,150,358 | ---- | C] () -- C:\Program Files\1by1_169.exe

[2010.05.03 13:26:03 | 000,068,640 | ---- | C] () -- C:\Windows\unTMV.exe

[2010.04.08 17:00:16 | 002,439,075 | ---- | C] () -- C:\Program Files\fc_setup_ (2).zip

[2010.03.04 17:10:43 | 167,555,440 | ---- | C] () -- C:\Program Files\OOo_3.2.0_Win32Intel_install_wJRE_de.exe

[2010.03.02 16:44:27 | 002,024,035 | ---- | C] () -- C:\Program Files\Firesave.exe

[2010.03.02 14:48:37 | 001,222,286 | ---- | C] () -- C:\Program Files\enigmail-1.0.1-tb-win.xpi

[2010.03.02 14:20:10 | 000,000,213 | ---- | C] () -- C:\Program Files\PFADE.ini

[2010.03.02 14:06:40 | 001,772,267 | ---- | C] () -- C:\Program Files\Thundersave_1.0.exe

[2010.02.19 14:40:40 | 044,518,776 | ---- | C] () -- C:\Program Files\setup_av_free_2_.exe

[2010.02.06 16:06:34 | 018,499,623 | ---- | C] () -- C:\Program Files\vlc-1.0.5-win32.exe

[2010.01.31 15:22:18 | 000,835,584 | ---- | C] () -- C:\Windows\vsnpstd3.exe

[2010.01.31 15:22:18 | 000,339,968 | ---- | C] () -- C:\Windows\tsnpstd3.exe

[2010.01.31 15:22:17 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini

[2010.01.28 19:53:14 | 000,127,083 | ---- | C] () -- C:\Program Files\1by1_168.exe

[2009.11.29 22:05:33 | 001,137,763 | ---- | C] () -- C:\Program Files\sun-pdfimport10.zip

[2009.10.07 13:45:28 | 149,845,064 | ---- | C] () -- C:\Program Files\OOo_3.1.1_Win32Intel_install_de.exe

[2009.07.11 14:35:13 | 017,828,326 | ---- | C] () -- C:\Program Files\vlc-1.0.0-win32.exe

[2009.06.26 17:59:35 | 000,728,103 | ---- | C] () -- C:\Program Files\VAL v1.1.1 Setup.exe

[2009.05.26 18:53:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.05.26 18:52:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.05.08 23:15:49 | 016,742,799 | ---- | C] () -- C:\Program Files\vlc-0.9.9-win32.exe

[2009.05.07 15:31:52 | 147,695,064 | ---- | C] () -- C:\Program Files\OOo_3.1.0_Win32Intel_install_de.exe

[2009.05.05 16:01:41 | 000,212,713 | ---- | C] () -- C:\Program Files\mp3DC211.exe

[2009.05.05 15:59:51 | 000,121,784 | ---- | C] () -- C:\Program Files\1by1_167.exe

[2009.04.27 12:03:46 | 009,818,624 | ---- | C] () -- C:\Program Files\openofficeorg31.msi

[2009.04.16 15:33:14 | 000,049,230 | ---- | C] () -- C:\Program Files\download_manager_tweak-0.7.2-fx.xpi

[2009.04.09 19:58:43 | 001,300,755 | ---- | C] () -- C:\Program Files\KKiller_v3.4.4.zip

[2009.02.26 18:29:19 | 000,037,658 | ---- | C] () -- C:\Program Files\duplicate_contact_manager-0.6-tb.xpi

[2009.01.27 20:28:46 | 000,111,016 | ---- | C] () -- C:\Program Files\image_zoom-0.3.1-fx+mz+tb+sm.xpi

[2009.01.10 21:37:39 | 156,172,680 | ---- | C] () -- C:\Program Files\ooo300.exe

[2009.01.04 19:29:10 | 000,938,576 | ---- | C] () -- C:\Program Files\7z463.exe

[2009.01.02 17:05:44 | 016,320,472 | ---- | C] () -- C:\Program Files\vlc-0.9.8a-win32.exe

[2008.12.31 18:34:50 | 007,949,158 | ---- | C] () -- C:\Program Files\kompozer-0.7.10-win32.zip

[2008.12.31 16:28:55 | 023,804,784 | ---- | C] () -- C:\Program Files\aaw2008_11n.exe

[2008.12.31 16:03:51 | 000,017,920 | ---- | C] () -- C:\Users\a\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.12.13 22:19:02 | 001,176,154 | ---- | C] () -- C:\Program Files\enigmail-0.95.6-tb+sm.xpi

[2008.12.13 22:18:50 | 000,189,429 | ---- | C] () -- C:\Program Files\mp3DC209.exe

[2008.12.13 20:35:07 | 000,000,296 | ---- | C] () -- C:\Users\a\AppData\Roaming\wklnhst.dat

[2008.12.13 18:50:37 | 000,792,771 | ---- | C] () -- C:\Program Files\MozBackup-1.4.8-DE.exe

[2008.12.13 18:29:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\IPPCPUID.DLL

[2008.12.13 18:27:40 | 000,011,776 | ---- | C] () -- C:\Windows\System32\pmsbfn32.dll

[2008.12.13 18:25:25 | 000,000,416 | ---- | C] () -- C:\Windows\MAXLINK.INI

[2008.12.13 13:59:31 | 000,007,592 | ---- | C] () -- C:\Users\a\AppData\Local\d3d9caps.dat

[2008.10.20 10:35:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2008.10.17 17:15:05 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini

[2008.10.17 16:56:47 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

[2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_11.bin

[2008.10.17 16:56:47 | 000,000,464 | ---- | C] () -- C:\Windows\11317231_000216BE_1.bin

[2008.10.17 16:56:47 | 000,000,461 | ---- | C] () -- C:\Windows\11317231_000116BE_1.bin

[2008.10.08 14:51:57 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe

[2008.10.08 13:26:22 | 000,015,312 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat

[2008.10.08 13:01:08 | 000,000,023 | ---- | C] () -- C:\Windows\System32\drivers\VERSION.DAT

[2008.10.08 12:00:48 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.01.21 09:15:58 | 000,628,504 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,126,248 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.06.05 13:20:32 | 000,177,704 | ---- | C] () -- C:\Windows\System32\PSIService.exe

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,342,336 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,595,798 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,103,872 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2004.08.09 12:33:42 | 000,002,120 | ---- | C] () -- C:\Windows\System32\SETUP.INI

[1996.12.14 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL

[1996.12.14 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL

 
 ========== LOP Check ==========

 

[2010.05.21 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\1by1

[2008.12.23 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Canon

[2008.12.29 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FreeCommander

[2011.04.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\gnupg

[2009.03.20 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\GrabPro

[2008.12.31 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\KompoZer

[2010.10.27 00:46:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mp3DirectCut

[2011.08.15 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mp3tag

[2009.07.13 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NewSoft

[2009.01.11 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\OpenOffice.org

[2011.08.12 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Orbit

[2010.10.14 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ProgSense

[2010.08.01 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\QuickStoresToolbar

[2008.12.13 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ScanSoft

[2008.12.11 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\T-Online

[2010.11.07 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Template

[2010.03.02 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Thunderbird

[2011.09.13 13:35:09 | 000,000,384 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job

[2011.09.13 13:33:33 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2011.09.13 21:05:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2010.05.21 10:59:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\1by1

[2010.12.20 14:00:26 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Adobe

[2008.12.23 17:51:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Canon

[2008.12.31 16:06:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\CyberLink

[2011.01.29 19:30:32 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\dvdcss

[2008.12.29 18:20:30 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\FreeCommander

[2011.04.07 18:38:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\gnupg

[2009.01.12 18:27:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Google

[2009.03.20 18:11:11 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\GrabPro

[2008.12.11 22:26:01 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Identities

[2010.01.31 15:21:40 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\InstallShield

[2008.12.31 18:57:43 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\KompoZer

[2008.12.11 23:49:22 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Macromedia

[2011.09.13 14:01:51 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Malwarebytes

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Media Center Programs

[2011.05.30 22:08:50 | 000,000,000 | --SD | M] -- C:\Users\a\AppData\Roaming\Microsoft

[2008.12.13 18:56:07 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mozilla

[2010.10.27 00:46:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\mp3DirectCut

[2011.08.15 16:58:34 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Mp3tag

[2009.01.02 17:48:05 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Nero

[2009.07.13 16:45:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\NewSoft

[2009.01.11 00:29:36 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\OpenOffice.org

[2011.08.12 14:57:37 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Orbit

[2010.10.14 21:44:47 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ProgSense

[2010.08.01 14:49:17 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\QuickStoresToolbar

[2008.12.13 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\ScanSoft

[2011.09.13 13:33:26 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Skype

[2011.07.07 20:54:06 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\skypePM

[2008.12.11 22:45:04 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\T-Online

[2008.12.13 18:56:29 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Talkback

[2010.11.07 16:56:56 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Template

[2010.03.02 16:03:23 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\Thunderbird

[2011.03.31 13:28:41 | 000,000,000 | ---D | M] -- C:\Users\a\AppData\Roaming\vlc

 
 < %APPDATA%\*.exe /s >

[2011.05.30 22:08:50 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\a\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[2009.07.20 16:00:17 | 000,583,168 | ---- | M] () -- C:\Users\a\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\C862.tmp_\sun-pdfimport.oxt\xpdfimport.exe

[2010.08.01 14:49:16 | 000,704,248 | ---- | M] () -- C:\Users\a\AppData\Roaming\QuickStoresToolbar\unins000.exe

[2010.03.10 15:13:58 | 000,045,304 | ---- | M] (Andreas Breitschopp - Softwareentwicklung und -vertrieb) -- C:\Users\a\AppData\Roaming\QuickStoresToolbar\Update.exe

 
 < %SYSTEMDRIVE%\*.exe >

[2007.11.07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys

[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys

[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EVENTLOG.DLL  >

[2007.05.17 21:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll

 
 < MD5 for: IASTOR.SYS  >

[2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\drivers\iaStor.sys

[2007.10.09 01:18:44 | 000,306,200 | ---- | M] (Intel Corporation) MD5=28AAE599496B4930B3F19026F2083BC4 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1bb129e3\iaStor.sys

[2007.10.09 01:19:02 | 000,383,000 | ---- | M] (Intel Corporation) MD5=968BCEAD432CD478D0659FC95ED52170 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll

[2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >
 

< End of report >

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell - "" = AutoRun

O33 - MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a

O33 - MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\Shell\AutoRun\command - "" = K:\Menu.exe

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hallo Arne,
ich habe blind deine Anweisung befolgt, hier das Ergebnis:

Code:

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f647e40b-6d3e-11de-88d5-00040e465fb0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f647e40b-6d3e-11de-88d5-00040e465fb0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f647e40b-6d3e-11de-88d5-00040e465fb0}\ not found.

File I:\LaunchU3.exe -a not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f6ce2080-0df4-11e0-abd0-0021857552ad}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f6ce2080-0df4-11e0-abd0-0021857552ad}\ not found.

File K:\Menu.exe not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: a

->Temp folder emptied: 13898790 bytes

->Temporary Internet Files folder emptied: 1191709 bytes

->Java cache emptied: 9671204 bytes

->FireFox cache emptied: 139504605 bytes

->Flash cache emptied: 915 bytes

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 4092 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 157,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.28.0 log created on 09142011_115737
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Das Tool war flott und hat nichts gefunden :daumenhoc

Code:

2011/09/14 14:15:04.0094 4756        TDSS rootkit removing tool 2.5.22.0 Sep 13 2011 15:55:17

2011/09/14 14:15:04.0499 4756        ================================================================================

2011/09/14 14:15:04.0499 4756        SystemInfo:

2011/09/14 14:15:04.0499 4756        

2011/09/14 14:15:04.0499 4756        OS Version: 6.0.6002 ServicePack: 2.0

2011/09/14 14:15:04.0499 4756        Product type: Workstation

2011/09/14 14:15:04.0499 4756        ComputerName: A-PC

2011/09/14 14:15:04.0499 4756        UserName: a

2011/09/14 14:15:04.0499 4756        Windows directory: C:\Windows

2011/09/14 14:15:04.0499 4756        System windows directory: C:\Windows

2011/09/14 14:15:04.0499 4756        Processor architecture: Intel x86

2011/09/14 14:15:04.0499 4756        Number of processors: 4

2011/09/14 14:15:04.0499 4756        Page size: 0x1000

2011/09/14 14:15:04.0499 4756        Boot type: Normal boot

2011/09/14 14:15:04.0499 4756        ================================================================================

2011/09/14 14:15:05.0045 4756        Initialize success

2011/09/14 14:15:12.0315 4284        ================================================================================

2011/09/14 14:15:12.0315 4284        Scan started

2011/09/14 14:15:12.0315 4284        Mode: Manual; 

2011/09/14 14:15:12.0315 4284        ================================================================================

2011/09/14 14:15:12.0814 4284        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/09/14 14:15:12.0861 4284        adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys

2011/09/14 14:15:12.0892 4284        adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys

2011/09/14 14:15:12.0923 4284        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys

2011/09/14 14:15:12.0970 4284        adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys

2011/09/14 14:15:13.0048 4284        AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

2011/09/14 14:15:13.0079 4284        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys

2011/09/14 14:15:13.0111 4284        aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/09/14 14:15:13.0126 4284        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys

2011/09/14 14:15:13.0157 4284        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys

2011/09/14 14:15:13.0189 4284        amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys

2011/09/14 14:15:13.0204 4284        AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys

2011/09/14 14:15:13.0235 4284        AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys

2011/09/14 14:15:13.0251 4284        arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys

2011/09/14 14:15:13.0267 4284        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys

2011/09/14 14:15:13.0329 4284        aswFsBlk        (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys

2011/09/14 14:15:13.0360 4284        aswMonFlt       (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys

2011/09/14 14:15:13.0391 4284        aswRdr          (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys

2011/09/14 14:15:13.0438 4284        aswSnx          (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys

2011/09/14 14:15:13.0485 4284        aswSP           (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys

2011/09/14 14:15:13.0516 4284        aswTdi          (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys

2011/09/14 14:15:13.0547 4284        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/09/14 14:15:13.0579 4284        atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys

2011/09/14 14:15:13.0625 4284        AVMUNET         (980f4c96c73c61cc6fcf657a721b35d3) C:\Windows\system32\DRIVERS\avmunet.sys

2011/09/14 14:15:13.0672 4284        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/09/14 14:15:13.0719 4284        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys

2011/09/14 14:15:13.0766 4284        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/09/14 14:15:13.0813 4284        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/09/14 14:15:13.0828 4284        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/09/14 14:15:13.0859 4284        Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/09/14 14:15:13.0891 4284        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/09/14 14:15:13.0906 4284        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/09/14 14:15:13.0922 4284        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/09/14 14:15:13.0953 4284        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/09/14 14:15:13.0984 4284        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/09/14 14:15:14.0015 4284        cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/09/14 14:15:14.0047 4284        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys

2011/09/14 14:15:14.0078 4284        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/09/14 14:15:14.0140 4284        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys

2011/09/14 14:15:14.0156 4284        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys

2011/09/14 14:15:14.0187 4284        crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys

2011/09/14 14:15:14.0218 4284        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys

2011/09/14 14:15:14.0312 4284        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

2011/09/14 14:15:14.0359 4284        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/09/14 14:15:14.0452 4284        drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/09/14 14:15:14.0515 4284        DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/09/14 14:15:14.0639 4284        e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys

2011/09/14 14:15:14.0671 4284        E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/09/14 14:15:14.0764 4284        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/09/14 14:15:14.0795 4284        elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys

2011/09/14 14:15:14.0827 4284        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys

2011/09/14 14:15:14.0873 4284        exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/09/14 14:15:14.0920 4284        fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/09/14 14:15:14.0936 4284        fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys

2011/09/14 14:15:14.0983 4284        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/09/14 14:15:14.0998 4284        Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/09/14 14:15:15.0014 4284        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/09/14 14:15:15.0045 4284        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/09/14 14:15:15.0076 4284        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/09/14 14:15:15.0092 4284        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys

2011/09/14 14:15:15.0185 4284        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/09/14 14:15:15.0217 4284        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/09/14 14:15:15.0248 4284        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/09/14 14:15:15.0263 4284        HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/09/14 14:15:15.0279 4284        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys

2011/09/14 14:15:15.0310 4284        HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys

2011/09/14 14:15:15.0373 4284        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/09/14 14:15:15.0404 4284        i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys

2011/09/14 14:15:15.0435 4284        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/09/14 14:15:15.0466 4284        iaStor          (28aae599496b4930b3f19026f2083bc4) C:\Windows\system32\DRIVERS\iaStor.sys

2011/09/14 14:15:15.0497 4284        iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys

2011/09/14 14:15:15.0513 4284        iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/09/14 14:15:15.0591 4284        IntcAzAudAddService (2e06052066ce4489cdfbfb8329ea52b1) C:\Windows\system32\drivers\RTKVHDA.sys

2011/09/14 14:15:15.0669 4284        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys

2011/09/14 14:15:15.0700 4284        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/09/14 14:15:15.0731 4284        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/09/14 14:15:15.0778 4284        IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys

2011/09/14 14:15:15.0825 4284        IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/09/14 14:15:15.0841 4284        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/09/14 14:15:15.0856 4284        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys

2011/09/14 14:15:15.0887 4284        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/09/14 14:15:15.0903 4284        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/09/14 14:15:15.0934 4284        iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/09/14 14:15:15.0965 4284        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/09/14 14:15:15.0997 4284        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys

2011/09/14 14:15:16.0043 4284        KSecDD          (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/09/14 14:15:16.0106 4284        Lbd             (336abe8721cbc3110f1c6426da633417) C:\Windows\system32\DRIVERS\Lbd.sys

2011/09/14 14:15:16.0137 4284        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/09/14 14:15:16.0168 4284        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys

2011/09/14 14:15:16.0184 4284        LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys

2011/09/14 14:15:16.0215 4284        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys

2011/09/14 14:15:16.0246 4284        luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/09/14 14:15:16.0277 4284        megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys

2011/09/14 14:15:16.0324 4284        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys

2011/09/14 14:15:16.0340 4284        Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/09/14 14:15:16.0387 4284        monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/09/14 14:15:16.0418 4284        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/09/14 14:15:16.0433 4284        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys

2011/09/14 14:15:16.0449 4284        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/09/14 14:15:16.0480 4284        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys

2011/09/14 14:15:16.0496 4284        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/09/14 14:15:16.0527 4284        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/09/14 14:15:16.0558 4284        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/09/14 14:15:16.0589 4284        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/09/14 14:15:16.0636 4284        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/09/14 14:15:16.0667 4284        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/09/14 14:15:16.0683 4284        msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys

2011/09/14 14:15:16.0714 4284        msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys

2011/09/14 14:15:16.0761 4284        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/09/14 14:15:16.0792 4284        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/09/14 14:15:16.0823 4284        MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/09/14 14:15:16.0855 4284        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/09/14 14:15:16.0870 4284        MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/09/14 14:15:16.0901 4284        MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/09/14 14:15:16.0933 4284        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/09/14 14:15:16.0948 4284        MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/09/14 14:15:16.0964 4284        Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/09/14 14:15:17.0026 4284        NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/09/14 14:15:17.0073 4284        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/09/14 14:15:17.0104 4284        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/09/14 14:15:17.0120 4284        Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/09/14 14:15:17.0182 4284        NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/09/14 14:15:17.0198 4284        NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/09/14 14:15:17.0229 4284        NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/09/14 14:15:17.0260 4284        netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/09/14 14:15:17.0323 4284        netr28u         (2e812881ec96e80eae304877ed90206b) C:\Windows\system32\DRIVERS\netr28u.sys

2011/09/14 14:15:17.0369 4284        nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/09/14 14:15:17.0401 4284        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/09/14 14:15:17.0432 4284        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/09/14 14:15:17.0494 4284        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/09/14 14:15:17.0541 4284        ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/09/14 14:15:17.0557 4284        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/09/14 14:15:17.0744 4284        nvlddmkm        (433b35bcc2a5cb7ecb0b807d6ed38d4e) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/09/14 14:15:17.0869 4284        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys

2011/09/14 14:15:17.0900 4284        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys

2011/09/14 14:15:17.0947 4284        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys

2011/09/14 14:15:18.0040 4284        NxpCap          (35ebe490c993f39091ce7bf89e725b0c) C:\Windows\system32\DRIVERS\NxpCap.sys

2011/09/14 14:15:18.0103 4284        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/09/14 14:15:18.0165 4284        Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/09/14 14:15:18.0196 4284        partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/09/14 14:15:18.0212 4284        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/09/14 14:15:18.0259 4284        pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/09/14 14:15:18.0305 4284        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys

2011/09/14 14:15:18.0321 4284        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/09/14 14:15:18.0383 4284        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/09/14 14:15:18.0477 4284        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/09/14 14:15:18.0493 4284        Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys

2011/09/14 14:15:18.0571 4284        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/09/14 14:15:18.0602 4284        PxHelp20        (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys

2011/09/14 14:15:18.0649 4284        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys

2011/09/14 14:15:18.0695 4284        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/09/14 14:15:18.0727 4284        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/09/14 14:15:18.0742 4284        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/09/14 14:15:18.0773 4284        Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/09/14 14:15:18.0805 4284        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/09/14 14:15:18.0836 4284        RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/09/14 14:15:18.0867 4284        rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/09/14 14:15:18.0883 4284        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/09/14 14:15:18.0914 4284        rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys

2011/09/14 14:15:18.0929 4284        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/09/14 14:15:18.0976 4284        RDPWD           (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/09/14 14:15:19.0039 4284        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/09/14 14:15:19.0070 4284        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/09/14 14:15:19.0117 4284        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/09/14 14:15:19.0179 4284        Serenum         (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys

2011/09/14 14:15:19.0195 4284        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys

2011/09/14 14:15:19.0226 4284        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/09/14 14:15:19.0304 4284        sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys

2011/09/14 14:15:19.0335 4284        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys

2011/09/14 14:15:19.0351 4284        sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys

2011/09/14 14:15:19.0397 4284        sfloppy         (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/09/14 14:15:19.0429 4284        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys

2011/09/14 14:15:19.0444 4284        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys

2011/09/14 14:15:19.0460 4284        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys

2011/09/14 14:15:19.0507 4284        Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/09/14 14:15:19.0756 4284        SNPSTD3         (4b0e6dfe7905db8cb7318c0d23abc4ea) C:\Windows\system32\DRIVERS\snpstd3.sys

2011/09/14 14:15:19.0943 4284        spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/09/14 14:15:19.0990 4284        srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/09/14 14:15:20.0037 4284        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

2011/09/14 14:15:20.0068 4284        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

2011/09/14 14:15:20.0115 4284        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/09/14 14:15:20.0146 4284        Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/09/14 14:15:20.0177 4284        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/09/14 14:15:20.0209 4284        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/09/14 14:15:20.0318 4284        Tcpip           (2756186e287139310997090797e0182b) C:\Windows\system32\drivers\tcpip.sys

2011/09/14 14:15:20.0380 4284        Tcpip6          (2756186e287139310997090797e0182b) C:\Windows\system32\DRIVERS\tcpip.sys

2011/09/14 14:15:20.0411 4284        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/09/14 14:15:20.0458 4284        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/09/14 14:15:20.0489 4284        TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/09/14 14:15:20.0521 4284        tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/09/14 14:15:20.0552 4284        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/09/14 14:15:20.0614 4284        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/09/14 14:15:20.0645 4284        tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/09/14 14:15:20.0692 4284        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys

2011/09/14 14:15:20.0723 4284        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys

2011/09/14 14:15:20.0755 4284        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/09/14 14:15:20.0801 4284        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys

2011/09/14 14:15:20.0833 4284        uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys

2011/09/14 14:15:20.0864 4284        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/09/14 14:15:20.0895 4284        ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/09/14 14:15:20.0926 4284        umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/09/14 14:15:20.0957 4284        usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/09/14 14:15:20.0989 4284        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/09/14 14:15:21.0035 4284        usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/09/14 14:15:21.0051 4284        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/09/14 14:15:21.0098 4284        usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys

2011/09/14 14:15:21.0145 4284        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/09/14 14:15:21.0160 4284        usbscan         (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/09/14 14:15:21.0207 4284        USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/09/14 14:15:21.0223 4284        usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/09/14 14:15:21.0285 4284        vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/09/14 14:15:21.0301 4284        VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/09/14 14:15:21.0316 4284        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys

2011/09/14 14:15:21.0347 4284        ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys

2011/09/14 14:15:21.0394 4284        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys

2011/09/14 14:15:21.0425 4284        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/09/14 14:15:21.0488 4284        volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/09/14 14:15:21.0503 4284        volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/09/14 14:15:21.0550 4284        vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys

2011/09/14 14:15:21.0581 4284        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/09/14 14:15:21.0628 4284        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/14 14:15:21.0644 4284        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/09/14 14:15:21.0691 4284        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys

2011/09/14 14:15:21.0722 4284        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/09/14 14:15:21.0831 4284        WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys

2011/09/14 14:15:21.0893 4284        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/09/14 14:15:21.0909 4284        ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/09/14 14:15:21.0971 4284        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/09/14 14:15:22.0003 4284        X10Hid          (ab2d77bf7222b007717abb61b15f9ae2) C:\Windows\system32\Drivers\x10hid.sys

2011/09/14 14:15:22.0034 4284        XUIF            (6bbf7a3bab8ffdccf82057fa2aae2b7b) C:\Windows\system32\Drivers\x10ufx2.sys

2011/09/14 14:15:22.0081 4284        MBR (0x1B8)     (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

2011/09/14 14:15:22.0096 4284        MBR (0x1B8)     (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1

2011/09/14 14:15:22.0112 4284        Boot (0x1200)   (4aaf4a98fc25a4a7ad9008d4ba50c369) \Device\Harddisk0\DR0\Partition0

2011/09/14 14:15:22.0143 4284        Boot (0x1200)   (f45c975a42e0ca8b4940c9f6cce9320c) \Device\Harddisk0\DR0\Partition1

2011/09/14 14:15:22.0159 4284        Boot (0x1200)   (5ae4d43c37515529ab53725ce6cb1f4c) \Device\Harddisk1\DR1\Partition0

2011/09/14 14:15:22.0159 4284        ================================================================================

2011/09/14 14:15:22.0159 4284        Scan finished

2011/09/14 14:15:22.0159 4284        ================================================================================

2011/09/14 14:15:22.0174 4772        Detected object count: 0

2011/09/14 14:15:22.0174 4772        Actual detected object count: 0

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Das Combofix-Log:

Code:

ComboFix 11-09-14.01 - a 14.09.2011  17:16:33.1.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3325.2416 [GMT 2:00]

ausgeführt von:: c:\users\a\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

AV: Lavasoft Ad-Watch Live! Virenschutz *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\program files\Setup.exe

c:\users\a\Favorites\Cambridge-Azur-340-A-SE_571506.html

c:\users\a\Favorites\NAD-C-315-BEE_571384.html

c:\windows\system32\setup.ini

c:\windows\system32\ShellManager310E2D762.dll

Pass LEGAL for license information. Built Sat Jun 25 23:20 2011c:\windows\Windows6.0-KB948465-X86.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_usnjsvc

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-08-14 bis 2011-09-14  ))))))))))))))))))))))))))))))

.

.

2011-09-14 15:24 . 2011-09-14 15:31        --------        d-----w-        c:\users\a\AppData\Local\temp

2011-09-14 15:24 . 2011-09-14 15:24        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-09-14 11:00 . 2011-08-10 12:14        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat

2011-09-14 09:57 . 2011-09-14 09:57        --------        d-----w-        C:\_OTL

2011-09-13 13:39 . 2011-09-13 13:39        --------        d-----w-        c:\program files\ESET

2011-09-13 13:39 . 2011-09-13 13:39        2322184        ----a-w-        c:\program files\esetsmartinstaller_enu.exe

2011-09-13 12:01 . 2011-09-13 12:01        --------        d-----w-        c:\users\a\AppData\Roaming\Malwarebytes

2011-09-13 12:01 . 2011-09-13 12:03        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-09-13 12:01 . 2011-08-31 15:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-09-13 12:00 . 2011-09-13 12:00        9466208        ----a-w-        c:\program files\mbam-setup-1.51.1.1800.exe

2011-09-13 09:27 . 2011-08-12 02:44        7152464        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{AE87E91F-9E5B-4F0C-A327-2B46AA768E6C}\mpengine.dll        ERROR(0x00000005)

2011-09-12 15:12 . 2011-08-18 13:25        64512        ----a-w-        c:\windows\system32\drivers\Lbd.sys

2011-09-12 15:07 . 2011-09-12 15:08        10268672        ----a-w-        c:\program files\Ad-Aware95Install.msi

2011-08-28 11:08 . 2011-08-28 11:08        --------        d-----w-        c:\program files\Common Files\Java

2011-08-28 11:06 . 2011-08-28 11:06        908576        ----a-w-        c:\program files\jxpiinstall.exe

2011-08-24 09:02 . 2011-07-11 13:25        2048        ----a-w-        c:\windows\system32\tzres.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-09-06 20:45 . 2010-06-29 12:56        41184        ----a-w-        c:\windows\avastSS.scr

2011-09-06 20:45 . 2008-12-13 20:23        199304        ----a-w-        c:\windows\system32\aswBoot.exe

2011-09-06 20:38 . 2011-04-04 14:57        442200        ----a-w-        c:\windows\system32\drivers\aswSnx.sys

2011-09-06 20:37 . 2008-12-13 20:24        320856        ----a-w-        c:\windows\system32\drivers\aswSP.sys

2011-09-06 20:36 . 2008-12-13 20:24        34392        ----a-w-        c:\windows\system32\drivers\aswRdr.sys

2011-09-06 20:36 . 2008-12-13 20:24        52568        ----a-w-        c:\windows\system32\drivers\aswTdi.sys

2011-09-06 20:36 . 2008-12-13 20:23        54616        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2011-09-06 20:36 . 2008-12-13 20:24        20568        ----a-w-        c:\windows\system32\drivers\aswFsBlk.sys

2011-08-13 09:49 . 2011-06-22 13:04        404640        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-12 02:44 . 2008-10-08 09:57        7152464        ----a-w-        c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll        ERROR(0x00000005)

2011-08-03 16:11 . 2011-08-03 16:11        21073936        ----a-w-        c:\program files\vlc-1.1.11-win32.exe

2011-07-29 14:37 . 2011-07-29 14:37        2448352        ----a-w-        c:\program files\mp3tagv249setup.exe

2011-07-22 02:54 . 2011-08-10 12:38        1797632        ----a-w-        c:\windows\system32\jscript9.dll

2011-07-22 02:48 . 2011-08-10 12:38        1126912        ----a-w-        c:\windows\system32\wininet.dll

2011-07-22 02:44 . 2011-08-10 12:38        2382848        ----a-w-        c:\windows\system32\mshtml.tlb

2011-07-19 03:05 . 2010-10-19 14:27        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-07-06 15:31 . 2011-08-10 12:31        214016        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys

2011-06-28 13:09 . 2011-06-28 13:09        21022914        ----a-w-        c:\program files\vlc-1.1.10-win32.exe

2011-06-20 08:54 . 2011-08-10 12:31        3602832        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2011-06-20 08:54 . 2011-08-10 12:31        3550096        ----a-w-        c:\windows\system32\ntoskrnl.exe

2011-06-17 20:13 . 2011-08-10 12:31        905104        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-06-17 16:03 . 2011-08-10 12:31        375808        ----a-w-        c:\windows\system32\winsrv.dll

2011-05-30 20:07 . 2011-05-30 20:07        1402880        ----a-w-        c:\program files\HiJackThis.msi

2011-05-30 14:17 . 2011-05-30 14:17        3096424        ----a-w-        c:\program files\ccsetup307.exe

2011-04-28 14:07 . 2011-04-28 14:07        2446680        ----a-w-        c:\program files\mp3tagv248setup.exe

2011-04-26 16:04 . 2011-04-26 16:03        20533281        ----a-w-        c:\program files\vlc-1.1.9-win32.exe

2011-04-23 12:33 . 2011-04-23 12:33        2832544        ----a-w-        c:\program files\install_flash_player.exe

2011-04-23 11:59 . 2011-04-23 11:59        568648        ----a-w-        c:\program files\GoogleEarthSetup.exe

2011-04-04 17:24 . 2011-04-04 17:24        3050664        ----a-w-        c:\program files\ccsetup305.exe

2011-04-04 15:09 . 2011-04-04 15:08        247053        ----a-w-        c:\program files\mp3DC213.exe

2011-03-31 11:08 . 2011-03-31 11:08        20586196        ----a-w-        c:\program files\vlc-1.1.8-win32.exe

2011-03-20 14:06 . 2011-03-20 14:06        772384        ----a-w-        c:\program files\Mats_Run.performance.exe

2011-03-20 14:05 . 2011-03-20 14:05        772896        ----a-w-        c:\program files\Mats_Run.printing.exe

2011-03-18 11:56 . 2011-03-18 11:56        20364702        ----a-w-        c:\program files\vlc-1.1.7-win32.exe

2011-03-18 11:52 . 2011-03-18 11:52        6277496        ----a-w-        c:\program files\Silverlight.exe

2011-02-20 15:40 . 2011-02-20 15:36        168166968        ----a-w-        c:\program files\OOo_3.3.0_Win_x86_install-wJRE_de.exe

2011-01-26 16:52 . 2011-01-26 16:52        3006368        ----a-w-        c:\program files\ccsetup303.exe

2011-01-13 20:01 . 2011-01-13 20:01        2827728        ----a-w-        c:\program files\install_flash_player_ax.exe

2011-01-06 15:49 . 2011-01-06 15:49        38147376        ----a-w-        c:\program files\QuickTimeInstaller.exe

2010-12-30 15:04 . 2010-12-30 15:03        4044900        ----a-w-        c:\program files\tipp10_win_v2-0-3.exe

2010-12-20 11:43 . 2010-12-20 11:43        4750496        ----a-w-        c:\program files\Shockwave_Installer_Slim.exe

2010-12-09 15:21 . 2010-12-09 15:21        19985265        ----a-w-        c:\program files\vlc-1.1.5-win32.exe

2010-10-26 15:08 . 2010-10-26 15:08        226402        ----a-w-        c:\program files\mp3DC212.exe

2010-10-14 19:42 . 2010-10-14 19:42        4229377        ----a-w-        c:\program files\OrbitSetup4.0.3.exe

2010-08-28 10:45 . 2010-08-28 10:44        19657194        ----a-w-        c:\program files\vlc-1.1.4-win32.exe

2010-08-20 12:25 . 2010-08-20 12:23        19563096        ----a-w-        c:\program files\vlc-1.1.3-win32.exe

2010-08-10 14:13 . 2010-08-10 14:04        128750008        ----a-w-        c:\program files\Ad-AwareInstall.exe

2010-08-02 12:16 . 2010-08-02 12:14        19461015        ----a-w-        c:\program files\vlc-1.1.2-win32.exe

2010-08-01 12:43 . 2010-08-01 12:43        1295402        ----a-w-        c:\program files\ag_mp3_plugin_setup.exe

2010-07-27 12:20 . 2010-07-27 12:10        151343200        ----a-w-        c:\program files\OOo_3.2.1_Win_x86_install_de.exe

2010-05-25 18:43 . 2010-05-25 18:43        3099136        ----a-w-        c:\program files\openofficeorg32.msi

2010-05-20 13:50 . 2010-05-20 13:50        150358        ----a-w-        c:\program files\1by1_169.exe

2010-05-03 11:02 . 2010-05-03 11:02        5461276        ----a-w-        c:\program files\TMViewerSetup.exe

2010-04-07 12:40 . 2010-04-07 12:40        3376656        ----a-w-        c:\program files\ccsetup230.exe

2010-03-04 15:42 . 2010-03-04 15:10        167555440        ----a-w-        c:\program files\OOo_3.2.0_Win32Intel_install_wJRE_de.exe

2010-03-02 14:44 . 2010-03-02 14:44        2024035        ----a-w-        c:\program files\Firesave.exe

2010-03-02 12:32 . 2010-03-02 12:31        8853856        ----a-w-        c:\program files\Thunderbird Setup 3.0.3.exe

2010-03-02 12:06 . 2010-03-02 12:06        1772267        ----a-w-        c:\program files\Thundersave_1.0.exe

2010-02-19 12:43 . 2010-02-19 12:40        44518776        ----a-w-        c:\program files\setup_av_free_2_.exe

2010-02-06 14:07 . 2010-02-06 14:06        18499623        ----a-w-        c:\program files\vlc-1.0.5-win32.exe

2010-01-29 17:38 . 2010-01-29 17:37        3370400        ----a-w-        c:\program files\ccsetup228.exe

2010-01-28 17:53 . 2010-01-28 17:53        127083        ----a-w-        c:\program files\1by1_168.exe

2010-01-28 17:18 . 2010-01-28 17:18        2572472        ----a-w-        c:\program files\OrbitDownloaderSetup.exe

2009-12-02 12:06 . 2009-12-02 12:06        1128916        ----a-w-        c:\program files\pdf2wordsetup.exe

2009-11-29 20:12 . 2009-11-29 20:12        12543460        ----a-w-        c:\program files\pdfsam-win32inst-v2_0_0.exe

2009-10-26 13:49 . 2009-10-26 13:44        77086488        ----a-w-        c:\program files\Ad-AwareInstallation.exe

2009-10-14 12:26 . 2009-10-14 12:26        3309072        ----a-w-        c:\program files\ccsetup224.exe

2009-10-07 11:55 . 2009-10-07 11:45        149845064        ----a-w-        c:\program files\OOo_3.1.1_Win32Intel_install_de.exe

2009-07-11 12:36 . 2009-07-11 12:35        17828326        ----a-w-        c:\program files\vlc-1.0.0-win32.exe

2009-06-26 15:59 . 2009-06-26 15:59        728103        ----a-w-        c:\program files\VAL v1.1.1 Setup.exe

2009-05-15 11:43 . 2009-05-15 11:43        3227248        ----a-w-        c:\program files\ccsetup219.exe

2009-05-08 21:16 . 2009-05-08 21:15        16742799        ----a-w-        c:\program files\vlc-0.9.9-win32.exe

2009-05-07 13:42 . 2009-05-07 13:31        147695064        ----a-w-        c:\program files\OOo_3.1.0_Win32Intel_install_de.exe

2009-05-05 14:01 . 2009-05-05 14:01        212713        ----a-w-        c:\program files\mp3DC211.exe

2009-05-05 13:59 . 2009-05-05 13:59        121784        ----a-w-        c:\program files\1by1_167.exe

2009-05-01 09:43 . 2009-05-01 09:28        218474518        ----a-w-        c:\program files\OOO31CBE.exe

2009-04-27 13:16 . 2009-04-27 13:16        3190688        ----a-w-        c:\program files\ccsetup218.exe

2009-04-27 10:03 . 2009-04-27 10:03        9818624        ----a-w-        c:\program files\openofficeorg31.msi

2009-04-21 12:18 . 2009-04-21 12:16        34543112        ----a-w-        c:\program files\Ad-AwareAE.exe

2009-02-19 17:00 . 2009-02-19 16:59        16409960        ----a-w-        c:\program files\spybotsd162.exe

2009-01-04 17:29 . 2009-01-04 17:29        938576        ----a-w-        c:\program files\7z463.exe

2009-01-02 15:07 . 2009-01-02 15:05        16320472        ----a-w-        c:\program files\vlc-0.9.8a-win32.exe

2008-12-31 14:43 . 2008-12-31 14:43        1018074        ----a-w-        c:\program files\lameplugin.exe

2008-12-31 14:30 . 2008-12-31 14:28        23804784        ----a-w-        c:\program files\aaw2008_11n.exe

2008-12-31 14:13 . 2008-12-31 14:11        15083520        ----a-w-        c:\program files\spybotsd160.exe

2008-12-31 13:51 . 2008-12-31 13:51        3165824        ----a-w-        c:\program files\ccsetup215.exe

2008-12-30 13:12 . 2008-12-30 13:12        2170309        ----a-w-        c:\program files\gnupg-w32cli-1.4.9.exe

2008-12-29 17:36 . 2008-12-29 17:36        2188592        ----a-w-        c:\program files\OrbitDownloader281Setup.exe

2008-12-10 16:28 . 2008-12-13 16:50        792771        ----a-w-        c:\program files\MozBackup-1.4.8-DE.exe

2008-10-29 14:55 . 2008-12-13 20:18        2955128        ----a-w-        c:\program files\ccsetup213.exe

2008-10-14 14:45 . 2008-12-13 20:18        189429        ----a-w-        c:\program files\mp3DC209.exe

2008-10-13 14:10 . 2009-01-10 19:37        156172680        ----a-w-        c:\program files\ooo300.exe

2008-02-25 16:03 . 2008-12-13 20:19        735964        ----a-w-        c:\program files\GS_Index_20071215.exe

2008-02-05 02:09 . 2008-12-13 20:19        6557639        ----a-w-        c:\program files\kompozer-0.77.de-DE.win32.installer.exe

2006-12-13 18:53 . 2008-12-13 20:19        12785408        ----a-w-        c:\program files\cibpdfbrewer.exe

2006-12-13 16:41 . 2008-12-13 20:19        4986208        ----a-w-        c:\program files\cibpdfplugin.exe

2002-03-11 09:06 . 2002-03-11 09:06        1822520        ----a-w-        c:\program files\instmsiw.exe

2002-03-11 08:45 . 2002-03-11 08:45        1708856        ----a-w-        c:\program files\instmsia.exe

2011-09-09 10:10 . 2011-03-22 16:03        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-09-06 20:45        122512        ----a-w-        c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-10-20 39408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-10-08 178712]

"RtHDVCpl"="RtHDVCpl.exe" [2008-09-09 6281760]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-22 13589024]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-22 92704]

"Launcher"="c:\program files\Kyocera\FS-720 Utilities\KMGLNC.exe" [2005-01-27 57344]

"snpstd3"="c:\windows\vsnpstd3.exe" [2007-05-10 835584]

"tsnpstd3"="c:\windows\tsnpstd3.exe" [2009-06-30 339968]

"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-09-06 3722416]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2011-09-12 15:14        1191216        ----a-w-        c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-06-06 10:55        937920        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-06-06 10:55        35736        ----a-w-        c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google EULA Launcher]

2008-10-14 09:57        20480        ----a-w-        c:\program files\Google\Google EULA\GoogleEULALauncher.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-12-12 07:31        1840424        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2008-12-02 14:29        2221352        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]

2006-10-11 11:45        75304        ----a-w-        c:\program files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]

2008-09-09 16:32        1833504        ----a-w-        c:\windows\SkyTel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]

2006-09-28 12:16        185896        ----a-w-        c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-06-09 11:06        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2008-10-20 09:27        39408        ----a-w-        c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TVEService]

2008-10-14 00:52        180224        ----a-w-        c:\program files\HomeCinema\TV Enhance\TVEService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]

"AntiVirusOverride"=dword:00000001

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 135664]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-09-12 2151640]

R3 AVMUNET;AVM FRITZ!Box;c:\windows\system32\DRIVERS\avmunet.sys [2006-11-07 14976]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 135664]

R3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2008-08-21 645120]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-08-18 64512]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 54616]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 TVECapSvc;TVEnhance Background Capture Service (TBCS);c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe [2008-10-14 376937]

S2 TVESched;TVEnhance Task Scheduler (TTS));c:\program files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe [2008-10-14 184423]

S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [2008-09-25 1332576]

S3 X10Hid;X10 Hid Device;c:\windows\system32\Drivers\x10hid.sys [2006-11-17 13976]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2011-09-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-08-18 15:14]

.

2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 15:21]

.

2011-09-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-19 15:21]

.

2011-09-14 c:\windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job

- c:\windows\system32\msfeedssync.exe [2011-03-15 16:20]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = about:blank

IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\a\AppData\Roaming\Mozilla\Firefox\Profiles\xce0990k.default\

FF - prefs.js: browser.startup.homepage - 

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4}

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-09-14 17:30

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\windows\system32\nvvsvc.exe

c:\windows\system32\rundll32.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\PSIService.exe

c:\program files\Cyberlink\Shared files\RichVideo.exe

c:\windows\system32\WUDFHost.exe

c:\progra~1\COMMON~1\X10\Common\x10nets.exe

c:\windows\system32\conime.exe

c:\windows\RtHDVCpl.exe

c:\windows\System32\rundll32.exe

c:\windows\System32\spool\drivers\w32x86\3\WrtProc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\\?\c:\windows\system32\wbem\WMIADAP.EXE

.

**************************************************************************

.

Zeit der Fertigstellung: 2011-09-14  17:33:48 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2011-09-14 15:33

.

Vor Suchlauf: 8 Verzeichnis(se), 714.781.548.544 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 715.133.202.432 Bytes frei

.

- - End Of File - - 4BAD096EA0077A1B21A0CEADA0EC52E2

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).