Trojaner-Board - langsamer PC

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - langsamer PC (https://www.trojaner-board.de/92302-langsamer-pc.html)

Hallo,

mein PC ist seit seit einige Wochen deutlich langsamer geworden und läuft auch sonst nicht mehr so rund wie am Anfang. Vielleicht kann man meinem HijackThis Logfile etwas entnehmen.

Vielen Dank schonmal im Voraus.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:29:04, on 28.10.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18975)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Max\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: softonic-de6 Toolbar - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: softonic-de6 Toolbar - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: softonic-de6 Toolbar - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - d:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class) - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - hxxp://libusb-win32.sourceforge.net - C:\Windows\system32\libusbd-nt.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

--
End of file - 6431 bytes

Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Danke für die Antwort, habe die Anweisungen befolgt:

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 5007

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975

31.10.2010 17:33:24
mbam-log-2010-10-31 (17-33-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 259705
Laufzeit: 1 Stunde(n), 9 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Max\AppData\Roaming\Adobe\Update\flacor.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Max\AppData\Roaming\dhxiuw.dat (Malware.Trace) -> Quarantined and deleted successfully.

und hier die Ergebnisse von OTL:OTL Logfile:

Code:

OTL Extras logfile created on: 31.10.2010 17:52:10 - Run 1

OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Max\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 75,12 Gb Free Space | 50,40% Space Free | Partition Type: NTFS

Drive D: | 139,28 Gb Total Space | 57,43 Gb Free Space | 41,23% Space Free | Partition Type: NTFS

 

Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"UacDisableNotify" = 0

"InternetSettingsDisableNotify" = 0

"AutoUpdateDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2632993316-3478661033-708405078-1000]

"EnableNotifications" = 0

"EnableNotificationsRef" = 3

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{15E56BF4-2D1A-41C5-9336-3ABB7B22D567}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{30555A6F-4AB1-4541-B8D2-44AAB86F3711}" = lport=139 | protocol=6 | dir=in | app=system | 

"{3A41EEAC-5F43-45A2-85E7-5D43B8A43570}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{3B6EFF0F-456B-43CC-BE5A-F6AB8ABD71F0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{4E303877-C951-4922-8A24-8815154D8E2E}" = rport=139 | protocol=6 | dir=out | app=system | 

"{506E9F44-5A96-4F08-8BDD-E1876EB3A892}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{51670F33-9848-4059-89B3-0A40756F976F}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{53045B16-D9FB-481F-8774-EAD71C30E707}" = lport=445 | protocol=6 | dir=in | app=system | 

"{5BC3099A-F13B-4092-82C6-8C9CC05320F5}" = lport=17708 | protocol=17 | dir=in | name=bitcomet 17708 udp | 

"{5C478C4D-4D4A-4741-9E12-8AF70C28291D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{5C708D9B-DA79-4CAE-8009-2B8FD7CEF7F5}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{622B48F5-ACA2-4A64-B167-78863FA9B409}" = lport=138 | protocol=17 | dir=in | app=system | 

"{69FA1AAE-05CD-4D0B-92D2-B7F43A6246B6}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 

"{6F9FE969-A49E-4E40-B12B-07F6782D9EA1}" = rport=445 | protocol=6 | dir=out | app=system | 

"{73E2B6C8-8B73-477F-9E0F-7589E53892A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{85A7C632-365C-4AE5-875D-C047909DC049}" = lport=17708 | protocol=17 | dir=in | name=bitcomet 17708 udp | 

"{87FE8EB2-95F2-4FEB-B8AC-18142432BCBD}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{9DCEED95-18FF-4FD0-BD9E-248DE7EA7D9E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{A7140CC5-D2DC-4DCC-83AA-F1624C6091FD}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 

"{B3DA42A7-A112-406E-A061-5F147696C4BC}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{B75F8196-4ED5-427E-8C14-233307D9DD54}" = rport=138 | protocol=17 | dir=out | app=system | 

"{B877E1D1-31D1-4E00-A18D-12DD33EED8BA}" = lport=17708 | protocol=6 | dir=in | name=bitcomet 17708 tcp | 

"{BC4896F3-802C-408C-9390-992A833AFE9A}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{BD2EABE2-D53B-4A55-92FA-3298E2E3EE66}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 

"{C22DA82D-CD73-40D1-96C7-58AEA44ED262}" = rport=137 | protocol=17 | dir=out | app=system | 

"{C47FD773-FD47-4AF1-B53F-7E79735DC1B2}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{D35992DA-4520-4A60-9631-72B7F8AC630A}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{DC4689EF-61FF-4531-8D8B-60AF672F658B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{E0B09B9F-76D2-4D8F-86CC-F631B298C72F}" = rport=2869 | protocol=6 | dir=out | app=system | 

"{E6B95005-C5FF-4770-9E7D-64BE5183EE78}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 

"{E7F91519-3B04-4B61-8FF6-4C571BBF7850}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{EABEC278-E5F7-403B-AA12-E18DD8E55BD9}" = lport=17708 | protocol=6 | dir=in | name=bitcomet 17708 tcp | 

"{F1A17EE2-BE06-496E-980D-6E4B4F4E4E96}" = lport=137 | protocol=17 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02CB79FA-2D7F-46DA-BC3A-6DDC7A666ED6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{03D1F5E5-3DC0-4178-BE79-ADFBBB3C1A2E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{0AEE9962-72F3-4AD1-92D0-2B11D7D538B2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{0E60CC7C-F890-4F43-B2DB-B7C06EF83D20}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe | 

"{127F91B9-3FC5-4A30-9F88-4943B3599D04}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{12CDC4E7-5D05-434A-9DB6-ED2F79F0045B}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{1396432E-E8E2-40C4-B6C3-66CBAE2422AB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{1D29EA12-1744-4A6F-B79B-44CC5C17E918}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{1D7522FC-C673-461C-887A-8455882FF806}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{1DAE5CF1-11DB-4380-B244-0ECBA445E31E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{1FD00519-DBF6-489F-BB1C-634F85C4CE65}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{2328F803-4779-4812-9A6A-7FA925EC3513}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{24BE64AD-78B3-457C-A3CF-8AB2A8474C9E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{2961ADDA-E553-463E-AA5C-850A8B3A1386}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{2B355E12-A210-439A-A61D-2425C5337863}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{2CEA39E3-56C6-4C7E-A26E-F997C5942280}" = protocol=6 | dir=in | app=d:\program files\wow\backgrounddownloader.exe | 

"{314A8A56-03A1-4C8F-A7E5-A9D6CE43E0B9}" = protocol=6 | dir=in | app=d:\program files\starcraft ii\starcraft ii.exe | 

"{3433C6F7-7CAA-4FBB-AB72-9E4774199269}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{3528E685-4711-4F20-B513-6C4D6DE55CCE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{3977E80E-921C-4BA5-B855-1A2123CD078F}" = protocol=6 | dir=in | app=d:\program files\starcraft ii\versions\base15405\sc2.exe | 

"{39E57125-CD7F-45AC-8C9F-3864092817EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{3A1EF254-9BF2-487B-B99B-DADA10099585}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{3DD8190A-01C0-46E1-A169-0592CAE830A2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{40F50C97-4ED8-4B43-9194-DF9ED2555051}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{449939A2-AAC7-4364-9B84-F2262C650BB8}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 

"{4CDE3AAC-3127-46F2-BDAA-2CA57FEEC2D8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{4FDFCD94-5771-408B-A21C-2516F6ECEE2F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{50D8B9BA-7977-4A95-93B3-564817900683}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{51C52BD9-E7BB-4BC0-B521-49D56E3F840F}" = protocol=6 | dir=in | app=d:\program files\bitcomet\bitcomet.exe | 

"{52CB0709-2582-4616-B3A3-EE8C2E2AD401}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{54374182-1AB3-4277-B455-E79888E60E39}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe | 

"{54AC2916-E420-4CA0-956A-7AD27F90BA65}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{57C94965-E4ED-4230-8C14-BE4272B1E4C2}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{585E925B-9DFF-434F-B9CF-49B46FE19161}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{5879F3DD-A52D-4DC7-812C-721B1180EA33}" = protocol=17 | dir=in | app=d:\program files\wow\backgrounddownloader.exe | 

"{5EE7461A-B0A5-4B1D-B441-2473B74E5B74}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{602A8FB2-66E8-4631-9B83-4067F5A28934}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{651CE2FF-64F4-4E78-847E-8D5AFD952290}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{6E86A53C-9C6B-4EFE-8629-F65F00891D7A}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{700A9F76-2785-4FE2-B41C-C516B70AA336}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{83EDF6F1-7BD0-421C-B508-48C26D31A586}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{8458103B-1840-49B1-9D3B-B0DADE2CEE3A}" = protocol=6 | dir=in | app=d:\program files\bitcomet\bitcomet.exe | 

"{84AC41B8-3B9E-4B2E-ACBF-BB595F753BE0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{85B99FE8-B61C-44E2-87B1-85A62CAC586E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{8B923CAF-3540-4C18-A2CA-DA73A164A713}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"{96BF2771-036E-4124-90B3-50AA7C2CDD04}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{989722A0-8E46-40F3-B078-81CEC2B90AB2}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"{9D4CD964-316B-44F6-AC58-FD1B21DB1C46}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{9F257F91-ACA3-4077-983E-6EEAA959B012}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{A09A7AD1-D3AA-4375-A291-6464882070C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{A52D5C66-9445-4FDE-A084-E839B22B28EC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{A88FF51B-5FD6-4490-A6A8-C11FB9019FA5}" = protocol=17 | dir=in | app=d:\program files\bitcomet\bitcomet.exe | 

"{A8E0A3E1-00FA-4FCB-B4E4-36A7629A7093}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{ABB4598F-D063-4D70-B402-98D8A91C3617}" = protocol=17 | dir=in | app=d:\program files\starcraft ii\starcraft ii.exe | 

"{ABD38CD8-AB80-4997-A087-FEA429B1569F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{AC0D650D-38C7-4DDF-9FF3-372447842F59}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{AC291A00-AC92-46C4-95CC-5460823BEB31}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{AE147FA5-B9F7-4053-9833-B65377B18521}" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of mythology2\aomx.exe | 

"{AEA85AE9-5F73-4AF4-9BC5-9355AE9EC291}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{B30EB6FE-C0C2-4018-9B97-6439E7892E10}" = protocol=17 | dir=in | app=d:\program files\bitcomet\bitcomet.exe | 

"{B31FDBBE-6745-4232-A4F8-A54E38F9A437}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{B33C05C0-5C4A-43D9-A7D1-99F20B1955A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{B378F36F-C7D8-47FC-BC10-1A9B91A875BD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{B6A535B9-FE07-4F4B-A372-8FD08B26E386}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{B905584E-9CCA-4B20-859F-D4D30285BD67}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{BB96DD3B-D3C6-476A-8B6F-800B97273C53}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{BEDEC27E-3189-4E28-8E61-8F8B9B98396B}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 

"{C3146080-9F36-4C6A-ACEA-CE7DF9101961}" = protocol=17 | dir=in | app=d:\program files\gamespy arcade\aphex.exe | 

"{C3255051-2DC9-4ED4-A2E0-67C15759FC20}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{C3E9828D-E5AB-41AD-8C06-8EEC1E9B550F}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{C4D49EE4-351A-477E-81F0-D13283E23F19}" = protocol=6 | dir=in | app=d:\program files\sony ericsson\update service\update service.exe | 

"{C5808D20-4C23-4A6A-9853-BB039D2D9B8F}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-3.0.1-to-3.0.2-dede-win-update-downloader.exe | 

"{CB7E38CE-EFAC-48B7-9D91-A53DD4677ECB}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{CBDA4B72-FE1B-4DE8-ACDD-911FAA3BE8A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{CEFF1341-F057-454D-BE52-D3F15B368E7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{D05A7B7B-F65B-4A0A-BCF3-6A0F4EAAE4E3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{D0BBB1CE-D009-41C3-BD4C-D65B959AA6A0}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{D11F22E0-A851-48E2-BA28-397593BD3FE2}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{D24C3612-1822-47B0-94B7-09C64BF4B422}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{D257DAB9-F871-419F-81F6-124CC715B4BF}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{D58F3588-FD65-4B45-AF2E-2CA3B756D75C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{D8238517-BFF7-4672-A6C9-40FC9EA632F7}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{DBDB508C-2E77-4F4F-8DBB-F223D5E1C5CF}" = protocol=17 | dir=in | app=d:\program files\starcraft ii\versions\base15405\sc2.exe | 

"{DD3E614E-A3EE-4C5E-9E05-DD2167F643CC}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{DE5641D8-EE52-497A-A2B8-546A75C4EC6F}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{E64B1FB9-CF8E-4EEF-A390-FF81F2B66064}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{E6C82271-8F73-4CB6-8A3F-81049687545C}" = protocol=17 | dir=in | app=d:\program files\itunes\itunes.exe | 

"{E935DA01-78BF-4157-9728-31179734CCC3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{EE2C4488-D9AF-4F3F-A802-D84A50E067BB}" = protocol=6 | dir=in | app=d:\program files\itunes\itunes.exe | 

"{EF7424CB-7FC3-47A7-ABE0-166B46C34D27}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{F1B97A68-AD26-4B31-9491-A0627763CF7C}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{F2B06E5F-6CEA-4AB3-AB66-FF9B2C6785A3}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{F3649741-6E20-491B-B5BF-77BF62BF3A80}" = protocol=17 | dir=in | app=d:\program files\sony ericsson\update service\update service.exe | 

"{F3DCD001-F523-41B1-A8DF-E26CB2D2C8A5}" = protocol=6 | dir=in | app=d:\program files\gamespy arcade\aphex.exe | 

"{F4638353-14F5-4E68-AA6A-E6BD266A7EC1}" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of mythology2\aomx.exe | 

"{F54A0192-8211-40EF-B2E2-1B52C62DF0A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{F8EB8498-6AB7-4B21-8A82-E8B8CBBBE2FE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{FA0381F8-085F-4EAA-8F95-4960FDE5B501}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{FCAE1823-A5E0-46CA-9E36-0F2394654436}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{FEBEB14C-B25E-4C86-A41B-70BFE78D6586}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"TCP Query User{3810FC35-DB6F-4BB7-BB52-804BC9AAF895}D:\program files\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=d:\program files\aoe2\age2_x1.exe | 

"TCP Query User{392235CD-7327-4C42-ABEC-CA3431BF9A25}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{3B7A6C3C-3934-4E6C-8AB5-48B0947F555F}D:\program files\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=d:\program files\aoe2\age2_x1.exe | 

"TCP Query User{458BA83D-5DBF-4D46-8F29-089601B77A83}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"TCP Query User{4D958576-DFF0-4CCE-AC03-D673D5E7A6F7}D:\program files\valve\aoe2\age2_x1.exe" = protocol=6 | dir=in | app=d:\program files\valve\aoe2\age2_x1.exe | 

"TCP Query User{596B4369-DD45-4B22-9556-5D25D6C3B227}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"TCP Query User{5E0E2018-516F-4094-8CA0-FAB0E41550A0}D:\program files\valve\hl.exe" = protocol=6 | dir=in | app=d:\program files\valve\hl.exe | 

"TCP Query User{6394078D-E6F4-44F9-8B3A-C3A97C6375A5}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 

"TCP Query User{64943510-50B8-48C5-B679-7DAB948E8399}D:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\program files\diablo ii\game.exe | 

"TCP Query User{7B2DB3E3-3AFF-475D-A821-6437278FECAF}D:\program files\diablo ii\game.exe" = protocol=6 | dir=in | app=d:\program files\diablo ii\game.exe | 

"TCP Query User{9BE4BBD0-2609-4491-9CDB-8178314C33A6}D:\program files\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\program files\warcraft iii\war3.exe | 

"TCP Query User{A71967F3-E566-46CB-B56A-F096C86938BD}D:\program files\garena\garena.exe" = protocol=6 | dir=in | app=d:\program files\garena\garena.exe | 

"TCP Query User{A74F4F2D-E233-492A-93A7-F5229F4D7DBE}D:\program files\wow\repair.exe" = protocol=6 | dir=in | app=d:\program files\wow\repair.exe | 

"TCP Query User{A952F76F-FF62-43BC-8551-B517ADDB8409}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{B3006664-EEE5-43A5-A1D8-6838CF58E4BF}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{C16E3AA8-2422-4D83-947A-AC0DA0A00FED}C:\users\max\appdata\local\temp\rar$ex00.531\volley.exe" = protocol=6 | dir=in | app=c:\users\max\appdata\local\temp\rar$ex00.531\volley.exe | 

"TCP Query User{CB6A81F3-E770-4F42-8204-42DFE4566C01}D:\program files\wow\launcher.exe" = protocol=6 | dir=in | app=d:\program files\wow\launcher.exe | 

"TCP Query User{CC4C8046-7B81-4C28-9D2F-64FA26EDCCA8}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"TCP Query User{D2A50848-3C50-42A9-852C-44DD3892CE57}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"TCP Query User{D8079590-48EB-4256-9C1D-7DD4528C1489}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"TCP Query User{E96458A3-F81C-49AE-A221-89195F6FE6E5}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"TCP Query User{FD75BD6C-7661-40DC-92F1-8AEFC9E5D53D}D:\program files\microsoft games\age of mythology2\aom.exe" = protocol=6 | dir=in | app=d:\program files\microsoft games\age of mythology2\aom.exe | 

"TCP Query User{FDE7965E-863A-493D-A3E7-CB8765935A55}D:\program files\age of mythology\aom.exe" = protocol=6 | dir=in | app=d:\program files\age of mythology\aom.exe | 

"UDP Query User{076FE381-7B7C-4A4D-8A40-54B1040C7A1F}D:\program files\microsoft games\age of mythology2\aom.exe" = protocol=17 | dir=in | app=d:\program files\microsoft games\age of mythology2\aom.exe | 

"UDP Query User{081FFC8E-EE74-4B33-A262-B4F419B26D89}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 

"UDP Query User{1BBFEC06-BBDF-44A2-AE72-9D58930C4BE4}D:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\program files\diablo ii\game.exe | 

"UDP Query User{22E15A35-119B-4D67-A506-1628DFA0106B}D:\program files\valve\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=d:\program files\valve\aoe2\age2_x1.exe | 

"UDP Query User{30189E10-0AE3-4034-B89B-D75D1784D114}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{45C0C782-F888-47C0-B5EF-82E3F444C3E4}D:\program files\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\program files\warcraft iii\war3.exe | 

"UDP Query User{53E807A7-B7B1-403F-923D-B0E56B8A312A}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{58DE9F5E-2F60-421F-B3C6-E3BC2C166173}D:\program files\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=d:\program files\aoe2\age2_x1.exe | 

"UDP Query User{67DCE414-1FEB-4D9D-B66E-0D0D4B885DD6}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe | 

"UDP Query User{693FE5E3-55BD-441B-AEE6-4D04670D261C}D:\program files\wow\launcher.exe" = protocol=17 | dir=in | app=d:\program files\wow\launcher.exe | 

"UDP Query User{6F5C742F-79E9-42AC-99FC-5C4792954A48}D:\program files\wow\repair.exe" = protocol=17 | dir=in | app=d:\program files\wow\repair.exe | 

"UDP Query User{75E7CCB4-483B-45D0-93C6-D7521089D44C}D:\program files\garena\garena.exe" = protocol=17 | dir=in | app=d:\program files\garena\garena.exe | 

"UDP Query User{90643CA1-D599-42DB-856B-28FE4332C7C5}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 

"UDP Query User{972CB20B-EF6A-4B2E-B164-91730F01A579}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{A559A4D0-91A1-40F4-BA0B-28D527ED894B}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe | 

"UDP Query User{B741C40A-DAC4-4358-AC2B-1E3F7F8F4DA0}D:\program files\valve\hl.exe" = protocol=17 | dir=in | app=d:\program files\valve\hl.exe | 

"UDP Query User{C7FCBFCC-AA9B-4B4D-A99B-D08E38D685A9}D:\program files\aoe2\age2_x1.exe" = protocol=17 | dir=in | app=d:\program files\aoe2\age2_x1.exe | 

"UDP Query User{D78F1F6F-F6E5-499A-81CC-672E317EEE56}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"UDP Query User{DB15AF2C-B85A-4DD6-8C25-C1DD636FF938}D:\program files\age of mythology\aom.exe" = protocol=17 | dir=in | app=d:\program files\age of mythology\aom.exe | 

"UDP Query User{E6575B43-0614-49D0-9EE3-F42614DDB9AF}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{EF717885-AE4B-4534-8362-34F6D84106BA}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe | 

"UDP Query User{F70659EA-2D13-451A-9236-AAB48A5B5F51}D:\program files\diablo ii\game.exe" = protocol=17 | dir=in | app=d:\program files\diablo ii\game.exe | 

"UDP Query User{FDE8B9CF-949E-49C7-9818-D01824EADDD9}C:\users\max\appdata\local\temp\rar$ex00.531\volley.exe" = protocol=17 | dir=in | app=c:\users\max\appdata\local\temp\rar$ex00.531\volley.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser

"{088D5DC3-A607-DF3D-6406-7CA7F597F25F}" = Catalyst Control Center Localization Norwegian

"{0A1129C7-E4F7-4EDC-DD38-DC8B467F5DAD}" = CCC Help Italian

"{0E7DBD52-B097-4F2B-A7C7-F105B0D20FDB}" = LightScribe System Software  1.14.17.1

"{11202615-E557-4ECF-9B86-F59C81E52909}" = FIFA 10

"{11435553-1388-0583-98C3-AD3C49E9A038}" = Catalyst Control Center Graphics Full Existing

"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6

"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX

"{1C8521E5-5A7B-4A4E-A9CD-AD53116EAEE0}" = ASUS Data Security Manager

"{1C94CB71-A432-873C-E0AC-121EDBD817CE}" = CCC Help German

"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{230142CE-A81E-CC3C-35CC-5CC8A49CCB1E}" = Catalyst Control Center Localization Japanese

"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19

"{27D51A76-371D-48B6-B06E-4137A15B7583}" = Express Gate

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{29B9C0F8-380D-133D-6551-142BB77F94C8}" = ccc-core-static

"{2C85768B-0BDA-8FB8-3CC8-B36C3CD86151}" = Catalyst Control Center Localization Thai

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.011.00

"{3117A9EF-16BE-3404-CBC8-9AC1BB009335}" = CCC Help French

"{31C74C17-B0AC-0F77-E772-9F7FA9891E36}" = CCC Help Turkish

"{37D7562E-389B-6675-13E2-6D4F6994DD9A}" = Catalyst Control Center Localization Dutch

"{389E3080-0B6D-BA11-3369-490623D5FD49}" = CCC Help Portuguese

"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey

"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup

"{3EE772A4-97F3-806B-924F-6D77EE00C1AE}" = CCC Help Hungarian

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}" = FIFA 11

"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"{415B2719-AD3A-4944-B404-C472DB6085B3}" = Cisco EAP-FAST Module

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{431633E7-E6A4-3205-3B80-3F9BC437F797}" = Skins

"{46647CBB-A2D5-AA8E-F951-1712A74668C4}" = Catalyst Control Center Localization Turkish

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{52F3D26F-AE33-2F25-1374-DDB65CEB12F3}" = CCC Help Czech

"{54FB7140-FD80-2389-3332-9D85FC74915D}" = Catalyst Control Center Localization Swedish

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set

"{593D6CC5-D02A-BF6C-6463-278368587E02}" = Catalyst Control Center Localization Greek

"{5C1748A8-912B-DF0B-5C35-A9C3A2D546A7}" = Catalyst Control Center Localization Czech

"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2

"{5EB5EEA7-6432-5827-0080-899DA70A97BA}" = ATI Catalyst Install Manager

"{5F5D5DE9-D467-43D4-0D43-68B4598FF5CB}" = Catalyst Control Center Localization Russian

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8 Ultra Edition HD

"{60204E20-6172-2517-9B6F-6A87416956A1}" = CCC Help Dutch

"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe

"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon

"{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}" = Cisco PEAP Module

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6AE16305-FD12-FFF0-85FA-722360417549}" = Catalyst Control Center Localization Korean

"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect

"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding

"{7234908A-5F80-B67A-8DE8-98B75FA43810}" = CCC Help Chinese Traditional

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{730801C2-7C9B-2260-614D-A44767CA5DBC}" = CCC Help Thai

"{73B9CDF5-9B29-3DD5-0028-C68CD2490F1E}" = CCC Help Korean

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7DEEE76B-ED3D-657E-5475-D67ADA440E47}" = CCC Help Norwegian

"{83770D14-21B9-44B3-8689-F7B523F94560}" = Cisco LEAP Module

"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2

"{8439EDA7-A85C-E830-2E23-197A1BFD24F5}" = Catalyst Control Center Localization Italian

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars

"{9980C99E-6954-614B-EA1C-333473FC2900}" = ccc-utility

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A55D681-02D1-6E48-F717-3ACFF6DBB27C}" = CCC Help Russian

"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear eXtreme

"{9B74C58F-A6AE-F383-4AC1-F432FDF35884}" = CCC Help Chinese Standard

"{9F88C8F3-5953-B3D7-7F91-A7CE3A6F5119}" = Catalyst Control Center Localization Finnish

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A4E83A4C-B057-E197-F156-2FBEFA0761FE}" = Catalyst Control Center Localization French

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{A9C95D56-88AA-0CF9-FFE4-E0A45C04A6DC}" = Catalyst Control Center Localization Portuguese

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.4 - Deutsch

"{AEA1F5BA-BC7A-05F2-2832-58B4BCEAABEB}" = Catalyst Control Center Localization Danish

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B10DEBAF-64A4-0FB5-9518-97A21DC2A321}" = CCC Help Greek

"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter

"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0

"{B5D0714F-56A4-52A2-4C62-6B4E8853F25A}" = Catalyst Control Center Localization Spanish

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B9B7F425-0B72-E926-06FF-136154B31077}" = CCC Help Japanese

"{BA09B3B4-7D61-B444-52AE-4C3C3CADADDA}" = CCC Help Spanish

"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint

"{C5AEAA52-29F8-DF1E-B472-C2ABDC6EA349}" = Catalyst Control Center Localization Chinese Traditional

"{CC77812E-22CB-754E-15C4-1E7BB9B2E89A}" = Catalyst Control Center Graphics Previews Vista

"{CC81D746-51BB-4F97-52EB-BF64E14B1904}" = CCC Help Swedish

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CD95F661-A5C4-44F5-A6AA-ECDD91C240BD}" = WinZip 14.5

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CEE0CD9D-7759-7D58-F33D-D1968D29B8A2}" = Catalyst Control Center Localization Hungarian

"{D0106CC2-E34B-4FA3-B6B6-91F0ACEA2CC3}" = Hearts of Iron III

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2

"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media

"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service

"{D45D831B-1431-0A69-841B-828F958E95BB}" = CCC Help Danish

"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser

"{D9F9D5C6-B889-C333-033B-863C85BB0D6F}" = CCC Help Finnish

"{DA918D70-293B-6776-CD3C-7965EC7D8680}" = Catalyst Control Center Graphics Previews Common

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DB891739-2EB3-45A8-9CBD-941C255CECD4}" = ASUS Touch Pad Extra

"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader

"{DD07CD74-B4BF-1347-D10C-5A32485D8451}" = CCC Help English

"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash

"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware

"{E3DE4A3B-DB2A-9107-BCDD-1C6A64CFB4F5}" = Catalyst Control Center Localization German

"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{EAEDD68A-1037-35C3-707A-1A5316856EF8}" = Catalyst Control Center Core Implementation

"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F0F8875B-F4F4-6BBC-5D86-CFAD9D6B7F12}" = Catalyst Control Center Localization Polish

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)

"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01

"{F53B03FE-A48A-9051-F350-554E415730F5}" = Catalyst Control Center Localization Chinese Standard

"{F6141E53-ABEC-97AF-99E7-C12588A20812}" = Catalyst Control Center Graphics Full New

"{F8935FC0-DE7D-41C3-FC9C-7867B29D2E10}" = Catalyst Control Center Graphics Light

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"{FFA6416E-798F-773E-B7A9-0F79BA40ECB8}" = CCC Help Polish

"AC3Filter_is1" = AC3Filter 1.63b

"Ad-Aware" = Ad-Aware

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"Asus_Camera_ScreenSaver" = Asus_Camera_ScreenSaver

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"BitComet" = BitComet 1.16

"Diablo II" = Diablo II

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8

"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12

"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go

"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.11)" = Mozilla Firefox (3.6.11)

"PokerStars" = PokerStars

"PowerISO" = PowerISO

"softonic-de6 Toolbar" = softonic-de6 Toolbar

"SopCast" = SopCast 3.2.4

"StarCraft II" = StarCraft II

"TVAnts 1.0" = TVAnts 1.0

"Uninstall_is1" = Uninstall 1.0.0.1

"Update Service" = Update Service

"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam

"Veetle TV" = Veetle TV 0.9.18

"VLC media player" = VLC media player 1.0.5

"Voca" = Voca

"vShare" = vShare Plugin

"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.10.2010 10:37:24 | Computer Name = Max-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 18.10.2010 10:37:38 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.10.2010 10:37:39 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.10.2010 10:38:46 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.10.2010 12:40:40 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.10.2010 12:40:54 | Computer Name = Max-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083

Description = 

 

Error - 18.10.2010 12:45:54 | Computer Name = Max-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 18.10.2010 13:07:22 | Computer Name = Max-PC | Source = Application Hang | ID = 1002

Description = Programm Ad-AwareAdmin.exe, Version 8.0.0.0 arbeitet nicht mehr mit

 Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet

 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 

über das Problem zu suchen.  Prozess-ID: 37c  Anfangszeit: 01cb6ee43081e457  Zeitpunkt

 der Beendigung: 18

 

Error - 18.10.2010 18:04:13 | Computer Name = Max-PC | Source = WinMgmt | ID = 10

Description = 

 

Error - 19.10.2010 14:32:35 | Computer Name = Max-PC | Source = WinMgmt | ID = 10

Description = 

 

[ System Events ]

Error - 30.10.2010 07:36:59 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 30.10.2010 09:29:29 | Computer Name = Max-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 30.10.2010 um 15:28:11 unerwartet heruntergefahren.

 

Error - 30.10.2010 09:29:38 | Computer Name = Max-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002

Description = 

 

Error - 30.10.2010 09:32:01 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 31.10.2010 07:37:16 | Computer Name = Max-PC | Source = Microsoft-Windows-ResourcePublication | ID = 1002

Description = 

 

Error - 31.10.2010 07:40:15 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 31.10.2010 09:17:31 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 31.10.2010 11:04:21 | Computer Name = Max-PC | Source = EventLog | ID = 6008

Description = Das System wurde zuvor am 31.10.2010 um 15:59:09 unerwartet heruntergefahren.

 

Error - 31.10.2010 11:08:15 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

Error - 31.10.2010 11:21:26 | Computer Name = Max-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001

Description = 

 

 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL logfile created on: 31.10.2010 17:52:10 - Run 1

OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Max\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18975)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 55,00% Memory free

6,00 Gb Paging File | 5,00 Gb Available in Paging File | 78,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 149,04 Gb Total Space | 75,12 Gb Free Space | 50,40% Space Free | Partition Type: NTFS

Drive D: | 139,28 Gb Total Space | 57,43 Gb Free Space | 41,23% Space Free | Partition Type: NTFS

 

Computer Name: MAX-PC | User Name: Max | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Max\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)

PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\ASUS\SmartLogon\sensorsrv.exe (ASUS)

PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()

PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()

PRC - C:\Windows\System32\libusbd-nt.exe (libusb-Win32)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Max\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (OMSI download service) -- d:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()

SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()

SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()

SRV - (ADSMService) -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe ()

SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()

SRV - (libusbd) -- C:\Windows\System32\libusbd-nt.exe (libusb-Win32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found

DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found

DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)

DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (GarenaPEngine) -- C:\Users\Max\AppData\Local\Temp\ZQNC2BB.tmp ()

DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)

DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()

DRV - (s0017mdm) -- C:\Windows\System32\drivers\s0017mdm.sys (MCCI Corporation)

DRV - (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM) -- C:\Windows\System32\drivers\s0017unic.sys (MCCI Corporation)

DRV - (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s0017mgmt.sys (MCCI Corporation)

DRV - (s0017obex) -- C:\Windows\System32\drivers\s0017obex.sys (MCCI Corporation)

DRV - (s0017bus) Sony Ericsson Device 0017 driver (WDM) -- C:\Windows\System32\drivers\s0017bus.sys (MCCI Corporation)

DRV - (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS) -- C:\Windows\System32\drivers\s0017nd5.sys (MCCI Corporation)

DRV - (s0017mdfl) -- C:\Windows\System32\drivers\s0017mdfl.sys (MCCI Corporation)

DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )

DRV - (lullaby) -- C:\Windows\system32\DRIVERS\lullaby.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)

DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)

DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)

DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)

DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)

DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)

DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)

DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)

DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)

DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)

DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)

DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)

DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)

DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)

DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)

DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)

DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)

DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)

DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)

DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)

DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)

DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)

DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)

DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)

DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)

DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()

DRV - (AsDsm) -- C:\Windows\System32\drivers\AsDsm.sys (Windows (R) Codename Longhorn DDK provider)

DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()

DRV - (ASMMAP) -- C:\Program Files\ATKGFNEX\ASMMAP.sys ()

DRV - (SiSGbeLH) -- C:\Windows\System32\drivers\SiSGB6.sys (Silicon Integrated Systems Corp.)

DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)

DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)

DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)

DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)

DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)

DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)

DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)

DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)

DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)

DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)

DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)

DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)

DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)

DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)

DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)

DRV - (libusb0) -- C:\Windows\System32\drivers\libusb0.sys ()

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer

IE - HKLM\..\URLSearchHook: {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = ASUSTeK Computer

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google

IE - HKCU\..\URLSearchHook: {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de6 Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.selectedEngine: "softonic-de6 Customized Web Search"

FF - prefs.js..browser.startup.homepage: "www.google.de"

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {c41dc498-e2f1-4803-bb90-0b2f20482e62}:2.7.2.0

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 4

FF - prefs.js..extensions.enabledItems: 9

FF - prefs.js..extensions.enabledItems: 1

FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=2&q="

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 14:11:48 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 14:11:48 | 000,000,000 | ---D | M]

 

[2009.10.23 14:54:15 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Extensions

[2010.10.31 15:58:01 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions

[2010.04.28 11:59:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.08.17 13:54:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2010.08.20 11:21:23 | 000,000,000 | ---D | M] (softonic-de6 Toolbar) -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}

[2009.11.25 22:53:37 | 000,000,000 | ---D | M] -- C:\Users\Max\AppData\Roaming\mozilla\Firefox\Profiles\6qrobfpg.default\extensions\firefox@tvunetworks.com

[2009.10.28 11:30:38 | 000,000,886 | ---- | M] () -- C:\Users\Max\AppData\Roaming\Mozilla\FireFox\Profiles\6qrobfpg.default\searchplugins\conduit.xml

[2010.10.31 15:58:01 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions

[2010.08.24 15:06:04 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010.10.11 21:39:09 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2010.10.11 21:39:09 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2010.10.11 21:39:09 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2010.10.11 21:39:09 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2010.10.11 21:39:09 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (softonic-de6 Toolbar) - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKLM\..\Toolbar: (softonic-de6 Toolbar) - {c41dc498-e2f1-4803-bb90-0b2f20482e62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de6 Toolbar) - {C41DC498-E2F1-4803-BB90-0B2F20482E62} - C:\Program Files\softonic-de6\tbsoft.dll (Conduit Ltd.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()

O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - d:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/de/scan8/oscan8.cab (BDSCANONLINE Control)

O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab (Minesweeper Flags Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 193.110.57.4 193.110.56.8

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Max\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{279da747-bf4b-11df-b6b6-a4a3d922f8eb}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found

O33 - MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\Shell - "" = AutoRun

O33 - MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AOMsetup.exe -- File not found

O33 - MountPoints2\H\Shell\directx\command - "" = H:\DirectX\dxsetup.exe -- File not found

O33 - MountPoints2\H\Shell\setup\command - "" = H:\AOMsetup.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.10.31 17:34:53 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe

[2010.10.31 15:16:40 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\Malwarebytes

[2010.10.31 15:16:31 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2010.10.31 15:16:29 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2010.10.31 15:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.10.31 15:16:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010.10.31 15:15:56 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Max\Desktop\mbam-setup-1.46.exe

[2010.10.28 19:07:15 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Anatomie Vorlesung

[2010.10.18 17:31:28 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Sunbelt Software

[2010.10.18 17:30:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}

[2010.10.18 17:26:50 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Roaming\BitComet

[2010.10.18 16:52:25 | 000,000,000 | ---D | C] -- C:\Users\Max\Documents\FIFA 11

[2010.10.18 14:49:38 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_41.dll

[2010.10.18 14:49:38 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_41.dll

[2010.10.18 14:49:37 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_41.dll

[2010.10.18 14:49:37 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_4.dll

[2010.10.18 14:49:37 | 000,069,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_3.dll

[2010.10.18 14:49:36 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_40.dll

[2010.10.18 14:49:36 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_40.dll

[2010.10.18 14:49:36 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_40.dll

[2010.10.18 14:49:36 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_4.dll

[2010.10.18 14:49:36 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_2.dll

[2010.10.18 14:49:36 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_6.dll

[2010.10.18 14:49:35 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_3.dll

[2010.10.18 14:49:35 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_3.dll

[2010.10.18 14:49:35 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_1.dll

[2010.10.18 14:49:35 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_5.dll

[2010.10.18 14:49:34 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_39.dll

[2010.10.18 14:49:34 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_39.dll

[2010.10.18 14:49:34 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_2.dll

[2010.10.18 14:49:34 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_39.dll

[2010.10.18 14:49:34 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_2.dll

[2010.10.18 14:49:33 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_38.dll

[2010.10.18 14:49:33 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAudio2_1.dll

[2010.10.18 14:49:33 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_38.dll

[2010.10.18 14:49:33 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine3_1.dll

[2010.10.18 14:49:33 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XAPOFX1_0.dll

[2010.10.18 14:49:33 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\X3DAudio1_4.dll

[2010.10.18 14:49:32 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DX9_38.dll

[2010.10.17 13:45:53 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL

[2010.10.17 13:45:38 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll

[2010.10.17 13:44:05 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2010.10.17 13:44:05 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2010.10.17 13:44:05 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2010.10.17 13:44:05 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2010.10.17 13:44:05 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2010.10.17 13:44:04 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2010.10.17 13:44:04 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2010.10.17 13:44:04 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2010.10.17 13:44:04 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2010.10.17 13:44:04 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2010.10.17 13:44:04 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2010.10.17 13:44:04 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2010.10.17 13:44:04 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2010.10.17 13:44:04 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2010.10.17 13:44:04 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2010.10.17 13:44:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2010.10.17 13:44:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2010.10.17 13:13:17 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll

[2010.10.17 13:12:57 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll

[2010.10.17 13:12:57 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll

[2010.10.17 13:12:39 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2010.10.17 13:12:20 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll

[2010.10.17 13:11:59 | 000,867,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll

[2010.10.17 13:07:02 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur

[2010.10.13 17:37:00 | 000,000,000 | ---D | C] -- C:\Users\Max\Desktop\Uni

[2010.10.06 21:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\BVRP Software

[2010.10.06 21:49:19 | 000,000,000 | ---D | C] -- C:\Users\Max\AppData\Local\Sony Ericsson

[2010.10.06 21:45:27 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeC66D.dll

[2010.10.06 21:45:25 | 000,114,600 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdm.sys

[2010.10.06 21:45:25 | 000,109,736 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017unic.sys

[2010.10.06 21:45:25 | 000,108,328 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mgmt.sys

[2010.10.06 21:45:25 | 000,104,616 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017obex.sys

[2010.10.06 21:45:25 | 000,086,824 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017bus.sys

[2010.10.06 21:45:25 | 000,026,024 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017nd5.sys

[2010.10.06 21:45:25 | 000,015,016 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017mdfl.sys

[2010.10.06 21:45:25 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017whnt.sys

[2010.10.06 21:45:25 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017wh.sys

[2010.10.06 21:45:25 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cmnt.sys

[2010.10.06 21:45:25 | 000,012,200 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cm.sys

[2010.10.06 21:45:25 | 000,010,792 | ---- | C] (MCCI Corporation) -- C:\Windows\System32\drivers\s0017cr.sys

[2010.10.06 21:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson

[2010.10.04 13:27:33 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010.10.04 13:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.10.04 13:25:02 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2010.10.04 13:20:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2008.06.03 07:41:51 | 000,015,928 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.10.31 17:34:57 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Max\Desktop\OTL.exe

[2010.10.31 17:33:57 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\joot.sys

[2010.10.31 16:24:52 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2010.10.31 16:24:52 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2010.10.31 16:24:52 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2010.10.31 16:24:52 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2010.10.31 16:17:48 | 000,000,435 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics

[2010.10.31 16:17:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2010.10.31 16:17:25 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2010.10.31 16:17:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010.10.31 16:17:15 | 3220,463,616 | -HS- | M] () -- C:\hiberfil.sys

[2010.10.31 15:16:33 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.10.31 15:16:08 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Max\Desktop\mbam-setup-1.46.exe

[2010.10.21 12:08:20 | 210,217,580 | ---- | M] () -- C:\Windows\MEMORY.DMP

[2010.10.20 23:01:05 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job

[2010.10.20 22:53:59 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat

[2010.10.20 22:53:59 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat

[2010.10.20 19:43:01 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini

[2010.10.20 11:28:19 | 000,041,984 | ---- | M] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.10.20 09:42:27 | 000,370,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2010.10.18 09:37:10 | 000,000,664 | ---- | M] () -- C:\Users\Max\Desktop\BitComet.lnk

[2010.10.10 16:10:24 | 000,024,064 | ---- | M] () -- C:\Users\Max\Documents\inet code.doc

[2010.10.06 21:45:27 | 000,148,736 | ---- | M] (Avanquest Software) -- C:\ProgramData\hpeC66D.dll

[2010.10.06 21:37:23 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

 
 ========== Files Created - No Company Name ==========

 

[2010.10.31 17:33:57 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\joot.sys

[2010.10.31 15:16:33 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010.10.20 09:43:29 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat

[2010.10.20 09:43:28 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat

[2010.10.18 09:37:12 | 000,000,664 | ---- | C] () -- C:\Users\Max\Desktop\BitComet.lnk

[2010.10.10 16:10:22 | 000,024,064 | ---- | C] () -- C:\Users\Max\Documents\inet code.doc

[2010.10.06 21:37:23 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

[2010.08.30 16:34:14 | 000,000,351 | ---- | C] () -- C:\ProgramData\hpzinstall.log

[2010.01.10 18:30:55 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys

[2009.11.28 02:51:57 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009.10.19 20:21:02 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.28 12:39:59 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini

[2009.08.03 14:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009.01.05 13:44:10 | 000,000,483 | ---- | C] () -- C:\Windows\bdoscandellang.ini

[2008.11.24 15:07:12 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt

[2008.11.23 19:53:07 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys

[2008.11.23 16:07:57 | 000,041,984 | ---- | C] () -- C:\Users\Max\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2008.11.03 17:08:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI

[2008.10.07 08:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.10.07 08:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 08:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.07.02 03:28:38 | 000,061,440 | ---- | C] () -- C:\Program Files\Common Files\CPInstallAction.dll

[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files\Common Files\banner.jpg

[2008.04.16 11:43:39 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini

[2008.03.09 15:01:07 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007.10.01 07:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys

[2007.06.12 18:34:50 | 000,035,822 | ---- | C] () -- C:\Program Files\Common Files\ASPG_icon.ico

[2007.05.09 08:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys

[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 11:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll

[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 

< End of report >

--- --- ---

Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

O33 - MountPoints2\{279da747-bf4b-11df-b6b6-a4a3d922f8eb}\Shell\AutoRun\command - "" = G:\Setup.exe -- File not found

O33 - MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\Shell - "" = AutoRun

O33 - MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found

O33 - MountPoints2\G\Shell - "" = AutoRun

O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe -- File not found

O33 - MountPoints2\H\Shell - "" = AutoRun

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AOMsetup.exe -- File not found

O33 - MountPoints2\H\Shell\directx\command - "" = H:\DirectX\dxsetup.exe -- File not found

O33 - MountPoints2\H\Shell\setup\command - "" = H:\AOMsetup.exe -- File not found

[2010.10.31 17:33:57 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\joot.sys

:Commands

[purity]

[resethosts]

[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Habe nach dem Neustart folgende Logfile erhalten:

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{279da747-bf4b-11df-b6b6-a4a3d922f8eb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{279da747-bf4b-11df-b6b6-a4a3d922f8eb}\ not found.
File G:\Setup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7685a9a1-aeb6-11df-9618-f80511326fe8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7685a9a1-aeb6-11df-9618-f80511326fe8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7685a9a1-aeb6-11df-9618-f80511326fe8}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AOMsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\DirectX\dxsetup.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\AOMsetup.exe not found.
File C:\Windows\System32\drivers\joot.sys not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Max
->Temp folder emptied: 7495313367 bytes
->Temporary Internet Files folder emptied: 227351164 bytes
->Java cache emptied: 1450934 bytes
->FireFox cache emptied: 98945438 bytes
->Opera cache emptied: 15060718 bytes
->Flash cache emptied: 349859 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 68109100 bytes
RecycleBin emptied: 0 bytes

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.

http://saved.im/mtm0nzyzmzd5/cofi.jpg

Dann folgende Anleitung durchlesen und abarbeiten -> CCleaner Systembereinigung

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Combofix Logfile:

Code:

ComboFix 10-10-31.04 - Max 01.11.2010  12:12:31.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2143 [GMT 1:00]

ausgeführt von:: c:\users\Max\Desktop\cofi.exe

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\programdata\hpeC66D.dll

c:\windows\system32\logs

c:\windows\system32\logs\cpu.log
 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-10-01 bis 2010-11-01  ))))))))))))))))))))))))))))))

.
 

2010-11-01 11:19 . 2010-11-01 11:20        --------        d-----w-        c:\users\Max\AppData\Local\temp

2010-11-01 11:19 . 2010-11-01 11:19        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-10-31 17:32 . 2010-10-31 17:32        --------        d-----w-        C:\_OTL

2010-10-31 14:16 . 2010-10-31 14:16        --------        d-----w-        c:\users\Max\AppData\Roaming\Malwarebytes

2010-10-31 14:16 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-31 14:16 . 2010-10-31 14:16        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-10-31 14:16 . 2010-10-31 14:16        --------        d-----w-        c:\programdata\Malwarebytes

2010-10-31 14:16 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-10-29 15:29 . 2010-10-07 23:21        6146896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1762D8E3-2206-46CC-9928-0EC8C9C30C33}\mpengine.dll

2010-10-18 16:31 . 2010-10-18 16:31        --------        d-----w-        c:\users\Max\AppData\Local\Sunbelt Software

2010-10-18 16:30 . 2010-10-18 16:30        --------        dc-h--w-        c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}

2010-10-18 16:26 . 2010-10-18 16:27        --------        d-----w-        c:\users\Max\AppData\Roaming\BitComet

2010-10-17 12:45 . 2010-09-13 13:56        168960        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe

2010-10-17 12:45 . 2010-09-13 13:56        8147456        ----a-w-        c:\windows\system32\wmploc.DLL

2010-10-17 12:45 . 2010-09-06 16:20        125952        ----a-w-        c:\windows\system32\srvsvc.dll

2010-10-17 12:45 . 2010-09-06 13:45        304128        ----a-w-        c:\windows\system32\drivers\srv.sys

2010-10-17 12:45 . 2010-09-06 13:45        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2010-10-17 12:45 . 2010-09-06 16:19        17920        ----a-w-        c:\windows\system32\netevent.dll

2010-10-17 12:45 . 2010-09-06 13:45        145408        ----a-w-        c:\windows\system32\drivers\srv2.sys

2010-10-17 12:13 . 2010-06-28 17:00        1316864        ----a-w-        c:\windows\system32\ole32.dll

2010-10-17 12:13 . 2010-06-28 14:54        339968        ----a-w-        c:\program files\Windows NT\Accessories\wordpad.exe

2010-10-17 12:13 . 2010-08-26 16:37        157184        ----a-w-        c:\windows\system32\t2embed.dll

2010-10-17 12:12 . 2010-08-31 15:46        954752        ----a-w-        c:\windows\system32\mfc40.dll

2010-10-17 12:12 . 2010-08-31 15:46        954288        ----a-w-        c:\windows\system32\mfc40u.dll

2010-10-17 12:12 . 2010-08-31 13:27        2038272        ----a-w-        c:\windows\system32\win32k.sys

2010-10-17 12:12 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll

2010-10-17 12:11 . 2010-08-20 16:05        867328        ----a-w-        c:\windows\system32\wmpmde.dll

2010-10-17 12:11 . 2010-08-31 15:44        531968        ----a-w-        c:\windows\system32\comctl32.dll

2010-10-17 12:07 . 2010-10-17 12:07        --------        d-----w-        c:\windows\CheckSur

2010-10-11 20:39 . 2010-10-24 11:24        16856        ----a-w-        c:\program files\Mozilla Firefox\plugin-container.exe

2010-10-11 20:39 . 2010-10-24 11:24        719832        ----a-w-        c:\program files\Mozilla Firefox\mozcpp19.dll

2010-10-06 20:49 . 2010-10-06 20:49        --------        d-----w-        c:\programdata\BVRP Software

2010-10-06 20:49 . 2010-10-06 20:49        --------        d-----w-        c:\users\Max\AppData\Local\Sony Ericsson

2010-10-04 12:27 . 2010-10-04 12:27        --------        d-----w-        c:\program files\iPod

2010-10-04 12:27 . 2010-10-04 12:28        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-10-04 12:20 . 2010-10-04 12:20        --------        d-----w-        c:\program files\Bonjour
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 09:41 . 2009-10-03 09:22        222080        ------w-        c:\windows\system32\MpSigStub.exe

2010-09-08 09:17 . 2010-09-08 09:17        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2010-08-17 14:11 . 2010-09-15 17:08        128000        ----a-w-        c:\windows\system32\spoolsv.exe

2008-07-02 02:28 . 2008-07-02 02:28        61440        ----a-w-        c:\program files\Common Files\CPInstallAction.dll

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c41dc498-e2f1-4803-bb90-0b2f20482e62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
 

[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]

2009-10-01 16:29        2166296        ----a-w-        c:\program files\softonic-de6\tbsoft.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c41dc498-e2f1-4803-bb90-0b2f20482e62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
 

[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C41DC498-E2F1-4803-BB90-0B2F20482E62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
 

[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2010-03-04 16:00        524632        ----a-w-        c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-17 06:24        40368        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]

2008-09-22 07:27        47672        ----a-w-        c:\windows\AsScrProlog.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

2008-09-22 07:27        33136        ----a-w-        c:\windows\ASScrPro.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSTPE]

2007-10-12 04:44        106496        ----a-w-        c:\windows\System32\ASUSTPE.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]

2008-06-25 02:01        159744        ----a-w-        c:\program files\ASUS\ATK Media\DMedia.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2008-07-19 02:52        104936        ----a-w-        c:\program files\CyberLink\Power2Go\CLMLSvc.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-12-13 17:10        1688872        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10        421160        ----a-w-        d:\program files\iTunes\iTunesHelper.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-06-09 17:16        2363392        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-12-03 12:21        2213160        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 12:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]

2008-06-14 01:11        210216        ----a-w-        c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-07-27 02:37        180224        ----a-w-        d:\program files\PowerISO\PWRISOVM.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-01-07 08:25        4853760        ----a-w-        c:\windows\RtHDVCpl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 13:15        13351304        ----a-r-        c:\program files\Skype\Phone\Skype.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2009-11-20 08:17        434176        ----a-w-        d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-01-21 19:17        61440        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 10:43        248040        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

2009-04-11 06:28        2153472        ----a-w-        c:\windows\System32\oobefldr.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2632993316-3478661033-708405078-1000]

"EnableNotificationsRef"=dword:00000003
 

R3 GarenaPEngine;GarenaPEngine;c:\users\Max\AppData\Local\Temp\ZQNC2BB.tmp [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-12-22 13224]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]

R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]

R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]

R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]

R4 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-23 64160]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-04 1029456]

S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners
 

2010-10-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:00]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - softonic-de6 Customized Web Search

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=2&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}\components\FFExternalAlert.dll

FF - component: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}\components\RadioWMPCore.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll

FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll

FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\program files\Veetle\Player\npvlc.dll

FF - plugin: d:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: d:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -
 

MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe

MSConfigStartUp-Getdo - c:\users\Max\AppData\Roaming\Adobe\Update\flacor.dat

MSConfigStartUp-isCfgWiz - c:\program files\Common Files\Symantec Shared\OPC\{C86EA115-FACD-4aa8-BFA2-398C677D0936}\SYMCUW.exe

MSConfigStartUp-MsnMsgr - c:\program files\MSN Messenger\MsnMsgr.Exe

MSConfigStartUp-SynTPEnh - c:\program files\Synaptics\SynTP\SynTPEnh.exe

AddRemove-Age of Mythology Expansion Pack 1.0 - d:\program files\Microsoft Games\Age of Mythology2\UNINSTAL.EXE
 
 
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-11-01 12:20

Windows 6.0.6002 Service Pack 2 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 
 

c:\windows\TEMP\TMP00000059161FB73ECF4C9B14 524288 bytes executable

C:\ADSM_PData_0150
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 2
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\users\Max\AppData\Local\Temp\ZQNC2BB.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Zeit der Fertigstellung: 2010-11-01  12:22:23

ComboFix-quarantined-files.txt  2010-11-01 11:22
 

Vor Suchlauf: 8 Verzeichnis(se), 88.068.800.512 Bytes frei

Nach Suchlauf: 12 Verzeichnis(se), 88.060.944.384 Bytes frei
 

- - End Of File - - 1936937D8FEEB8103868ED13788AAEE7

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:

Dirlook::

c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Combofix Logfile:

Code:

ComboFix 10-10-31.04 - Max 01.11.2010  18:55:20.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.2119 [GMT 1:00]

ausgeführt von:: c:\users\Max\Desktop\cofi.exe

Benutzte Befehlsschalter :: c:\users\Max\Desktop\CFScript.txt

SP: Lavasoft Ad-Watch Live! *disabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

.
 

(((((((((((((((((((((((   Dateien erstellt von 2010-10-01 bis 2010-11-01  ))))))))))))))))))))))))))))))

.
 

2010-11-01 18:02 . 2010-11-01 18:02        --------        d-----w-        c:\users\Max\AppData\Local\temp

2010-11-01 18:02 . 2010-11-01 18:02        --------        d-----w-        c:\users\Default\AppData\Local\temp

2010-11-01 11:10 . 2010-11-01 11:22        --------        d-----w-        C:\cofi

2010-10-31 17:32 . 2010-10-31 17:32        --------        d-----w-        C:\_OTL

2010-10-31 14:16 . 2010-10-31 14:16        --------        d-----w-        c:\users\Max\AppData\Roaming\Malwarebytes

2010-10-31 14:16 . 2010-04-29 14:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-31 14:16 . 2010-10-31 14:16        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-10-31 14:16 . 2010-10-31 14:16        --------        d-----w-        c:\programdata\Malwarebytes

2010-10-31 14:16 . 2010-04-29 14:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-10-29 15:29 . 2010-10-07 23:21        6146896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{1762D8E3-2206-46CC-9928-0EC8C9C30C33}\mpengine.dll

2010-10-18 16:31 . 2010-10-18 16:31        --------        d-----w-        c:\users\Max\AppData\Local\Sunbelt Software

2010-10-18 16:30 . 2010-10-18 16:30        --------        dc-h--w-        c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}

2010-10-18 16:26 . 2010-10-18 16:27        --------        d-----w-        c:\users\Max\AppData\Roaming\BitComet

2010-10-17 12:45 . 2010-09-13 13:56        168960        ----a-w-        c:\program files\Windows Media Player\wmplayer.exe

2010-10-17 12:45 . 2010-09-13 13:56        8147456        ----a-w-        c:\windows\system32\wmploc.DLL

2010-10-17 12:45 . 2010-09-06 16:20        125952        ----a-w-        c:\windows\system32\srvsvc.dll

2010-10-17 12:45 . 2010-09-06 13:45        304128        ----a-w-        c:\windows\system32\drivers\srv.sys

2010-10-17 12:45 . 2010-09-06 13:45        102400        ----a-w-        c:\windows\system32\drivers\srvnet.sys

2010-10-17 12:45 . 2010-09-06 16:19        17920        ----a-w-        c:\windows\system32\netevent.dll

2010-10-17 12:45 . 2010-09-06 13:45        145408        ----a-w-        c:\windows\system32\drivers\srv2.sys

2010-10-17 12:13 . 2010-06-28 17:00        1316864        ----a-w-        c:\windows\system32\ole32.dll

2010-10-17 12:13 . 2010-06-28 14:54        339968        ----a-w-        c:\program files\Windows NT\Accessories\wordpad.exe

2010-10-17 12:13 . 2010-08-26 16:37        157184        ----a-w-        c:\windows\system32\t2embed.dll

2010-10-17 12:12 . 2010-08-31 15:46        954752        ----a-w-        c:\windows\system32\mfc40.dll

2010-10-17 12:12 . 2010-08-31 15:46        954288        ----a-w-        c:\windows\system32\mfc40u.dll

2010-10-17 12:12 . 2010-08-31 13:27        2038272        ----a-w-        c:\windows\system32\win32k.sys

2010-10-17 12:12 . 2010-05-04 19:13        231424        ----a-w-        c:\windows\system32\msshsq.dll

2010-10-17 12:11 . 2010-08-20 16:05        867328        ----a-w-        c:\windows\system32\wmpmde.dll

2010-10-17 12:11 . 2010-08-31 15:44        531968        ----a-w-        c:\windows\system32\comctl32.dll

2010-10-17 12:07 . 2010-10-17 12:07        --------        d-----w-        c:\windows\CheckSur

2010-10-11 20:39 . 2010-11-01 15:55        16856        ----a-w-        c:\program files\Mozilla Firefox\plugin-container.exe

2010-10-11 20:39 . 2010-11-01 15:55        719832        ----a-w-        c:\program files\Mozilla Firefox\mozcpp19.dll

2010-10-06 20:49 . 2010-10-06 20:49        --------        d-----w-        c:\programdata\BVRP Software

2010-10-06 20:49 . 2010-10-06 20:49        --------        d-----w-        c:\users\Max\AppData\Local\Sony Ericsson

2010-10-04 12:27 . 2010-10-04 12:27        --------        d-----w-        c:\program files\iPod

2010-10-04 12:27 . 2010-10-04 12:28        --------        d-----w-        c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-10-04 12:20 . 2010-10-04 12:20        --------        d-----w-        c:\program files\Bonjour
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 09:41 . 2009-10-03 09:22        222080        ------w-        c:\windows\system32\MpSigStub.exe

2010-09-08 09:17 . 2010-09-08 09:17        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2010-09-08 09:17 . 2010-09-08 09:17        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2010-08-17 14:11 . 2010-09-15 17:08        128000        ----a-w-        c:\windows\system32\spoolsv.exe

2008-07-02 02:28 . 2008-07-02 02:28        61440        ----a-w-        c:\program files\Common Files\CPInstallAction.dll

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

.
 

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097} ----
 

2010-10-18 16:30 . 2010-10-18 16:30        454        -c--a-w-        c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.dat

2010-10-18 16:30 . 2010-10-18 16:30        8        -c--a-w-        c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.lan

2010-10-18 16:30 . 2010-10-18 16:30        5031        -c--a-w-        c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.par

2010-10-18 16:30 . 2010-10-18 16:30        90        -c--a-w-        c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\instance.dat

2010-10-18 16:30 . 2010-09-23 07:46        574219        -c--a-w-        c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\mia.lib

2010-10-18 16:30 . 2010-09-23 07:46        21611885        -c--a-w-        c:\programdata\{E961CE1B-C3EA-4882-9F67-F859B555D097}\Ad-AwareInstall.res
 
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{c41dc498-e2f1-4803-bb90-0b2f20482e62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
 

[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
 

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]

2009-10-01 16:29        2166296        ----a-w-        c:\program files\softonic-de6\tbsoft.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{c41dc498-e2f1-4803-bb90-0b2f20482e62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
 

[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{C41DC498-E2F1-4803-BB90-0B2F20482E62}"= "c:\program files\softonic-de6\tbsoft.dll" [2009-10-01 2166296]
 

[HKEY_CLASSES_ROOT\clsid\{c41dc498-e2f1-4803-bb90-0b2f20482e62}]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]

@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"

[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]

2007-06-02 00:08        143360        ----a-w-        c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-07 4853760]
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)
 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]

@="Service"
 

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup

backupExtension=.CommonStartup
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]

2010-03-04 16:00        524632        ----a-w-        c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-09-21 18:37        932288        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-17 06:24        40368        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Camera ScreenSaver]

2008-09-22 07:27        47672        ----a-w-        c:\windows\AsScrProlog.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

2008-09-22 07:27        33136        ----a-w-        c:\windows\ASScrPro.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSTPE]

2007-10-12 04:44        106496        ----a-w-        c:\windows\System32\ASUSTPE.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]

2008-06-25 02:01        159744        ----a-w-        c:\program files\ASUS\ATK Media\DMedia.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]

2008-07-19 02:52        104936        ----a-w-        c:\program files\CyberLink\Power2Go\CLMLSvc.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2007-12-13 17:10        1688872        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10        421160        ----a-w-        d:\program files\iTunes\iTunesHelper.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]

2008-06-09 17:16        2363392        ----a-w-        c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]

2007-12-03 12:21        2213160        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

2007-03-01 12:57        153136        ----a-w-        c:\program files\Common Files\Nero\Lib\NeroCheck.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2Go_Menu]

2008-06-14 01:11        210216        ----a-w-        c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2009-07-27 02:37        180224        ----a-w-        d:\program files\PowerISO\PWRISOVM.EXE
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]

2008-01-07 08:25        4853760        ----a-w-        c:\windows\RtHDVCpl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2010-09-02 13:15        13351304        ----a-r-        c:\program files\Skype\Phone\Skype.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]

2009-11-20 08:17        434176        ----a-w-        d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2008-01-21 19:17        61440        ----a-w-        c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-02-18 10:43        248040        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]

2009-04-11 06:28        2153472        ----a-w-        c:\windows\System32\oobefldr.dll
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]

2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001
 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2632993316-3478661033-708405078-1000]

"EnableNotificationsRef"=dword:00000003
 

R3 GarenaPEngine;GarenaPEngine;c:\users\Max\AppData\Local\Temp\ZQNC2BB.tmp [x]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2009-12-22 13224]

R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]

R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]

R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]

R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]

R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]

R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]

R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]

R4 OMSI download service;Sony Ericsson OMSI download service;d:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2009-04-23 64160]

S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2008-05-29 15416]

S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-09 108289]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-03-04 1029456]

S2 libusbd;LibUsb-Win32 - Daemon, Version 0.1.10.1;c:\windows\system32\libusbd-nt.exe [2005-03-09 18944]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2005-03-09 33792]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSGB6.sys [2007-06-20 47616]
 
 

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2008-06-09 17:14        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe

.

Inhalt des "geplante Tasks" Ordners
 

2010-10-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 16:00]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.de/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: Free YouTube to Mp3 Converter - c:\users\Max\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm

IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000

FF - ProfilePath - c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - softonic-de6 Customized Web Search

FF - prefs.js: browser.startup.homepage - Google

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2433020&SearchSource=2&q=

FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - component: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}\components\FFExternalAlert.dll

FF - component: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\{c41dc498-e2f1-4803-bb90-0b2f20482e62}\components\RadioWMPCore.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll

FF - plugin: c:\users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\6qrobfpg.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll

FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll

FF - plugin: d:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll

FF - plugin: d:\program files\DivX\DivX Web Player\npdivx32.dll

FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll

FF - plugin: d:\program files\Veetle\Player\npvlc.dll

FF - plugin: d:\program files\Veetle\plugins\npVeetle.dll

FF - plugin: d:\program files\Veetle\VLCBroadcast\npvbp.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true);  // Traditional

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true);  // Simplified

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2010-11-01 19:02

Windows 6.0.6002 Service Pack 2 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]

"ImagePath"="\??\c:\users\Max\AppData\Local\Temp\ZQNC2BB.tmp"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000
 

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
 

- - - - - - - > 'Explorer.exe'(5752)

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt.dll

c:\program files\ASUS\ASUS Data Security Manager\OverlayIconShlExt1.dll

.

Zeit der Fertigstellung: 2010-11-01  19:05:12

ComboFix-quarantined-files.txt  2010-11-01 18:05

ComboFix2.txt  2010-11-01 11:22
 

Vor Suchlauf: 12 Verzeichnis(se), 91.747.033.088 Bytes frei

Nach Suchlauf: 13 Verzeichnis(se), 90.582.298.624 Bytes frei
 

- - End Of File - - BCD0C36A54567290BB79BBBF8EA96789

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.

Doppelklick auf die MBRCheck.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool braucht nur eine Sekunde.
Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.

Poste mir bitte den Inhalt des .txt Dokumentes

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: ASUSTeK Computer Inc.
System Product Name: F5SR
Logical Drives Mask: 0x0000003c

Kernel Drivers (total 157):
0x8200C000 \SystemRoot\system32\ntkrnlpa.exe
0x823C5000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8047B000 \SystemRoot\system32\PSHED.dll
0x8048C000 \SystemRoot\system32\BOOTVID.dll
0x80494000 \SystemRoot\system32\CLFS.SYS
0x804D5000 \SystemRoot\system32\CI.dll
0x8060B000 \SystemRoot\system32\drivers\Wdf01000.sys
0x80687000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x80694000 \SystemRoot\system32\drivers\acpi.sys
0x806DA000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806E3000 \SystemRoot\system32\drivers\msisadrv.sys
0x806EB000 \SystemRoot\system32\drivers\pci.sys
0x80712000 \SystemRoot\System32\drivers\partmgr.sys
0x80721000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80724000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8072E000 \SystemRoot\system32\drivers\volmgr.sys
0x8073D000 \SystemRoot\System32\drivers\volmgrx.sys
0x80787000 \SystemRoot\system32\drivers\pciide.sys
0x8078E000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8079C000 \SystemRoot\System32\drivers\mountmgr.sys
0x807AC000 \SystemRoot\system32\drivers\atapi.sys
0x807B4000 \SystemRoot\system32\drivers\ataport.SYS
0x805B5000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D2000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E2000 \SystemRoot\System32\Drivers\AsDsm.sys
0x807EC000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x80600000 \SystemRoot\system32\DRIVERS\lullaby.sys
0x82608000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82679000 \SystemRoot\system32\drivers\ndis.sys
0x82784000 \SystemRoot\system32\drivers\msrpc.sys
0x827AF000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A20E000 \SystemRoot\System32\drivers\tcpip.sys
0x8A2F8000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A40A000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A51A000 \SystemRoot\system32\drivers\wd.sys
0x8A522000 \SystemRoot\system32\drivers\volsnap.sys
0x8A55B000 \SystemRoot\System32\Drivers\spldr.sys
0x8A563000 \SystemRoot\System32\Drivers\mup.sys
0x8A572000 \SystemRoot\System32\drivers\ecache.sys
0x8A599000 \SystemRoot\system32\drivers\disk.sys
0x8A5AA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A5CB000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A5F4000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A400000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8A313000 \SystemRoot\system32\DRIVERS\ATKACPI.sys
0x8A31B000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8DE0B000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x8E2D5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8E374000 \SystemRoot\System32\drivers\watchdog.sys
0x8E380000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E393000 \SystemRoot\system32\DRIVERS\kbfiltr.sys
0x8E39B000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E3A6000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E3B1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E3C9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8E3CF000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8A32A000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8E3D9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8E3E8000 \SystemRoot\system32\DRIVERS\SiSGB6.sys
0x8E404000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E4F4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E581000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E585000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E5B4000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E5F5000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8A368000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8DE00000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8A37F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8A3A2000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8A3B1000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8A3C5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8A3DA000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E400000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E604000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E62E000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E638000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E645000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E67A000 \SystemRoot\system32\drivers\libusb0.sys
0x8E688000 \SystemRoot\system32\drivers\usbd.sys
0x8E68A000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8EA00000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8E69B000 \SystemRoot\system32\drivers\portcls.sys
0x8E6C8000 \SystemRoot\system32\drivers\drmk.sys
0x8EC08000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8ED2E000 \SystemRoot\system32\drivers\modem.sys
0x8ED3B000 \SystemRoot\system32\drivers\MODEMCSA.sys
0x8ED45000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ED4E000 \SystemRoot\System32\Drivers\Null.SYS
0x8ED55000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ED5C000 \SystemRoot\System32\drivers\vga.sys
0x8ED68000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ED89000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ED91000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ED99000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EDA4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EDB2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EDBB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EDD1000 \SystemRoot\system32\DRIVERS\smb.sys
0x8E6ED000 \SystemRoot\system32\drivers\afd.sys
0x8E735000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EDE5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EBF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EC00000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8E767000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8E77A000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8E780000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x8E78E000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8E7CA000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E7D4000 \SystemRoot\System32\Drivers\dfsc.sys
0x8F008000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8F024000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x8F02D000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8F03D000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8F044000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8F046000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x8F04E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F05B000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F066000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x9140A000 \SystemRoot\system32\DRIVERS\snp2uvc.sys
0x915BB000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x915C8000 \SystemRoot\system32\DRIVERS\sncduvc.SYS
0x915CF000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x95E70000 \SystemRoot\System32\win32k.sys
0x915E1000 \SystemRoot\System32\drivers\Dxapi.sys
0x915EB000 \SystemRoot\system32\DRIVERS\monitor.sys
0x96090000 \SystemRoot\System32\TSDDD.dll
0x960B0000 \SystemRoot\System32\cdd.dll
0x8F06E000 \SystemRoot\system32\drivers\luafv.sys
0x8F089000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8F09D000 \SystemRoot\system32\drivers\spsys.sys
0x8F14D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F15D000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x91400000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F187000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8F19A000 \??\C:\Program Files\ATKGFNEX\ASMMAP.sys
0x9DE01000 \SystemRoot\system32\drivers\HTTP.sys
0x9DE6E000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9DE8B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9DEA4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9DEB9000 \SystemRoot\system32\drivers\mrxdav.sys
0x9DEDA000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9DEF9000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9DF32000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9DF4A000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9DF72000 \SystemRoot\System32\DRIVERS\srv.sys
0x9DFC0000 \??\C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
0x9A002000 \SystemRoot\system32\drivers\peauth.sys
0x9A0E0000 \SystemRoot\System32\Drivers\fastfat.SYS
0x9A108000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9A112000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9A11E000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x9A133000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x9A145000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x9A15B000 \SystemRoot\system32\DRIVERS\ipnat.sys
0x76E60000 \Windows\System32\ntdll.dll

Processes (total 63):
0 System Idle Process
4 System
516 C:\Windows\System32\smss.exe
664 csrss.exe
728 C:\Windows\System32\wininit.exe
740 csrss.exe
772 C:\Windows\System32\services.exe
788 C:\Windows\System32\lsass.exe
796 C:\Windows\System32\lsm.exe
820 C:\Windows\System32\winlogon.exe
988 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1104 C:\Windows\System32\svchost.exe
1204 C:\Windows\System32\Ati2evxx.exe
1264 C:\Windows\System32\svchost.exe
1292 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1384 C:\Windows\System32\audiodg.exe
1408 C:\Windows\System32\svchost.exe
1424 C:\Windows\System32\SLsvc.exe
1496 C:\Windows\System32\svchost.exe
1644 C:\Windows\System32\Ati2evxx.exe
1740 C:\Windows\System32\svchost.exe
1904 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
1912 C:\Windows\System32\wlanext.exe
528 C:\Windows\System32\spoolsv.exe
544 C:\Windows\System32\taskeng.exe
724 C:\Windows\System32\dwm.exe
1156 C:\Windows\explorer.exe
1416 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1604 C:\Windows\System32\svchost.exe
2076 C:\Windows\System32\taskeng.exe
2224 C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
2260 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
2272 C:\Windows\RtHDVCpl.exe
2428 C:\Program Files\ASUS\ASUS Live Update\ALU.exe
2444 C:\Windows\System32\agrsmsvc.exe
2468 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
2520 C:\Windows\System32\libusbd-nt.exe
2544 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
2624 C:\Windows\System32\svchost.exe
2744 C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
2760 C:\Windows\System32\svchost.exe
2876 C:\Windows\System32\svchost.exe
2904 C:\Windows\System32\SearchIndexer.exe
3352 WUDFHost.exe
3840 unsecapp.exe
3956 C:\Windows\System32\alg.exe
4032 WmiPrvSE.exe
3476 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
3952 C:\Windows\System32\mobsync.exe
872 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
792 C:\Program Files\Windows Live\Contacts\wlcomm.exe
1708 C:\Program Files\Skype\Phone\Skype.exe
4140 C:\Program Files\Skype\Plugin Manager\skypePM.exe
2980 C:\Windows\System32\SearchProtocolHost.exe
1968 C:\Program Files\Internet Explorer\iexplore.exe
4288 C:\Program Files\Internet Explorer\iexplore.exe
4904 C:\Program Files\Internet Explorer\iexplore.exe
4580 C:\Windows\System32\SearchFilterHost.exe
5116 <unknown>
4688 C:\Windows\System32\conime.exe
4164 C:\Users\Max\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71167600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000027`b3aef400 (NTFS)

PhysicalDrive0 Model Number: ST9320320AS, Rev: 0303

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 16FACB29D75458833E397367B1DA17929157C2B3

Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit: