Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Laggs bei banalen Dingen, Logfile checken (https://www.trojaner-board.de/93886-laggs-banalen-dingen-logfile-checken.html)

FNi 18.12.2010 13:01
Laggs bei banalen Dingen, Logfile checken
 
Hallo, ich habe seit einiger Zeit Performance Schwächen meines PCs, die definitiv nicht normal sind, dies äußert sich bei banalsten Dingen, wie das öffnen von mehreren Tabs im Browser oder beim Spielen von eigentlich nicht aufwendigen Spielen (z.B. Counterstrike 1.6)
Wäre schön wenn jemand mein File mal checken könnte und oder mir ein Paar Tipps geben könnte was ich noch machen kann.

ogfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:51:34, on 18.12.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\FNi\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\FNi\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SBCONVERT - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O2 - BHO: SearchPredictObj Class - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\PROGRA~2\SEARCH~2\SEARCH~1.DLL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O2 - BHO: GrabberObj Class - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~2\SPEEDB~1\Toolbar\grabber.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: SpeedBit Video Downloader - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RssReader] C:\Users\FNi\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe /Autostart
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O10 - Unknown file in Winsock LSP: c:\progra~2\speedb~2\sblsp.dll
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{75AD296B-0990-41E5-BC0F-03779B81B7D4}: NameServer = 192.168.0.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7E444FE6-C9F9-476C-8BF7-CB953FF2897D}: NameServer = 192.168.0.5
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10068 bytes

cosinus 20.12.2010 10:50
Hallo und :hallo:

Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

FNi 20.12.2010 14:19
Malwarebytes Log:

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.12.2010 12:21:11
mbam-log-2010-12-20 (12-21-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 165746
Laufzeit: 2 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


OTL Log 1:OTL Logfile:
Code:
OTL logfile created on: 20.12.2010 13:51:00 - Run 1
OTL by OldTimer - Version 3.2.17.4    Folder = C:\Users\XXX\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 46,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,69 Gb Total Space | 64,09 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 11,30 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
Drive F: | 68,36 Gb Total Space | 0,02 Gb Free Space | 0,03% Space Free | Partition Type: NTFS
 
Computer Name: XXX | User Name: XXX  | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - E:\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\QIP 2010\qip.exe (QIP)
PRC - C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Users\XXX\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe (QlikWorld BV)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\XXX\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\SysWOW64\normaliz.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE ()
SRV:64bit: - (STacSV) -- C:\WINDOWS\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (AMD External Events Utility) -- C:\WINDOWS\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (O2FLASH) -- C:\WINDOWS\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (GameConsoleService) -- C:\Program Files (x86)\WildTangent\Dell Games\Dell Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS)
SRV - (VideoAcceleratorService) -- C:\Program Files (x86)\SpeedBit Video Accelerator\VideoAcceleratorService.exe (Speedbit Ltd.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService) -- C:\Programme\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe (SupportSoft, Inc.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\WINDOWS\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avipbb) -- C:\WINDOWS\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (atksgt) -- C:\WINDOWS\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\WINDOWS\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (UsbserFilt) -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltx64j.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\WINDOWS\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdcx64) -- C:\WINDOWS\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (nmwcdx64) -- C:\WINDOWS\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (acedrv11) -- C:\WINDOWS\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (sptd) -- C:\WINDOWS\SysNative\drivers\sptd.sys ()
DRV:64bit: - (sdbus) -- C:\WINDOWS\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (Acceler) -- C:\WINDOWS\SysNative\drivers\Acceler.sys (ST Microelectronics)
DRV:64bit: - (BCM42RLY) -- C:\WINDOWS\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\WINDOWS\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (amdsata) -- C:\WINDOWS\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\WINDOWS\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\WINDOWS\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\WINDOWS\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\WINDOWS\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\WINDOWS\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (STHDA) -- C:\WINDOWS\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (SynTP) -- C:\WINDOWS\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (atikmdag) -- C:\WINDOWS\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (CtClsFlt) -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys (Creative Technology Ltd.)
DRV:64bit: - (Ntfs) -- C:\WINDOWS\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\WINDOWS\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\WINDOWS\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (iaStor) -- C:\WINDOWS\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (O2MDGRDR) -- C:\WINDOWS\SysNative\drivers\o2mdgx64.sys (O2Micro )
DRV:64bit: - (pccsmcfd) -- C:\WINDOWS\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (WimFltr) -- C:\WINDOWS\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (DrvAgent64) -- C:\WINDOWS\SysWOW64\drivers\DrvAgent64.SYS (Phoenix Technologies)
DRV - (RTCore64) -- C:\Program Files (x86)\RMClock\RTCore64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {5B52016C-D097-4aec-BE61-9F129D8FDDBA}:2.0
FF - prefs.js..extensions.enabledItems: {71328583-3CA7-4809-B4BA-570A85818FBB}:0.6.3
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26
FF - prefs.js..extensions.enabledItems: {0329E7D6-6F54-462D-93F6-F5C3118BADF2}:2.2.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: vshare@toolbar:1.0.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files (x86)\Nokia\Nokia PC Suite 7\bkmrksync\ [2010.01.23 12:07:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.04.12 14:12:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SpeedBit Video Downloader\SPFireFox [2010.06.27 11:43:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.12.11 23:39:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.12.10 19:47:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.12.11 15:21:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.10.21 14:26:54 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.04.12 14:12:30 | 000,000,000 | ---D | M]
 
[2009.12.31 18:59:50 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions
[2009.12.31 18:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.12.20 12:05:51 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions
[2010.02.21 16:31:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
[2010.03.28 22:39:28 | 000,000,000 | ---D | M] (CacheViewer) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
[2010.12.10 19:47:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.09.26 17:57:01 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\firefox@tvunetworks.com
[2010.10.03 15:55:39 | 000,000,000 | ---D | M] -- C:\Users\XXX\AppData\Roaming\mozilla\Firefox\Profiles\9qjppzno.default\extensions\vshare@toolbar
[2010.09.10 18:28:10 | 000,001,574 | ---- | M] () -- C:\Users\XXX\AppData\Roaming\Mozilla\FireFox\Profiles\9qjppzno.default\searchplugins\bing.xml
[2010.12.20 12:05:51 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.10.21 14:00:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.09.15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.25 01:44:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.25 01:44:54 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.25 01:44:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.25 01:44:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.25 01:44:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.10.15 17:33:07 | 000,422,541 | R--- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com

O1 - Hosts: 14567 more lines...
O2 - BHO: (SBCONVERT Class) - {3017FB3E-9A77-4396-88C5-0EC9548FB42F} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O2 - BHO: (SearchPredictObj Class) - {389943B0-C3A2-4E69-82CB-8596A84CB3DC} - C:\Program Files (x86)\SearchPredict\SearchPredict.dll (Speedbit Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (GrabberObj Class) - {FF7C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\Grabber.dll (Speedbit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (SpeedBit Video Downloader) - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - C:\Program Files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Dell\Dell Wireless WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [QuickSet] C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [RssReader] C:\Users\XXX\AppData\Roaming\Qlikworld\RSSReader\RSSReader.exe (QlikWorld BV)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk = C:\Program Files (x86)\Dell\DellDock\DellDock.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\Shell - "" = AutoRun
O33 - MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.20 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\Malwarebytes
[2010.12.20 12:16:21 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.12.20 12:16:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.12.20 12:16:16 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.12.20 12:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.12.17 15:18:01 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Rockstar Games
[2010.12.15 17:26:45 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.12.15 17:26:45 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.12.15 17:26:45 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.12.15 17:26:45 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.12.15 17:26:45 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.12.15 17:26:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.12.15 17:26:45 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.12.15 17:26:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.12.15 17:26:44 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.12.15 17:26:44 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.12.15 17:26:44 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.12.15 17:26:44 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.12.15 17:26:44 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.12.15 17:26:44 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.12.15 17:26:09 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2010.12.15 17:26:09 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2010.12.15 17:26:09 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2010.12.15 17:26:09 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2010.12.15 17:26:09 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2010.12.15 17:26:09 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2010.12.15 17:26:09 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2010.12.15 17:26:09 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2010.12.15 17:25:59 | 000,367,104 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.12.15 17:25:59 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.12.15 17:25:59 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010.12.15 17:25:59 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010.12.15 17:25:41 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2010.12.15 17:25:41 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2010.12.15 17:25:40 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2010.12.11 01:23:24 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\ManyCam
[2010.12.11 01:23:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\ManyCam
[2010.12.11 01:23:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ManyCam
[2010.12.06 15:20:05 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Octoshape
[2010.12.01 17:56:13 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\ArcaniA - Gothic 4
[2010.12.01 17:45:37 | 000,000,000 | ---D | C] -- C:\GAMES
[2010.12.01 17:45:15 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Local\Oblivion
[2010.12.01 17:45:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.11.25 18:08:41 | 000,000,000 | ---D | C] -- C:\Users\XXX\Documents\Criterion Games
[2010.11.25 18:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.11.25 18:08:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2010.11.25 17:58:53 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.11.25 17:58:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.11.25 17:58:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.11.25 17:58:53 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.11.25 17:58:53 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.11.25 17:58:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.11.25 17:58:53 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.11.25 17:58:53 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.11.25 17:58:52 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2010.11.25 17:58:52 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2010.11.25 17:58:52 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2010.11.25 17:58:52 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2010.11.25 17:58:51 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2010.11.25 17:58:51 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2010.11.25 17:58:49 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2010.11.25 17:58:49 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2010.11.25 17:58:49 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2010.11.25 17:58:49 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2010.11.25 17:58:48 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2010.11.25 17:58:48 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2010.11.25 17:58:48 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2010.11.25 17:58:45 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2010.11.25 17:58:45 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2010.11.25 17:58:42 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2010.11.25 17:58:42 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2010.11.25 17:58:42 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2010.11.25 17:58:42 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2010.11.25 17:58:42 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2010.11.25 17:58:42 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2010.11.25 17:58:42 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2010.11.25 17:58:42 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2010.11.25 17:58:41 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2010.11.25 17:58:41 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2010.11.25 17:58:41 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2010.11.25 17:58:41 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2010.11.25 17:58:40 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2010.11.25 17:58:40 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2010.11.25 17:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Solidshield
[2010.11.21 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\PCDr
[2010.07.11 13:06:44 | 000,061,440 | ---- | C] ( ) -- C:\Windows\SysWow64\csnpstd.dll
[2010.07.11 13:06:44 | 000,040,960 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd.dll
[2010.07.11 13:06:44 | 000,036,864 | ---- | C] ( ) -- C:\Windows\SysWow64\vsnpstd.dll
[2010.01.05 00:03:16 | 008,653,312 | ---- | C] (Dell, Inc.                                                  ) -- C:\Users\XXX\AppData\Roaming\DataSafeDotNet.exe
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.20 13:46:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.12.20 12:16:21 | 000,001,089 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.20 11:10:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.20 11:10:12 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.20 11:04:21 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.12.20 11:02:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.20 11:02:31 | 3217,264,640 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.18 12:28:08 | 000,007,628 | ---- | M] () -- C:\Users\XXX\AppData\Local\resmon.resmoncfg
[2010.12.17 15:06:22 | 001,480,664 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.12.17 15:06:22 | 000,647,366 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.12.17 15:06:22 | 000,610,094 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.12.17 15:06:22 | 000,127,412 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.12.17 15:06:22 | 000,104,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.12.16 13:49:12 | 000,400,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.12.12 21:10:20 | 000,057,344 | ---- | M] () -- C:\Users\XXX\Desktop\Abizeitung 2011_Vorlage Schülerprofil.doc
[2010.12.12 15:47:40 | 000,003,562 | ---- | M] () -- C:\Users\XXX\Desktop\cc_20101212_154735.reg
[2010.12.11 01:23:26 | 000,001,053 | ---- | M] () -- C:\Users\XXX\Desktop\ManyCam.lnk
[2010.12.07 22:20:43 | 000,010,132 | ---- | M] () -- C:\Users\XXX\Desktop\img054.gif
[2010.12.04 13:24:18 | 000,000,023 | ---- | M] () -- C:\Windows\BlendSettings.ini
[2010.12.03 18:29:35 | 000,481,110 | ---- | M] () -- C:\Users\XXX\Desktop\Foto0242.jpg
[2010.12.02 20:58:27 | 000,074,852 | ---- | M] () -- C:\Users\XXX\Desktop\Unbenannt.jpg
[2010.12.01 17:51:26 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2010.11.29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.11.29 17:42:06 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.11.27 12:55:35 | 000,030,208 | ---- | M] () -- C:\Users\XXX\Desktop\suicide.doc
[2010.11.22 16:54:58 | 000,083,120 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.11.21 21:41:47 | 000,008,519 | ---- | M] () -- C:\Users\XXX\Desktop\123.png
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.12.20 12:16:21 | 000,001,089 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.12.12 15:47:37 | 000,003,562 | ---- | C] () -- C:\Users\XXX\Desktop\cc_20101212_154735.reg
[2010.12.11 01:23:26 | 000,001,053 | ---- | C] () -- C:\Users\XXX\Desktop\ManyCam.lnk
[2010.12.07 22:20:42 | 000,010,132 | ---- | C] () -- C:\Users\XXX\Desktop\img054.gif
[2010.12.04 13:22:47 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.12.03 18:29:34 | 000,481,110 | ---- | C] () -- C:\Users\XXX\Desktop\Foto0242.jpg
[2010.12.02 20:58:27 | 000,074,852 | ---- | C] () -- C:\Users\XXX\Desktop\Unbenannt.jpg
[2010.12.01 17:51:26 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\Oblivion.lnk
[2010.11.27 12:38:43 | 000,030,208 | ---- | C] () -- C:\Users\XXX\Desktop\suicide.doc
[2010.11.24 19:25:26 | 000,057,344 | ---- | C] () -- C:\Users\XXX\Desktop\Abizeitung 2011_Vorlage Schülerprofil.doc
[2010.11.21 21:40:25 | 000,008,519 | ---- | C] () -- C:\Users\XXX\Desktop\123.png
[2010.07.11 13:06:52 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\dsnpstd.dll
[2010.07.11 13:06:52 | 000,015,541 | ---- | C] () -- C:\Windows\snpstd.ini
[2010.07.11 13:06:46 | 000,301,824 | ---- | C] () -- C:\Windows\SysWow64\drivers\snpstd.sys
[2010.04.21 15:17:28 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.12 14:13:56 | 000,005,120 | ---- | C] () -- C:\Users\XXX\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.02 18:31:34 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.02.22 20:57:05 | 000,000,048 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.02.22 20:11:59 | 000,025,600 | ---- | C] () -- C:\Users\XXX\AppData\Local\WebpageIcons.db
[2010.02.10 15:35:11 | 000,007,628 | ---- | C] () -- C:\Users\XXX\AppData\Local\resmon.resmoncfg
[2010.01.10 12:25:23 | 000,002,458 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\wklnhst.dat
[2010.01.02 13:08:49 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll
[2010.01.01 23:55:36 | 000,001,050 | ---- | C] () -- C:\Users\XXX\AppData\Local\yuvtools3.ini
[2010.01.01 23:55:36 | 000,000,255 | ---- | C] () -- C:\Users\XXX\AppData\Roaming\yuv_file_history3.ini
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2003.02.20 16:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI

< End of report >
--- --- ---

Log 2 (Extras):OTL Logfile:
Code:
OTL Extras logfile created on: 20.12.2010 13:51:00 - Run 1
OTL by OldTimer - Version 3.2.17.4    Folder = C:\Users\XXX\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 46,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 146,69 Gb Total Space | 64,09 Gb Free Space | 43,69% Space Free | Partition Type: NTFS
Drive E: | 68,36 Gb Total Space | 11,30 Gb Free Space | 16,53% Space Free | Partition Type: NTFS
Drive F: | 68,36 Gb Total Space | 0,02 Gb Free Space | 0,03% Space Free | Partition Type: NTFS
 
Computer Name: XXXMOBIL | User Name: XXX | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{8CBBBC4D-B0B6-49DB-A421-98C65080D8EE}" = Eraser 6.0.7.1893
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{E461C0B2-523B-2940-C5DF-D174284CE609}" = ccc-utility64
"{E60B7350-EA5F-41E0-9D6F-E508781E36D2}" = Dell Dock
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F0E2B312-D7FD-4349-A9B6-E90B36DB1BD1}" = Paint.NET v3.5.5
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows-Treiberpaket - Nokia Modem  (10/05/2009 4.2)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.4)
"CCleaner" = CCleaner
"Dell Wireless WLAN Card Utility" = Dell Wireless WLAN Card Utility
"DriverAgent.exe" = DriverAgent by eSupport.com
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{03CFDC67-5B03-EE5C-4176-F545B0D2F485}" = CCC Help Korean
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{071F3745-E389-4345-86DF-E80B55446FCE}" = FC Bayern München - NewsBox
"{0A2AC888-61DC-CD55-5969-8602A7E9716D}" = CCC Help Italian
"{0CF884B6-C6D8-EB7B-D2BF-2877C6F49EBC}" = CCC Help Swedish
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{185CC275-907C-0D83-B0C2-7B065C5108D8}" = CCC Help Chinese Traditional
"{1ACF68E6-888C-4182-89F7-C10F8C8F3026}" = Sitecom USB EasyCam VP-001
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2ED967AD-FBB0-5355-F5F2-E7A03AAD4F71}" = Catalyst Control Center Localization All
"{30FA0F5C-B1A9-39EB-8148-3D574C0C8332}" = Catalyst Control Center Graphics Previews Common
"{35852FDE-7263-23EA-435F-44E4B61996D0}" = CCC Help Japanese
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{38ADB9A6-798C-11D6-A855-00105A80791C}" = OKI Network Extension
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A07247E-0645-8BCF-8419-FD857790108D}" = Skins
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{4186FEBC-F0CC-4185-A406-24292BC9877A}" = Nokia Software Updater
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{445F6C1F-C48F-0CC9-A030-040D3EA42C93}" = Catalyst Control Center Graphics Full New
"{46E08E5F-02B4-E854-CD4F-ED3E4FEBE122}" = CCC Help French
"{47A0A80F-8DC0-43EB-B9B4-36FD86979DF7}" = Nokia Connectivity Cable Driver
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E1CD3D5-D4EE-4246-AE24-F0FD5A60390D}" = OviMPlatform
"{4FFD1AB4-54F0-4069-88D9-3A55B38F874B}" = Nokia Ovi Suite Software Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5A841BCF-1C5B-E3DA-9475-892CA6576425}" = CCC Help Finnish
"{5B8741B6-4BEA-47D3-DB77-959C7FF35B39}" = Catalyst Control Center Graphics Full Existing
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FA16D15-FA5B-7F0F-7CBB-369E1E2937C9}" = CCC Help Spanish
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60DED9C2-22BF-47A3-B6C8-6B141BA31DFD}" = Ovi Desktop Sync Engine
"{61F27C5E-5274-0DB8-67CC-5253C6CF2B93}" = CCC Help Dutch
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6625CE8F-6E89-561F-D828-1B8535DEEBB6}" = Catalyst Control Center Core Implementation
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD DX
"{69533745-1E2D-4C98-8B4A-B7643EF9E1A2}" = Catalyst Control Center - Branding
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D0042A0-9064-4C7F-B906-3EAC4427EE07}_is1" = Counter-Strike Source DZ
"{6D2CCC4B-007D-EEE7-3E69-578B178A7B91}" = Catalyst Control Center Graphics Previews Vista
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71E3D92F-2C51-B4E9-F2B6-EAF89C33E580}" = CCC Help Portuguese
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77F218D6-EAF4-402C-36B1-C3F0EC62598D}" = ccc-core-static
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{81B2907E-0F93-4217-8840-A217EF59A244}" = PC Connectivity Solution
"{821D6F49-1B20-4809-8C73-286CFC52B1B1}" = Samsung Auto Backup
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed(TM) Hot Pursuit
"{86C527CC-4AF2-903C-7BFF-5975272CC645}" = Catalyst Control Center InstallProxy
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DDFDDE9-C206-F32E-66AD-D17558D7677E}" = CCC Help German
"{8E4220D2-A4F2-404D-9A36-C89551F1783B}_is1" = Mafia II (With Shitty Crack)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}" = Nokia PC Suite
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{A2A4AC67-DC60-A92B-DD50-65BEE8FA8D71}" = CCC Help Russian
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B9C5005C-56CA-38E4-A093-79F22ECA0427}" = CCC Help Norwegian
"{BCAF3D46-3BDA-441F-97B9-3878ACD0CD4F}_is1" = Half-Life 2 (Addon) DZ
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{d06a1cff-acf5-4d4e-a996-68df4a7bae98}" = Nero 9 Lite
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DC93F14E-D2C9-D6D1-31B6-D31AC2AD3BB0}" = Catalyst Control Center Graphics Light
"{DEE1E2E5-B553-4F88-9DE7-23CBEA5D739C}" = Nokia Ovi Suite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6E0F53B-B7B8-E052-5C32-76C885536A3E}" = CCC Help Danish
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F7FE3C6E-ECB8-0853-584F-BE19BA05B1B8}" = CCC Help Chinese Standard
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{FCC49808-C684-FEFA-3C02-46A04A7C9EBD}" = CCC Help English
"{FE83F463-7E61-4B18-9FA0-B94B90A0B6B9}" = Nero Burning ROM 10
"30_is1" = Speed Limiter
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Avira AntiVir Desktop" = Avira AntiVir Premium
"AVS Disc Creator_is1" = AVS Disc Creator version 3.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVSCoverEditor_AVS4YOU_is1" = AVS Cover Editor 1.3.1.96 (AVS4YOU)
"CloneDVDmobile" = CloneDVDmobile
"CrystalDiskInfo_is1" = CrystalDiskInfo 3.5.6
"Dell Webcam Central" = Dell Webcam Central
"DivX Setup.divx.com" = DivX-Setup
"DynaGeo_is1" = DynaGeo 3.5b
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.30
"Fallout New Vegas_is1" = Fallout New Vegas
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.3
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GeoGebra" = GeoGebra
"jv16 PowerTools 2009_is1" = jv16 PowerTools 2009
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"ManyCam" = ManyCam 2.6.25 (remove only)
"Medal Of Honor 2010.Limited Edition_is1" = Medal Of Honor 2010.Limited Edition
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"Nokia Ovi Suite" = Nokia Ovi Suite
"Nokia PC Suite" = Nokia PC Suite
"OpenAL" = OpenAL
"Pontifex Demo" = Pontifex Demo
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"rfnet MoBaVer_is1" = rfnet MoBaVer 0.50.006
"SopCast" = SopCast 3.2.4
"SpeedBit Video Accelerator" = SpeedBit Video Accelerator
"SpeedBit Video Downloader" = SpeedBit Video Downloader
"Steam App 260" = Counter-Strike: Source Beta
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.17
"VLC media player" = VLC media player 1.0.3
"WildTangent dell Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"YUV Player Deluxe" = YUV Player Deluxe
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"22abf9dde03b3b37" = Seesmic for Windows
"Octoshape Streaming Services" = Octoshape Streaming Services
"QIP 2010" = QIP 2010 10.10.11.4237
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
"WinBubble" = WinBubble
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.12.2010 07:04:06 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.12.2010 07:04:11 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 11.12.2010 08:35:29 | Computer Name = XXXMobil | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3989 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13cc    Startzeit:
 01cb99235592df12    Endzeit: 34    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 1dd7df69-0523-11e0-9a26-0026b99bdba6 
 
Error - 11.12.2010 12:45:10 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.12.2010 06:24:53 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.12.2010 06:24:53 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.12.2010 06:25:03 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.12.2010 10:27:51 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.12.2010 10:27:51 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.12.2010 10:28:01 | Computer Name = XXXMobil | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Broadcom Wireless LAN Events ]
Error - 12.12.2010 10:28:05 | Computer Name = XXXMobil | Source = WLAN-Tray | ID = 0
Description = 15:28:05, Sun, Dec 12, 10 Error - Unable to gain access to user store

 
[ Dell Events ]
Error - 07.01.2010 07:02:04 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
 
Error - 07.01.2010 07:02:04 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
 
Error - 07.01.2010 07:22:09 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
 
Error - 07.01.2010 07:22:09 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
 
Error - 07.01.2010 07:22:25 | Computer Name = XXXMobil | Source = DataSafe | ID = 3
Description = Fehlgeschlagen oder abgebrochen
 
Error - 29.09.2010 12:23:04 | Computer Name = XXXMobil | Source = DataSafe | ID = 17
Description = Der Vorgang wurde unterbrochen, bevor er abgeschlossen werden konnte.
 
[ Media Center Events ]
Error - 26.01.2010 08:43:10 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 13:43:10 - MCESpotlight konnte nicht abgerufen werden (Fehler: Die
 Verbindung mit dem Remoteserver kann nicht hergestellt werden.) 
 
Error - 30.06.2010 08:06:10 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 14:06:10 - Fehler beim Herstellen der Internetverbindung.  14:06:10
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.06.2010 08:06:21 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 14:06:15 - Fehler beim Herstellen der Internetverbindung.  14:06:15
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.06.2010 09:11:27 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 15:11:27 - Fehler beim Herstellen der Internetverbindung.  15:11:27
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.06.2010 09:11:59 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 15:11:56 - Fehler beim Herstellen der Internetverbindung.  15:11:56
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.06.2010 10:12:34 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 16:12:34 - Fehler beim Herstellen der Internetverbindung.  16:12:34
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.06.2010 10:13:06 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 16:13:03 - Fehler beim Herstellen der Internetverbindung.  16:13:03
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.06.2010 11:13:39 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 17:13:39 - Fehler beim Herstellen der Internetverbindung.  17:13:39
-    Serververbindung konnte nicht hergestellt werden.. 
 
Error - 30.06.2010 11:14:11 | Computer Name = XXXMobil | Source = MCUpdate | ID = 0
Description = 17:14:09 - Fehler beim Herstellen der Internetverbindung.  17:14:09
-    Serververbindung konnte nicht hergestellt werden.. 
 
[ System Events ]
Error - 18.12.2010 07:29:33 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 18.12.2010 07:30:25 | Computer Name = XXXMobil | Source = DCOM | ID = 10016
Description =
 
Error - 18.12.2010 07:49:21 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 18.12.2010 07:50:41 | Computer Name = XXXMobil | Source = DCOM | ID = 10016
Description =
 
Error - 18.12.2010 16:54:39 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 19.12.2010 06:39:00 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 19.12.2010 10:00:46 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
Error - 19.12.2010 10:24:57 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 19.12.2010 15:20:31 | Computer Name = XXXMobil | Source = ACPI | ID = 327693
Description = : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen
 Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware
 hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie
den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen
 Situationen zur Folge haben, dass der Computer fehlerhaft läuft.
 
Error - 20.12.2010 06:03:00 | Computer Name = XXXMobil | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira AntiVir MailGuard" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%1.
 
 
< End of report >
--- --- ---


Danke

cosinus 20.12.2010 14:47
Zitat:
Art des Suchlaufs: Quick-Scan
Vollscan war extra fett geschrieben! :D

FNi 20.12.2010 15:58
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

20.12.2010 15:56:59
mbam-log-2010-12-20 (15-56-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 400660
Laufzeit: 45 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


Sorry :headbang:

cosinus 20.12.2010 19:57
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - prefs.js..network.proxy.backup.ftp: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ftp_port: 9666
FF - prefs.js..network.proxy.backup.gopher: "127.0.0.1"
FF - prefs.js..network.proxy.backup.gopher_port: 9666
FF - prefs.js..network.proxy.backup.socks: "127.0.0.1"
FF - prefs.js..network.proxy.backup.socks_port: 9666
FF - prefs.js..network.proxy.backup.ssl: "127.0.0.1"
FF - prefs.js..network.proxy.backup.ssl_port: 9666
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 9666
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 9050
FF - prefs.js..network.proxy.socks_remote_dns: true
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 9666
FF - prefs.js..network.proxy.type: 0
O4 - HKCU..\Run: []  File not found
O33 - MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\Shell - "" = AutoRun
O33 - MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
[2010.11.21 14:35:19 | 000,000,000 | ---D | C] -- C:\Users\XXX\AppData\Roaming\PCDr
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

FNi 20.12.2010 22:37
All processes killed
========== OTL ==========
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ftp
Prefs.js: 9666 removed from network.proxy.backup.ftp_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.gopher
Prefs.js: 9666 removed from network.proxy.backup.gopher_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.socks
Prefs.js: 9666 removed from network.proxy.backup.socks_port
Prefs.js: "127.0.0.1" removed from network.proxy.backup.ssl
Prefs.js: 9666 removed from network.proxy.backup.ssl_port
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 9666 removed from network.proxy.http_port
Prefs.js: "localhost" removed from network.proxy.socks
Prefs.js: 9050 removed from network.proxy.socks_port
Prefs.js: true removed from network.proxy.socks_remote_dns
Prefs.js: "localhost" removed from network.proxy.ssl
Prefs.js: 9666 removed from network.proxy.ssl_port
Prefs.js: 0 removed from network.proxy.type
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a750306b-043b-11df-85b9-0026b99bdba6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a750306b-043b-11df-85b9-0026b99bdba6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a750306b-043b-11df-85b9-0026b99bdba6}\ not found.
File H:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe not found.
Folder C:\Users\XXX\AppData\Roaming\PCDr\ not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: XXX1
->Temp folder emptied: 4026168 bytes
->Temporary Internet Files folder emptied: 14763380 bytes
->Java cache emptied: 36547997 bytes
->FireFox cache emptied: 110856735 bytes
->Flash cache emptied: 17981 bytes

User: XXX2
->Temp folder emptied: 149662 bytes
->Temporary Internet Files folder emptied: 20661880 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53061381 bytes
->Flash cache emptied: 643 bytes

User: XXX3

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 1610800 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2484210 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 233,00 mb


OTL by OldTimer - Version 3.2.17.4 log created on 12202010_223144

Files\Folders moved on Reboot...
C:\Users\XXX\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 20.12.2010 22:59
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

FNi 21.12.2010 11:16
Combofix Logfile:
Code:
ComboFix 10-12-20.02 - XXX 21.12.2010  11:06:45.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7600.0.1252.49.1031.18.4091.2931 [GMT 1:00]
ausgeführt von:: c:\users\XXX\Desktop\cofi.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbhelper.dll
c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Eventuell infizierte Webseiten -----

hxxp://apnmedia.ask.com
.
(((((((((((((((((((((((  Dateien erstellt von 2010-11-21 bis 2010-12-21  ))))))))))))))))))))))))))))))
.

2010-12-21 09:14 . 2010-11-10 05:35        8199504        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{03B5384D-04F0-4C2E-A896-767C59892277}\mpengine.dll
2010-12-20 21:31 . 2010-12-20 21:31        --------        d-----w-        C:\_OTL
2010-12-20 11:16 . 2010-12-20 11:16        --------        d-----w-        c:\users\XXX\AppData\Roaming\Malwarebytes
2010-12-20 11:16 . 2010-11-29 16:42        38224        ----a-w-        c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 11:16 . 2010-12-20 11:16        --------        d-----w-        c:\programdata\Malwarebytes
2010-12-20 11:16 . 2010-12-20 11:16        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-20 11:16 . 2010-11-29 16:42        24152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-12-17 14:18 . 2010-12-17 14:18        --------        d-----w-        c:\users\XXX\AppData\Local\Rockstar Games
2010-12-15 16:25 . 2010-10-20 05:20        46080        ----a-w-        c:\windows\system32\atmlib.dll
2010-12-15 16:25 . 2010-10-20 04:54        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2010-12-15 16:25 . 2010-10-20 03:05        367104        ----a-w-        c:\windows\system32\atmfd.dll
2010-12-15 16:25 . 2010-10-20 02:58        294400        ----a-w-        c:\windows\SysWow64\atmfd.dll
2010-12-15 16:25 . 2010-10-20 03:09        3124224        ----a-w-        c:\windows\system32\win32k.sys
2010-12-15 16:25 . 2010-10-16 05:19        395776        ----a-w-        c:\windows\system32\webio.dll
2010-12-15 16:25 . 2010-10-16 04:36        314368        ----a-w-        c:\windows\SysWow64\webio.dll
2010-12-15 16:25 . 2010-10-12 05:05        35328        ----a-w-        c:\program files\Windows Mail\wabfind.dll
2010-12-15 16:25 . 2010-10-12 05:00        516096        ----a-w-        c:\program files\Windows Mail\wab.exe
2010-12-15 16:25 . 2010-10-12 04:25        516096        ----a-w-        c:\program files (x86)\Windows Mail\wab.exe
2010-12-15 16:25 . 2010-10-16 05:23        112000        ----a-w-        c:\windows\system32\consent.exe
2010-12-11 00:23 . 2010-12-11 00:23        --------        d-----w-        c:\users\XXX\AppData\Roaming\ManyCam
2010-12-11 00:23 . 2010-12-11 00:23        --------        d-----w-        c:\users\XXX\AppData\Local\ManyCam
2010-12-11 00:23 . 2010-12-11 00:23        --------        d-----w-        c:\program files (x86)\ManyCam
2010-12-06 14:20 . 2010-12-06 14:20        --------        d-----w-        c:\users\XXX\AppData\Local\Octoshape
2010-12-01 16:45 . 2010-12-17 14:19        --------        d-----w-        C:\GAMES
2010-12-01 16:45 . 2010-12-01 16:54        --------        d-----w-        c:\users\XXX\AppData\Local\Oblivion
2010-11-25 17:08 . 2010-11-25 17:08        --------        d-----w-        c:\programdata\Electronic Arts
2010-11-25 17:08 . 2010-11-25 17:08        --------        d-----w-        c:\programdata\EA Core
2010-11-25 16:49 . 2010-11-25 19:05        --------        d-----w-        c:\programdata\Solidshield
2010-11-21 13:35 . 2010-11-21 13:35        --------        d-----w-        c:\users\XXX\AppData\Roaming\PCDr

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-22 15:54 . 2010-01-29 17:07        83120        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2010-10-19 09:41 . 2010-01-01 13:17        270720        ------w-        c:\windows\system32\MpSigStub.exe
2010-10-01 18:15 . 2010-10-01 18:15        178800        ----a-w-        c:\windows\SysWow64\CmdLineExt_x64.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{3017FB3E-9A77-4396-88C5-0EC9548FB42F}]
2010-06-27 10:43        2447360        ----a-w-        c:\program files (x86)\SpeedBit Video Downloader\Toolbar\tbcore3.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{389943B0-C3A2-4E69-82CB-8596A84CB3DC}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

c:\users\Micha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]

c:\users\XXX\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-9-21 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [2010-06-03 21712]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 342320]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
R3 RTCore64;RTCore64;c:\program files (x86)\RMClock\RTCore64.sys [2008-09-08 14352]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-25 203264]
R4 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
R4 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
R4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-11-02 403624]
R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R4 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2010-08-20 689472]
R4 VideoAcceleratorService;VideoAcceleratorService;c:\progra~2\SPEEDB~2\VideoAcceleratorService.exe [2010-06-27 300656]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-02 834544]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Acceler.sys [2009-09-17 23912]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704]
S3 O2MDGRDR;O2MDGRDR;c:\windows\system32\DRIVERS\o2mdgx64.sys [2009-05-22 69152]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

.
Inhalt des "geplante Tasks" Ordners

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 16:23]

2010-12-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-12 16:23]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-02 3180624]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = local
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {75AD296B-0990-41E5-BC0F-03779B81B7D4} = 192.168.0.5
TCP: {7E444FE6-C9F9-476C-8BF7-CB953FF2897D} = 192.168.0.5
FF - ProfilePath - c:\users\XXX\AppData\Roaming\Mozilla\Firefox\Profiles\9qjppzno.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension
FF - Ext: SpeedBit Video Downloader: {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - c:\program files (x86)\SpeedBit Video Downloader\SPFireFox
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: UltraSurf Firefox Tool: {5B52016C-D097-4aec-BE61-9F129D8FDDBA} - %profile%\extensions\{5B52016C-D097-4aec-BE61-9F129D8FDDBA}
FF - Ext: CacheViewer: {71328583-3CA7-4809-B4BA-570A85818FBB} - %profile%\extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-4098244174-1042992831-1247179864-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,b0,56,57,69,9f,38,14,ce,df,0a,a9,51,48,7c,8e,d9,b9,c3,c2,2b,
  90,2c,3a,3e,65,18,c7,86,8e,6a,b2,85,be,c9,92,c0,ba,b2,ef,cb,b8,8d,2b,7a,a8,\
"rkeysecu"=hex:72,41,1d,62,f5,4b,8c,aa,9d,0f,49,9d,85,52,ce,5d

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-21  11:12:45
ComboFix-quarantined-files.txt  2010-12-21 10:12

Vor Suchlauf: 18 Verzeichnis(se), 68.941.467.648 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 68.806.909.952 Bytes frei

- - End Of File - - 84F84D1A1C6317C02655C7F171399306
--- --- ---

cosinus 21.12.2010 11:45
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

FNi 21.12.2010 11:51
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio 1745
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 195):
0x02C1E000 \SystemRoot\system32\ntoskrnl.exe
0x031FA000 \SystemRoot\system32\hal.dll
0x00BCF000 \SystemRoot\system32\kdcom.dll
0x00C8D000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00CD1000 \SystemRoot\system32\PSHED.dll
0x00CE5000 \SystemRoot\system32\CLFS.SYS
0x00E42000 \SystemRoot\system32\CI.dll
0x00F02000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00FA6000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x01092000 \SystemRoot\System32\Drivers\spva.sys
0x011B8000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x011C1000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00FB5000 \SystemRoot\system32\DRIVERS\pci.sys
0x0106E000 \SystemRoot\System32\drivers\partmgr.sys
0x01083000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x011F0000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FE8000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D43000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x012E4000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x01200000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x0120B000 \SystemRoot\system32\drivers\fltmgr.sys
0x01257000 \SystemRoot\system32\drivers\fileinfo.sys
0x01401000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0126B000 \SystemRoot\System32\Drivers\msrpc.sys
0x015A4000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00C00000 \SystemRoot\System32\Drivers\cng.sys
0x015BE000 \SystemRoot\System32\drivers\pcw.sys
0x015CF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x016A8000 \SystemRoot\system32\drivers\ndis.sys
0x0179A000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x0162B000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01677000 \SystemRoot\System32\Drivers\spldr.sys
0x00D9F000 \SystemRoot\System32\drivers\rdyboost.sys
0x0167F000 \SystemRoot\System32\Drivers\mup.sys
0x01691000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01818000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01852000 \SystemRoot\system32\DRIVERS\disk.sys
0x01868000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x019D5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x01800000 \SystemRoot\System32\Drivers\Null.SYS
0x01809000 \SystemRoot\System32\Drivers\Beep.SYS
0x0169A000 \SystemRoot\System32\drivers\vga.sys
0x015D9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x012C9000 \SystemRoot\System32\drivers\watchdog.sys
0x012D9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x00E1A000 \SystemRoot\system32\drivers\rdpencdd.sys
0x00E23000 \SystemRoot\system32\drivers\rdprefmp.sys
0x00E2C000 \SystemRoot\System32\Drivers\Msfs.SYS
0x00DD9000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02C01000 \SystemRoot\System32\drivers\tcpip.sys
0x03ADA000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x03B24000 \SystemRoot\system32\DRIVERS\tdx.sys
0x03B42000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03B4F000 \SystemRoot\system32\drivers\afd.sys
0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03A45000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03A50000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03A59000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03A7F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03A95000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03AA4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03ABF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03C46000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03C97000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03CA3000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03CAE000 \SystemRoot\System32\drivers\discache.sys
0x03CBD000 \SystemRoot\System32\Drivers\dfsc.sys
0x03CDB000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CEC000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x03D0E000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03EC1000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x044D8000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03E00000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03E46000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03E6A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03D34000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03E77000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x0485A000 \SystemRoot\system32\DRIVERS\bcmwl664.sys
0x04B02000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x04B0F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x04B4D000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x04B6D000 \SystemRoot\system32\DRIVERS\o2mdgx64.sys
0x04B7D000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04BD4000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04BD9000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04800000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x0480F000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04858000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03E88000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03D8A000 \SystemRoot\System32\Drivers\afm8kii6.SYS
0x03E97000 \SystemRoot\system32\DRIVERS\Acceler.sys
0x04BF7000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x03EA3000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x045CC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x045DC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03DCF000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x045F2000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03C00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x03BD9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04E6B000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04E8C000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04EA6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04EA8000 \SystemRoot\system32\DRIVERS\ks.sys
0x04EEB000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04EFD000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04F57000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04F6C000 \SystemRoot\system32\drivers\HdAudio.sys
0x04E00000 \SystemRoot\system32\drivers\portcls.sys
0x04E3D000 \SystemRoot\system32\drivers\drmk.sys
0x04E5F000 \SystemRoot\system32\drivers\ksthunk.sys
0x06020000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x00020000 \SystemRoot\System32\win32k.sys
0x0609B000 \SystemRoot\System32\drivers\Dxapi.sys
0x060A7000 \SystemRoot\system32\DRIVERS\monitor.sys
0x060B5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x060C3000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x061DF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06000000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04FC8000 \SystemRoot\System32\Drivers\usbvideo.sys
0x01898000 \SystemRoot\system32\DRIVERS\CtClsFlt.sys
0x00590000 \SystemRoot\System32\TSDDD.dll
0x006A0000 \SystemRoot\System32\cdd.dll
0x018C3000 \SystemRoot\system32\drivers\luafv.sys
0x018E6000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x01903000 \SystemRoot\system32\drivers\WudfPf.sys
0x03C2F000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x01924000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x01977000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0198A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x061F2000 \SystemRoot\system32\DRIVERS\vwifimp.sys
0x046C8000 \SystemRoot\system32\drivers\HTTP.sys
0x04790000 \SystemRoot\system32\DRIVERS\bowser.sys
0x047AE000 \SystemRoot\System32\drivers\mpsdrv.sys
0x047C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x04600000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x0464E000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06221000 \??\C:\Windows\system32\drivers\acedrv11.sys
0x0627B000 \SystemRoot\system32\DRIVERS\atksgt.sys
0x062CA000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0x062D7000 \SystemRoot\system32\drivers\peauth.sys
0x0637D000 \SystemRoot\System32\Drivers\secdrv.SYS
0x06388000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x063B5000 \SystemRoot\System32\drivers\tcpipreg.sys
0x066E3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x0674A000 \SystemRoot\System32\DRIVERS\srv.sys
0x067E0000 \SystemRoot\system32\drivers\BCM42RLY.sys
0x06600000 \SystemRoot\System32\Drivers\fastfat.SYS
0x06636000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x06641000 \SystemRoot\system32\DRIVERS\WSDPrint.sys
0x066CF000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77720000 \WINDOWS\System32\ntdll.dll
0x47B00000 \WINDOWS\System32\smss.exe
0xFFA40000 \WINDOWS\System32\apisetschema.dll
0xFF250000 \WINDOWS\System32\autochk.exe
0xFFA20000 \WINDOWS\System32\nsi.dll
0xFF8F0000 \WINDOWS\System32\rpcrt4.dll
0xFF820000 \WINDOWS\System32\usp10.dll
0xFF7B0000 \WINDOWS\System32\gdi32.dll
0xFF730000 \WINDOWS\System32\difxapi.dll
0xFF520000 \WINDOWS\System32\ole32.dll
0xFF4F0000 \WINDOWS\System32\imm32.dll
0xFF410000 \WINDOWS\System32\oleaut32.dll
0xFF400000 \WINDOWS\System32\lpk.dll
0xFF3B0000 \WINDOWS\System32\ws2_32.dll
0xFF390000 \WINDOWS\System32\imagehlp.dll
0x77620000 \WINDOWS\System32\user32.dll
0xFF310000 \WINDOWS\System32\shlwapi.dll
0xFF230000 \WINDOWS\System32\advapi32.dll
0xFE4A0000 \WINDOWS\System32\shell32.dll
0xFE450000 \WINDOWS\System32\Wldap32.dll
0x778F0000 \WINDOWS\System32\psapi.dll
0x77500000 \WINDOWS\System32\kernel32.dll
0xFE3B0000 \WINDOWS\System32\clbcatq.dll
0x778E0000 \WINDOWS\System32\normaliz.dll
0xFE280000 \WINDOWS\System32\wininet.dll
0xFE020000 \WINDOWS\System32\iertutil.dll
0xFDF10000 \WINDOWS\System32\msctf.dll
0xFDEF0000 \WINDOWS\System32\sechost.dll
0xFDE50000 \WINDOWS\System32\comdlg32.dll
0xFDCD0000 \WINDOWS\System32\urlmon.dll
0xFDAF0000 \WINDOWS\System32\setupapi.dll
0xFDA50000 \WINDOWS\System32\msvcrt.dll
0xFD9E0000 \WINDOWS\System32\KernelBase.dll
0xFD940000 \WINDOWS\System32\comctl32.dll
0xFD7D0000 \WINDOWS\System32\crypt32.dll
0xFD7B0000 \WINDOWS\System32\devobj.dll
0xFD770000 \WINDOWS\System32\wintrust.dll
0xFD730000 \WINDOWS\System32\cfgmgr32.dll
0xFD720000 \WINDOWS\System32\msasn1.dll
0x75C60000 \WINDOWS\SysWOW64\normaliz.dll

Processes (total 52):
0 System Idle Process
4 System
308 C:\WINDOWS\System32\smss.exe
408 csrss.exe
488 C:\WINDOWS\System32\wininit.exe
500 csrss.exe
544 C:\WINDOWS\System32\services.exe
560 C:\WINDOWS\System32\lsass.exe
568 C:\WINDOWS\System32\lsm.exe
668 C:\WINDOWS\System32\svchost.exe
752 C:\WINDOWS\System32\svchost.exe
804 C:\WINDOWS\System32\svchost.exe
856 C:\WINDOWS\System32\svchost.exe
880 C:\WINDOWS\System32\svchost.exe
928 C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
420 C:\WINDOWS\System32\svchost.exe
620 C:\Program Files\Dell\DellDock\DockLogin.exe
888 C:\WINDOWS\System32\winlogon.exe
1212 C:\WINDOWS\System32\svchost.exe
1316 C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
1324 C:\WINDOWS\System32\wlanext.exe
1344 C:\WINDOWS\System32\conhost.exe
1360 C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
1464 C:\WINDOWS\System32\spoolsv.exe
1512 C:\WINDOWS\System32\svchost.exe
1648 C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1816 C:\WINDOWS\System32\svchost.exe
1852 C:\WINDOWS\System32\svchost.exe
1348 C:\WINDOWS\System32\taskhost.exe
1636 C:\WINDOWS\System32\taskeng.exe
1988 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1700 C:\WINDOWS\explorer.exe
2060 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2504 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2512 C:\Program Files\IDT\WDM\sttray64.exe
2544 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
2716 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2860 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
2632 C:\WINDOWS\System32\SearchIndexer.exe
3300 C:\WINDOWS\System32\svchost.exe
3508 C:\Program Files\Windows Media Player\wmpnetwk.exe
3268 C:\WINDOWS\System32\svchost.exe
3324 C:\WINDOWS\System32\dwm.exe
4040 C:\WINDOWS\System32\svchost.exe
3932 C:\WINDOWS\System32\audiodg.exe
2336 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1384 C:\Program Files (x86)\QIP 2010\qip.exe
3840 C:\WINDOWS\System32\SearchProtocolHost.exe
3928 C:\WINDOWS\System32\SearchFilterHost.exe
4004 C:\Users\XXX\Desktop\MBRCheck.exe
3900 C:\WINDOWS\System32\conhost.exe
2100 C:\WINDOWS\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`ac000000 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000028`58200000 (NTFS)
\\.\F: --> \\.\PhysicalDrive0 at offset 0x00000039`6f000000 (NTFS)

PhysicalDrive0 Model Number: ST9320423AS, Rev: 0004SDM1

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 21.12.2010 11:52
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

FNi 21.12.2010 16:49
Malwarebytes LMalwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Datenbank Version: 5360

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.12.2010 12:30:20
mbam-log-2010-12-21 (12-30-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|)
Durchsuchte Objekte: 400431
Laufzeit: 34 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
og:



SuperAntiSpyware Log:

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/21/2010 at 04:44 PM

Application Version : 4.47.1000

Core Rules Database Version : 6045
Trace Rules Database Version: 3857

Scan type : Complete Scan
Total Scan Time : 01:42:57

Memory items scanned : 620
Memory threats detected : 0
Registry items scanned : 15016
Registry threats detected : 4
File items scanned : 239809
File threats detected : 2

Browser Hijacker.Deskbar
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
(x86) HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version

Trojan.Agent/Gen-FraudLoad
C:\GAMES\GTA\PC\GLOBE CONVERTER.EXE

Adware.HBHelper
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES (X86)\SPEEDBIT VIDEO DOWNLOADER\TOOLBAR\TBHELPER.DLL.VIR


Hat was länger gedauert, musste den Schnee genießen :-D
Danke ;)

cosinus 21.12.2010 22:21
Sieht ok aus, da wurden nur Cookies und Überreste gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

FNi 21.12.2010 22:28
Nein bisher läufts gut, hab (bisher) keine eklatanten FPS Drops mehr feststellen können. Vielen Dank noch mal, gute Sache dieses Board hier, sollte ich mal wieder ein Problem haben melde ich mich hier ;)


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:41 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131