Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Starsear.ch nach Firefox-Plugin download (https://www.trojaner-board.de/105919-starsear-ch-firefox-plugin-download.html)

riera77 07.12.2011 15:43
Starsear.ch nach Firefox-Plugin download
 
Hi.
Erst mal ein großes Lob an Euch. Super was Ihr hier macht!:daumenhoc
Auch ich habe mir wohl einen Trojaner eingefangen. Durch google (suche nach starsear.ch) bin ich zu Euch gestoßen. Wie ein anderer user hier auf dem board, habe ich es mir beim Online-TV eingefangen, nach der Installation eines Firefox-Plugins. :balla:
Der Trojaner macht sich dadurch bemerkbar, dass er im Firefox als Startseite eingestellt ist.

Nun, wenn ich den Trojaner los bin, sichere ich meine wichtigsten Daten und mache Win7 neu drauf. Das ist mein Ziel.

So nun fange ich mal an:


defogger hat nicht so wie beschrieben geklappt. Deswegen poste ich hier die Textdatei:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 04:18 on 07/12/2011 (Saki)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL:
Code:
OTL logfile created on: 07.12.2011 04:32:12 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 54,75% Memory free
3,49 Gb Paging File | 2,03 Gb Available in Paging File | 58,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 68,55 Gb Free Space | 46,83% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 26,90 Gb Free Space | 17,74% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
PRC - [2011.10.03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\javaw.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () -- C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
PRC - [2011.09.29 22:59:53 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.07.20 12:27:32 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.21 06:53:10 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 06:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:23:26 | 003,207,072 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
PRC - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () -- C:\Windows\System32\FUSServices.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 11:01:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 11:01:40 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011.10.14 11:01:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 11:01:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.02.28 02:33:14 | 000,077,664 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2009.05.14 11:05:48 | 000,688,432 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\N5ShellExtension.dll
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.07.20 12:27:32 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 06:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.07.20 12:27:33 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.07.20 12:27:33 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=2&cf=8cfe85a6-2044-11e1-a791-00247e83dc50
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=2&cf=8cfe85a6-2044-11e1-a791-00247e83dc50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 0D 78 9C BB E9 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=2&cf=8cfe85a6-2044-11e1-a791-00247e83dc50"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.22 11:53:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2011.11.18 16:02:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2010.12.01 22:24:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011.11.10 14:35:19 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\ffxtlbr@Facemoods.com
[2011.11.15 23:31:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.06.11 15:27:52 | 000,002,039 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\startsear.xml
[2011.11.12 01:32:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.11.12 01:32:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
[2011.11.09 15:30:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.10.22 19:43:02 | 000,420,705 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 14506 more lines...
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Programme\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Programme\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Programme\vShare\vshare_toolbar.dll ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Programme\vShare\vshare_toolbar.dll ()
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: Nitro PDF Professional - cscript //B "C:\Program Files\Nitro PDF\Professional\RemoveOldAddins.vbs"
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.07 04:09:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.06 20:57:58 | 000,000,000 | ---D | C] -- C:\Program Files\StartSearch plugin
[2011.12.02 22:30:09 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011.11.25 23:51:30 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011.11.25 12:33:11 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.11.25 00:13:11 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\SoftGrid Client
[2011.11.25 00:13:11 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\SoftGrid Client
[2011.11.25 00:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011.11.25 00:00:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011.11.25 00:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.11.25 00:00:13 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2011.11.24 23:55:09 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\TP
[2011.11.23 21:32:39 | 000,000,000 | ---D | C] -- C:\Program Files\vShare
[2011.11.22 11:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011.11.22 11:52:56 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011.11.22 11:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011.11.19 22:21:49 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar
[2011.11.19 22:21:48 | 000,000,000 | ---D | C] -- C:\Program Files\Convar
[2011.11.13 15:32:54 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\{5AC501DC-7123-43B2-8A0A-BB4430355244}
[2011.11.12 01:33:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.11.10 15:17:55 | 000,000,000 | ---D | C] -- C:\Users\Saki\Desktop\DownL
[2011.11.10 14:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\facemoods.com
[2011.11.10 14:33:46 | 000,000,000 | ---D | C] -- C:\Program Files\JDownloader
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.07 04:15:57 | 000,302,592 | ---- | M] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:15:42 | 000,000,000 | ---- | M] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.07 04:09:44 | 000,050,477 | ---- | M] () -- C:\Users\Saki\Desktop\Defogger.exe
[2011.12.06 19:52:11 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 19:52:11 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.06 19:44:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.06 19:44:26 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.11.25 12:33:21 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.25 12:33:21 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.25 12:33:21 | 000,552,214 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011.11.25 12:33:21 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.25 12:33:21 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.25 12:33:21 | 000,089,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011.11.20 12:58:33 | 000,000,497 | ---- | M] () -- C:\Users\Saki\Desktop\Windows-Firewall - Verknüpfung.lnk
[2011.11.19 22:21:03 | 003,462,033 | ---- | M] () -- C:\Users\Saki\Desktop\pci_filerecovery.exe.part
[2011.11.16 00:31:37 | 000,000,887 | ---- | M] () -- C:\Users\Saki\.recently-used.xbel
[2011.11.13 16:05:58 | 004,040,793 | ---- | M] () -- C:\Users\Saki\Desktop\WiPo.pdf
[2011.11.10 23:46:31 | 000,001,912 | ---- | M] () -- C:\Users\Saki\Desktop\JDownloader.lnk
[2011.11.10 08:43:21 | 000,301,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2011.12.07 04:15:42 | 000,000,000 | ---- | C] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:14:38 | 000,302,592 | ---- | C] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:09:33 | 000,050,477 | ---- | C] () -- C:\Users\Saki\Desktop\Defogger.exe
[2011.11.20 12:58:33 | 000,000,497 | ---- | C] () -- C:\Users\Saki\Desktop\Windows-Firewall - Verknüpfung.lnk
[2011.11.19 22:20:57 | 003,462,033 | ---- | C] () -- C:\Users\Saki\Desktop\pci_filerecovery.exe.part
[2011.11.16 00:31:37 | 000,000,887 | ---- | C] () -- C:\Users\Saki\.recently-used.xbel
[2011.11.13 16:05:50 | 004,040,793 | ---- | C] () -- C:\Users\Saki\Desktop\WiPo.pdf
[2011.11.10 23:46:31 | 000,001,912 | ---- | C] () -- C:\Users\Saki\Desktop\JDownloader.lnk
[2011.11.10 14:34:25 | 000,001,912 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.11.10 14:34:25 | 000,001,891 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.11.10 14:34:25 | 000,001,870 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,552,214 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,089,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,301,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.11.27 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Ashampoo
[2010.12.01 22:24:46 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.04.06 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\gtk-2.0
[2011.10.09 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC
[2011.04.27 15:36:18 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.03 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Nitro PDF
[2010.09.28 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\OpenOffice.org
[2011.03.23 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Opera
[2011.04.06 18:25:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Scribus
[2011.05.28 15:13:06 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\ScummVM
[2011.12.06 19:41:50 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\SoftGrid Client
[2011.06.12 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Steganos
[2010.12.08 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\streamripper
[2011.11.25 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\TP
[2011.07.05 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Windows Live Writer
[2011.11.03 00:29:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.04.25 19:30:00 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2010.11.04 13:41:57 | 000,000,000 | ---D | M] -- C:\ADB
[2011.11.25 15:18:55 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2010.09.22 19:20:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.02 22:30:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.06 20:57:58 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.11.25 23:51:30 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.09.22 19:20:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.09.22 19:20:47 | 000,000,000 | -HSD | M] -- C:\Recovery
[2011.09.29 23:09:15 | 000,000,000 | ---D | M] -- C:\swsetup
[2011.12.07 04:34:51 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.29 22:58:31 | 000,000,000 | ---D | M] -- C:\system.sav
[2010.09.22 19:20:59 | 000,000,000 | R--D | M] -- C:\Users
[2011.11.23 16:09:47 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:35:40 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=0DB7A48388D54D154EBEC120461A0FCD -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys
[2010.11.20 09:40:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=1151FD4FB0216CFED887BFDE29EBD516 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_d9efac7dbcaf385b\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\System32\drivers\afd.sys
[2011.04.25 03:18:03 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=9EBBBA55060F786F0FCAA3893BFA2806 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_d9f97e05bca8003a\afd.sys
[2011.04.25 03:27:23 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C114AB7A1550D42EA1700FFD4179CF5A -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_d864ad9ad8c98d1f\afd.sys
[2011.04.25 04:24:09 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=C427F91A748CD342A2B3F9278D9FD6A5 -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_da774a9ad5cea29e\afd.sys
[2009.07.14 00:12:38 | 000,338,944 | ---- | M] (Microsoft Corporation) MD5=DDC040FDB01EF1712A6B13E52AFB104C -- C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_d7be98b5bfc0b4c1\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-12-06 18:00:04
 
<          >

< End of report >

Extras
Code:
OTL Extras logfile created on: 07.12.2011 04:32:12 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 54,75% Memory free
3,49 Gb Paging File | 2,03 Gb Available in Paging File | 58,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 68,55 Gb Free Space | 46,83% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 26,90 Gb Free Space | 17,74% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{753B874E-A0C0-47C5-9D8A-A8443384A93F}}" = Steganos Online-Banking 2011
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACE3E86-78B6-43A1-B104-E3F3006FC576}" = Companion Suite Pro LL2 Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDB5A8F-A163-4FD7-A8AE-E2695ACFEA90}" = Companion Suite Pro LL2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D7659F54-7502-4312-AA24-F103C92C26F5}" = ScanSoft PaperPort 11
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"facemoods" = Facemoods Toolbar
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeNotes2_is1" = Freebie Notes
"LiveVDO plugin" = LiveVDO plugin 1.3
"LSI Soft Modem" = LSI HDA Modem
"LucasArts' Curse of Monkey Island" = LucasArts' Curse of Monkey Island
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.52.1100" = Opera 11.52
"PDF Complete" = PDF Complete Special Edition
"Scribus 1.3.9" = Scribus 1.3.9
"ScummVM_is1" = ScummVM 1.2.1
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SopCast" = SopCast 3.3.2
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.11.2011 18:16:33 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.11.2011 16:09:28 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 28.11.2011 16:13:17 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 28.11.2011 16:13:19 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 29.11.2011 14:35:33 | Computer Name = Saki-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = Fehler bei der um 2011-11-29T18:00:20.859104700Z gestarteten Sicherung.
 Fehlercode: "2155348269" (%%2155348269). Suchen Sie in den Ereignisdetails nach
 einer Lösung, und führen Sie die Sicherung erneut aus, nachdem das Problem behoben
 wurde.
 
Error - 29.11.2011 14:35:37 | Computer Name = Saki-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 02.12.2011 07:51:59 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.12.2011 07:55:55 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 02.12.2011 07:55:57 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.12.2011 09:05:05 | Computer Name = Saki-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 8.0.0.4325 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 13dc    Startzeit:
 01ccb1ae511b9bad    Endzeit: 51    Anwendungspfad: C:\Program Files\Mozilla Firefox\firefox.exe

Berichts-ID:
 
 
[ System Events ]
Error - 05.12.2011 06:56:56 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 05.12.2011 06:56:56 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 06.12.2011 13:39:57 | Computer Name = Saki-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 06.12.2011 14:44:33 | Computer Name = Saki-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 06.12.2011 14:44:33 | Computer Name = Saki-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 06.12.2011 14:45:04 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 9  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 06.12.2011 14:45:04 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 06.12.2011 14:45:04 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 06.12.2011 14:45:04 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 06.12.2011 14:45:04 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
 
< End of report >

Gmer text
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-12-07 15:21:33
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40J
Running: 0erz17xx.exe; Driver: C:\Users\Saki\AppData\Local\Temp\kxldypod.sys


---- System - GMER 1.0.15 ----

SSDT            8E1F049E                                                                                        ZwCreateSection
SSDT            8E1F04A3                                                                                        ZwSetContextThread
SSDT            8E1F043F                                                                                        ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text          ntkrnlpa.exe!ZwSaveKey + 13D1                                                                    82C4B349 1 Byte  [06]
.text          ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                          82C84D52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text          ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                              82C8BEAC 4 Bytes  [9E, 04, 1F, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                              82C8C24C 4 Bytes  [A3, 04, 1F, 8E]
.text          ntkrnlpa.exe!KeRemoveQueueEx + 166F                                                              82C8C324 4 Bytes  [3F, 04, 1F, 8E]
.text          C:\Windows\system32\DRIVERS\atikmdag.sys                                                        section is writeable [0x8E60C000, 0x2D5378, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                          Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                          rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device          \Driver\BTHUSB \Device\00000083                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000083                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000085                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\BTHUSB \Device\00000085                                                                  bthport.sys (Bluetooth-Bustreiber/Microsoft Corporation)
Device          \Driver\ACPI_HAL \Device\0000004f                                                                halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00247e83dc50                     
Reg            HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00247e83dc50 (not active ControlSet) 

---- EOF - GMER 1.0.15 ----
Gruß

Larusso 08.12.2011 06:00
:hallo:

Zitat:
Nun, wenn ich den Trojaner los bin, sichere ich meine wichtigsten Daten und mache Win7 neu drauf. Das ist mein Ziel.
Dann brauchen wir hier nichts zu bereinigen. Nach dem Neu Aufsetzen ist sowieso alles weg und wäre hier nur Zeitverschwendung, großartig zu bereinigen

riera77 08.12.2011 13:29
Zitat:
Zitat von Larusso (Beitrag 731350)
:hallo:


Dann brauchen wir hier nichts zu bereinigen. Nach dem Neu Aufsetzen ist sowieso alles weg und wäre hier nur Zeitverschwendung, großartig zu bereinigen
Ok. Danke für die Antwort.
Problematisch wird es doch, wenn die Daten die ich retten möchte auch "verseucht" sind oder?

Larusso 08.12.2011 19:09
Ich sehe in den Logs keine laufende Malware, also eher unwahrscheinlich.

Wir könnten noch folgendes versuchen.

Code:
:otl
[2011.06.11 15:27:52 | 000,002,039 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.07.11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\startsear.xml
[2011.11.10 14:35:19 | 000,000,000 | ---D | M] (Facemoods) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\ffxtlbr@Facemoods.com
FF - prefs.js..browser.startup.homepage: "hxxp://startsear.ch/?aff=2&cf=8cfe85a6-2044-11e1-a791-00247e83dc50"
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FE 0D 78 9C BB E9 CB 01  [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=2&cf=8cfe85a6-2044-11e1-a791-00247e83dc50
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
:commands
[emptytemp]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

riera77 09.12.2011 21:29
Hallo.
Ok, hier die Ergebnisse:

Code:
All processes killed
========== OTL ==========
C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml moved successfully.
C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\startsear.xml moved successfully.
C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\ffxtlbr@Facemoods.com\defaults\preferences folder moved successfully.
C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\ffxtlbr@Facemoods.com\defaults folder moved successfully.
C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\ffxtlbr@Facemoods.com\components folder moved successfully.
C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\ffxtlbr@Facemoods.com folder moved successfully.
Prefs.js: "hxxp://startsear.ch/?aff=2&cf=8cfe85a6-2044-11e1-a791-00247e83dc50" removed from browser.startup.homepage
Prefs.js: "Web Search" removed from browser.search.defaultengine
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Saki
->Temp folder emptied: 1597995567 bytes
->Temporary Internet Files folder emptied: 7479811 bytes
->Java cache emptied: 2052547 bytes
->FireFox cache emptied: 51707640 bytes
->Opera cache emptied: 2944232 bytes
->Flash cache emptied: 56980 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32368 bytes
RecycleBin emptied: 3095 bytes
 
Total Files Cleaned = 1.585,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 12092011_185841

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


Malwarebytes
Code:
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8344

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

09.12.2011 19:26:58
mbam-log-2011-12-09 (19-26-58).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 158466
Laufzeit: 7 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 15
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=2&cf=8cfe85a6-2044-11e1-a791-00247e83dc50) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\startsearch plugin\ssbarlcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
:dankeschoen:

Larusso 10.12.2011 21:47
Noch Probleme ?

riera77 10.12.2011 22:20
Zitat:
Noch Probleme ?
Also Starsear.ch ist weg. Das war bei aber das einzige Indiz auf einen Trojaner. Kann ich das anderweitig noch testen?

Gruß

Larusso 10.12.2011 22:26
Du kannst von mir aus testen was du willst, wenn du mir nicht vertraust.
Das war nämlich alles andere als ein Trojaner, sondern nur weil du iwas mit der typischen
"klick --> klick --> klick --> fertig" Methode installiert hast.



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


riera77 12.12.2011 17:39
Zitat:
Du kannst von mir aus testen was du willst, wenn du mir nicht vertraust.
Das war nämlich alles andere als ein Trojaner, sondern nur weil du iwas mit der typischen
"klick --> klick --> klick --> fertig" Methode installiert hast.
Doch, selbstverständlich glaube ich das. Schließlich seid Ihr die Experten :)

ESET-Scanner ist bei 12%-14% immer wieder abgestürzt, obwohl ich alles ausgeschaltet habe (Firewall, Spybot, Antivir).

Larusso 12.12.2011 21:11
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Unterstützte Betriebssysteme: Windows 2000, Windows XP und Windows Vista (32bit)
  • Bitte den Internet Explorer unbedingt mit Rechtsklick auf das Icon und als Administrator starten.
  • Einen Haken bei "I have read and accepted the license terms".
  • Den Button "Install" drücken.
  • IE-User müssen die Installation des ActiveX Elements erlauben und auf "Installieren" klicken.
  • Firefox-User müssen die Installation des Firefox Addons erlauben und anschließend den Firefox neu starten.
  • Den Button "Start" drücken.
  • "Full Scan" einstellen und den Button "Start" drücken.
  • Die Signaturen werden heruntergeladen.
  • Der Scan beginnt automatisch.
  • Scanende (Finish).
  • Bei Funden benutze => Automatische Bereinigung (Automatically)
  • und klicke auf den Button "Next".
  • Bericht anzeigen, indem Du auf den Button "Full report" klickst.
  • Menü => Datei => Seite speichern unter
  • Dateityp auf Textdatei umstellen und
  • auf dem Desktop als f-secure.txtspeichern.
  • Log hier posten.

riera77 15.12.2011 14:27
bin vorher nicht zum posten gekommen.
Den Schritt habe ich gemacht. Auch dieser Scanner stürzt quasi ab; auch nachdem ich alles ausschalte. und zwar bei 100%, dort erscheint auch nach Stunden kein "Finish". Bleibt quasi bei der letzten Datei hängen.
Bei 100% zeigt er bei gefundener Malware: -1 an.
Was das wohl bedeutet?

Larusso 16.12.2011 09:32
Ich vermute -1 steht für nen internen Fehler. Was genau kann ich aber nicht sagen.

Melde mich am Abend nochmal, muss da eine Anleitung basteln

riera77 19.12.2011 12:05
Achso, was mir noch aufgefallen ist:
Wenn ich den PC herunterfahre, will er eine Anwendung beenden. Ich muss hierbei "Herunterfahren erzwingen" klicken. Das macht er neuerdings immer. Kann das auch damit zusammenhängen?

Larusso 19.12.2011 16:14
:O

Tut mir leid, bist durchgerutscht.

Folge bitte dieser Anleitung für Panda
http://www.hijackthis-forum.de/allge...tml#post354548


Und welches Programm dies ist wäre eventuell für mich Hilfreich :)

riera77 21.12.2011 12:31
Zitat:
Zitat von Larusso (Beitrag 737109)
:O

Tut mir leid, bist durchgerutscht.

Folge bitte dieser Anleitung für Panda
hxxp://www.hijackthis-forum.de/allgemeines/25893-kostenlose-online-scanner.html#post354548
Bei mir läd er Panda runter. Also kein Online-Scanner wie die anderen. Ist das richtig so?


Zitat:
Und welches Programm dies ist wäre eventuell für mich Hilfreich :)
vorher war es explorer.exe, jetzt hat das Programm jedoch keinen Namen mehr. Dieses "schließen erzwingen" kommt also immer noch.

Larusso 21.12.2011 16:52
Okay, dann muss ich da doch nochmal bisschen tiefer rein.

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.



Bitte poste in deiner nächsten Antwort
Combofix.txt

riera77 22.12.2011 09:57
hier bitte sehr. :)
Code:
ComboFix 11-12-21.02 - Saki 22.12.2011  2:20.1.2 - x86
Microsoft Windows 7 Enterprise  6.1.7601.1.1252.49.1031.18.1789.1261 [GMT 1:00]
ausgeführt von:: c:\users\Saki\Desktop\ComboFix.exe
AV: Panda Antivirus Pro 2012 *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Antivirus Pro 2012 *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\facemoods.com
c:\program files\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.crx
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoods.png
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsEng.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll
c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
c:\program files\StartSearch plugin
c:\program files\StartSearch plugin\IEhelperActiveX.dll
c:\program files\StartSearch plugin\StartBar.dll
c:\program files\StartSearch plugin\uninst.exe
c:\program files\StartSearch plugin\vshareplg.crx
c:\windows\system32\drivers\npf.sys
c:\windows\unin0407.exe
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-11-22 bis 2011-12-22  ))))))))))))))))))))))))))))))
.
.
2011-12-21 23:15 . 2011-12-21 23:15        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC4F2113-8636-4A11-9C7F-06FA804D14AA}\offreg.dll
2011-12-20 19:53 . 2011-12-20 19:53        --------        d-----w-        c:\users\Saki\AppData\Local\Panda Security
2011-12-20 19:51 . 2010-06-22 17:13        26696        ----a-w-        c:\windows\system32\drivers\pavboot.sys
2011-12-20 19:50 . 2007-03-15 18:38        54832        ----a-w-        c:\windows\system32\pavcpl.cpl
2011-12-20 19:50 . 2003-10-22 17:23        446464        ----a-w-        c:\windows\system32\HHActiveX.dll
2011-12-20 19:50 . 2010-06-21 16:01        520000        ----a-w-        c:\windows\system32\PavSHook.dll
2011-12-20 19:50 . 2010-06-21 16:01        87360        ----a-w-        c:\windows\system32\PavLspHook.dll
2011-12-20 19:50 . 2010-06-21 16:01        55616        ----a-w-        c:\windows\system32\pavipc.dll
2011-12-20 19:50 . 2011-12-20 19:50        --------        d-----w-        c:\windows\system32\PAV
2011-12-20 19:50 . 2010-05-21 12:50        54344        ----a-w-        c:\windows\system32\drivers\amm8660.sys
2011-12-20 19:50 . 2010-03-24 11:55        55552        ----a-w-        c:\windows\system32\avldr.dll
2011-12-20 19:50 . 2011-12-20 19:52        --------        d-----w-        c:\programdata\Panda Security
2011-12-20 19:50 . 2011-12-20 19:51        --------        d-----w-        c:\program files\Panda Security
2011-12-20 19:50 . 2011-12-20 19:50        --------        d-----w-        c:\users\Saki\AppData\Roaming\Panda Security
2011-12-20 19:48 . 2011-12-20 19:48        --------        d-----w-        c:\program files\Common Files\Panda Security
2011-12-20 19:48 . 2011-02-21 13:38        37448        ----a-w-        c:\windows\system32\drivers\ShlDrv51.sys
2011-12-20 19:48 . 2010-05-06 16:11        163848        ----a-w-        c:\windows\system32\drivers\PavProc.sys
2011-12-20 19:34 . 2005-04-03 22:01        274432        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-12-20 19:34 . 2005-04-03 22:00        184320        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-12-20 19:34 . 2005-04-03 21:57        32768        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2011-12-20 19:34 . 2005-04-03 22:02        753664        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-12-20 19:34 . 2005-04-03 22:02        69714        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-12-20 19:34 . 2005-04-03 21:59        5632        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-12-20 19:34 . 2011-12-20 19:34        200836        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-12-20 19:34 . 2011-12-20 19:34        331908        ----a-w-        c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-12-20 17:26 . 2011-11-21 10:47        6823496        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{AC4F2113-8636-4A11-9C7F-06FA804D14AA}\mpengine.dll
2011-12-14 14:08 . 2011-10-15 05:38        534528        ----a-w-        c:\windows\system32\EncDec.dll
2011-12-14 14:08 . 2011-10-26 04:28        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2011-12-14 14:08 . 2011-10-26 04:47        3912560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2011-12-14 14:08 . 2011-10-26 04:47        3967856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2011-12-13 22:32 . 2011-12-13 22:32        --------        d-----w-        c:\programdata\Microsoft Help
2011-12-13 22:32 . 2011-12-13 22:32        --------        d-----w-        c:\users\Saki\AppData\Local\Microsoft Help
2011-12-12 23:24 . 2011-12-12 23:24        --------        d-----w-        c:\users\Saki\AppData\Roaming\f-secure
2011-12-12 23:23 . 2011-12-12 23:23        --------        d-----w-        c:\programdata\F-Secure
2011-12-12 23:17 . 2011-12-12 23:17        --------        d-----w-        c:\windows\Sun
2011-12-11 14:54 . 2011-12-11 14:54        --------        d-----w-        c:\program files\ESET
2011-12-09 18:11 . 2011-12-09 18:11        --------        d-----w-        c:\users\Saki\AppData\Roaming\Malwarebytes
2011-12-09 18:10 . 2011-12-09 18:10        --------        d-----w-        c:\programdata\Malwarebytes
2011-12-09 18:10 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys
2011-12-09 18:10 . 2011-12-09 18:10        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-12-09 17:58 . 2011-12-09 17:58        --------        d-----w-        C:\_OTL
2011-12-02 21:30 . 2011-12-02 21:30        --------        d-----r-        C:\MSOCache
2011-11-25 22:51 . 2011-12-03 11:37        --------        d-----w-        c:\programdata\VirtualizedApplications
2011-11-24 23:13 . 2011-12-21 18:14        --------        d-----w-        c:\users\Saki\AppData\Roaming\SoftGrid Client
2011-11-24 23:13 . 2011-11-24 23:13        --------        d-----w-        c:\users\Saki\AppData\Local\SoftGrid Client
2011-11-24 23:00 . 2011-11-25 11:33        --------        d-----w-        c:\program files\Microsoft Application Virtualization Client
2011-11-24 22:55 . 2011-11-24 23:03        --------        d-----w-        c:\users\Saki\AppData\Roaming\TP
2011-11-23 20:32 . 2011-11-23 20:32        --------        d-----w-        c:\program files\vShare
2011-11-22 10:52 . 2011-11-22 10:52        --------        d-----w-        c:\programdata\Apple Computer
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:25 . 2011-12-14 14:09        2342912        ----a-w-        c:\windows\system32\win32k.sys
2011-11-11 19:45 . 2011-05-20 11:16        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-05 04:26 . 2011-12-14 14:09        2048        ----a-w-        c:\windows\system32\tzres.dll
2011-11-03 22:39 . 2011-12-14 23:48        1127424        ----a-w-        c:\windows\system32\wininet.dll
2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts
2011-10-03 04:06 . 2010-09-28 14:56        472808        ----a-w-        c:\windows\system32\deployJava1.dll
2011-09-29 21:59 . 2011-09-29 22:00        6656        ----a-w-        c:\windows\system32\bcmwlrc.dll
2011-09-29 21:59 . 2011-09-29 22:00        51712        ----a-w-        c:\windows\system32\wltrynt.dll
2011-09-29 21:59 . 2011-09-29 22:00        457        ----a-w-        c:\windows\system32\vcredist_x86.bat
2011-09-29 21:59 . 2011-09-29 22:00        2682880        ----a-w-        c:\windows\system32\vcredist_x86.exe
2011-09-29 21:59 . 2011-09-29 22:00        91376        ----a-w-        c:\windows\system32\bcmwlcoi.dll
2011-09-29 21:59 . 2011-09-29 22:00        2661368        ----a-w-        c:\windows\system32\drivers\BCMWL6.SYS
2011-09-29 21:59 . 2011-09-29 22:00        57344        ----a-w-        c:\windows\system32\bcmwlrmt.dll
2011-09-29 21:59 . 2011-09-29 22:00        7027200        ----a-w-        c:\windows\system32\BCMWLCPL.CPL
2011-09-29 21:59 . 2011-09-29 22:00        953856        ----a-w-        c:\windows\system32\BCMLogon.dll
2011-09-29 21:59 . 2011-09-29 22:00        4190208        ----a-w-        c:\windows\system32\bcmttls.dll
2011-09-29 21:59 . 2011-09-29 22:00        3555328        ----a-w-        c:\windows\system32\bcmihvui.dll
2011-09-29 21:59 . 2011-09-29 22:00        3866624        ----a-w-        c:\windows\system32\bcmihvsrv.dll
2011-09-29 21:59 . 2011-09-29 22:00        18424        ----a-w-        c:\windows\system32\drivers\bcm42rly.sys
2011-09-29 16:03 . 2011-11-09 14:34        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2011-11-09 14:30 . 2011-03-23 23:56        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-29 1545512]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-11-13 29984]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-11-13 46368]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 1808784]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2009-05-14 209216]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2011-01-31 656920]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11\WLTRAY.exe" [2011-09-29 4367360]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-07-13 458844]
"HTC Sync Loader"="c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-08-22 593920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-08-31 1047208]
"APVXDWIN"="c:\program files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" [2011-04-13 1000768]
"SCANINICIO"="c:\program files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [2011-02-02 70464]
.
c:\users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
2010-03-24 11:55        55552        ----a-w-        c:\windows\System32\avldr.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2009-10-26 25088]
R3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;c:\users\Saki\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-10-26 25088]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-23 23040]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [2010-08-16 16472]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [2010-08-16 11104]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-04 1343400]
R3 XMLDIUSB;XML USB Device Interface;c:\windows\system32\Drivers\XMLDIUSB.sys [2008-01-16 33152]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 106752]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 pavboot;Panda boot driver;c:\windows\system32\Drivers\pavboot.sys [2010-06-22 26696]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\DRIVERS\ShlDrv51.sys [2011-02-21 37448]
S1 SLEE_17_DRIVER;Steganos Live Encryption Engine 17 [Driver];c:\windows\system32\drivers\Sleen17.sys [2010-02-17 13:21 94560]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [2009-03-02 81920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AmFSM;AmFSM;c:\windows\system32\DRIVERS\amm8660.sys [2010-05-21 54344]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-10-20 821664]
S2 FUSServices;Session Launcher Service;c:\windows\system32\FUSServices.exe [2008-09-02 10752]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [2011-08-12 87040]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\DRIVERS\PavProc.sys [2010-05-06 163848]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2011-01-31 1127448]
S2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe [2010-08-16 28992]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-09-14 508264]
S3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 PavSRK.sys;PavSRK.sys;c:\windows\system32\PavSRK.sys [x]
S3 PavTPK.sys;PavTPK.sys;c:\windows\system32\PavTPK.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-09-14 577384]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-09-14 194408]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-09-14 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-09-14 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-09-14 219496]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-09-28 315392]
.
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page =
IE: Free YouTube to Mp3 Converter - c:\users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q=
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
HKLM_ActiveSetup-Nitro PDF Professional - //B
AddRemove-facemoods - c:\program files\facemoods.com\facemoods\1.4.17.11\uninstall.exe
AddRemove-LiveVDO plugin - c:\program files\StartSearch plugin\uninst.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-LucasArts' Curse of Monkey Island - c:\windows\unin0407.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-21429813-4147417538-2869700651-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-21429813-4147417538-2869700651-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
c:\windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe
c:\program files\PANDA SECURITY\PANDA ANTIVIRUS PRO 2012\WebProxy.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
c:\program files\Broadcom\Broadcom 802.11\bcmwltry.exe
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
c:\program files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
c:\program files\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\LFOGRPOW.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-12-22  03:22:26 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-12-22 02:21
.
Vor Suchlauf: 9 Verzeichnis(se), 74.532.114.432 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 74.279.690.240 Bytes frei
.
- - End Of File - - 3661C637A5B244ED9442A068C5691291
gruß

Larusso 22.12.2011 17:16
Sieht gut aus,
Noch irgendwelche Auffälligkeiten ?

riera77 23.12.2011 11:44
Danke erst mal für das Feedback.
also dieses "schließen erzwingen" beim Herunterfahren ist geblieben. Dazu muss ich sagen, dass mein PC ja sonst keine Auffälligkeiten zeigte. Achso: mein Email-Konto ist jetzt voll mit Spam :schrei:ich weiß aber nicht in wie weit das mit der Malware zu tun hat.

Schönen Gruß

Larusso 23.12.2011 11:57
Eventuell zeigt mir das etwas mehr.


Downloade dir bitte Farbar's MiniToolBox auf deinen Desktop und starte das Tool

Setze einen Haken bei folgenden Einträgen
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Klicke Go und poste dein Inhalt der Result.txt.

riera77 23.12.2011 15:37
Bitte sehr:

Code:
MiniToolBox by Farbar
Ran by Saki (administrator) on 23-12-2011 at 15:35:02
Microsoft Windows 7 Enterprise  Service Pack 1 (X86)

***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/22/2011 01:47:39 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/22/2011 04:04:15 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/22/2011 04:04:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.

Error: (12/22/2011 03:59:19 AM) (Source: Sentinel) (User: )
Description: Unexpected failure scanning file C:\PROGRAM FILES\NAVIGON\NAVIGON FRESH\BIN\QTWEBKIT4.DLL.

If the problem persists, please contact with support.

Error: (12/22/2011 03:56:34 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (12/20/2011 09:11:54 PM) (Source: Sentinel) (User: )
Description: Unexpected failure scanning file C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\CVH.EXE.

If the problem persists, please contact with support.

Error: (12/20/2011 09:00:36 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: WINWORDC.EXE, Version: 14.0.6024.1000, Zeitstempel: 0x4d83e4eb
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000001
ID des fehlerhaften Prozesses: 0x14c0
Startzeit der fehlerhaften Anwendung: 0xWINWORDC.EXE0
Pfad der fehlerhaften Anwendung: WINWORDC.EXE1
Pfad des fehlerhaften Moduls: WINWORDC.EXE2
Berichtskennung: WINWORDC.EXE3

Error: (12/20/2011 07:03:47 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)"

Error: (12/19/2011 02:23:49 PM) (Source: Application Hang) (User: )
Description: Programm WINWORDC.EXE, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14ac

Startzeit: 01ccbe511fff3d0e

Endzeit: 0

Anwendungspfad: Q:\140066.deu\Office14\WINWORDC.EXE

Berichts-ID: a0f853b0-2a44-11e1-8cfd-00247e83dc50

Error: (12/19/2011 02:07:55 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:31:00 PM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 9
Prozessor-ID: 0

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.

Error: (12/23/2011 03:30:26 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (12/23/2011 03:30:26 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (12/23/2011 00:59:55 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Panda On-Access Anti-Malware Service" wurde mit folgendem Fehler beendet:
%%1

Error: (12/23/2011 11:37:31 AM) (Source: Microsoft-Windows-WHEA-Logger) (User: LOKALER DIENST)
Description: Schwerwiegender Hardwarefehler.

Gemeldet von Komponente: Prozessorkern
Fehlerquelle: 3
Fehlertyp: 256
Prozessor-ID: 1

Die Detailansicht dieses Eintrags beinhaltet weitere Informationen.


Microsoft Office Sessions:
=========================
Error: (12/22/2011 01:47:39 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

Error: (12/22/2011 04:04:15 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\HTC\htc sync 3.0\FDAgentForOutlook64.exe

Error: (12/22/2011 04:04:06 AM) (Source: SideBySide)(User: )
Description: assemblyIdentitylanguage*c:\program files\spybot - search & destroy\DelZip179.dllc:\program files\spybot - search & destroy\DelZip179.dll8

Error: (12/22/2011 03:59:19 AM) (Source: Sentinel)(User: )
Description: C:\PROGRAM FILES\NAVIGON\NAVIGON FRESH\BIN\QTWEBKIT4.DLL

Error: (12/22/2011 03:56:34 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Program Files\HTC\HTC Sync 3.0\FDAgentForOutlook64.exe

Error: (12/20/2011 09:11:54 PM) (Source: Sentinel)(User: )
Description: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\VIRTUALIZATION HANDLER\CVH.EXE

Error: (12/20/2011 09:00:36 PM) (Source: Application Error)(User: )
Description: WINWORDC.EXE14.0.6024.10004d83e4ebunknown0.0.0.000000000c00000050000000114c001ccbf50c1c5d7eaQ:\140066.deu\Office14\WINWORDC.EXEunknown4783e3d1-2b45-11e1-b4a1-00247e83dc50

Error: (12/20/2011 07:03:47 PM) (Source: Windows Backup)(User: )
Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)

Error: (12/19/2011 02:23:49 PM) (Source: Application Hang)(User: )
Description: WINWORDC.EXE0.0.0.014ac01ccbe511fff3d0e0Q:\140066.deu\Office14\WINWORDC.EXEa0f853b0-2a44-11e1-8cfd-00247e83dc50

Error: (12/19/2011 02:07:55 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:\program files\HTC\htc sync 3.0\FDAgentForOutlook64.exe


=========================== Installed Programs ============================

AC3Filter 1.63b (Version: 1.63b)
Adobe AIR (Version: 2.7.1.19610)
Adobe Flash Player 10 ActiveX (Version: 10.2.152.26)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader X (10.1.1) - Deutsch (Version: 10.1.1)
Apple Application Support (Version: 2.1.5)
Apple Software Update (Version: 2.1.3.127)
Ashampoo Photo Commander 7.60 (Version: 7.6.0)
AudibleManager (Version: 1999395552.48.56.5770610)
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.18.12)
Broadcom Wireless Utility (Version: 5.60.18.12)
CCleaner (Version: 3.04)
Cisco EAP-FAST Module (Version: 2.2.14)
Cisco LEAP Module (Version: 1.0.19)
Cisco PEAP Module (Version: 1.1.6)
Companion Suite Pro LL2 (Version: 1.1.12)
Companion Suite Pro LL2 Drivers (Version: 1.1.12)
D3DX10 (Version: 15.4.2368.0902)
DivX-Setup (Version: 2.5.0.8)
ESET Online Scanner v3
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.8
Freebie Notes (Version: 3.42.1.3700)
GIMP 2.6.11 (Version: 2.6.11)
HP ESU for Microsoft Windows 7 (Version: 1.1.8.1)
HP Quick Launch Buttons (Version: 6.50.17.1)
HP System Default Settings (Version: 2.1.2)
HP Web Camera (Version: 1.0.0)
HP Webcam (Version: 1.0.25.0)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.013)
HTC Sync (Version: 3.0.5579)
IDT Audio (Version: 1.0.6222.0)
Java Auto Updater (Version: 2.0.6.1)
Java(TM) 6 Update 29 (Version: 6.0.290)
JDownloader 0.9 (Version: 0.9)
Junk Mail filter update (Version: 15.4.3502.0922)
Malwarebytes' Anti-Malware Version 1.51.2.1300 (Version: 1.51.2.1300)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - Deutsch (Version: 14.0.6109.5003)
Microsoft Silverlight (Version: 5.0.60401.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft WorldWide Telescope (Version: 2.8.15)
MiniTool Partition Wizard Home Edition 5.2
Mozilla Firefox 8.0 (x86 de) (Version: 8.0)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
NAVIGON Fresh 3.3.1 (Version: 3.3.1)
Nitro PDF Professional (Version: 5.5.2.0)
OpenOffice.org 3.2 (Version: 3.2.9502)
Opera 11.60 (Version: 11.60.1185)
Panda Antivirus Pro 2012 (Version: 11.00.00)
Panda Secure Vault 5
PDF Complete Special Edition (Version: 4.0.33)
QLBCASL (Version: 6.40.17.2)
QuickTime (Version: 7.71.80.42)
RuntimeInstallieren (Version: 1.20.0001)
ScanSoft PaperPort 11 (Version: 11.1.0000)
Scribus 1.3.9 (Version: 1.3.9)
ScummVM 1.2.1
SIGNAL IDUNA Beratungssoftware freie Vertriebe (Version: 011.21.0001)
SopCast 3.3.2 (Version: 3.3.2)
Spybot - Search & Destroy (Version: 1.6.2)
Steganos Online-Banking 2011 (Version: 1.1)
Streamripper (Remove only)
Synaptics Pointing Device Driver (Version: 13.2.6.2)
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Veetle TV 0.9.18 (Version: 0.9.18)
vShare Plugin
Winamp (Version: 5.601 )
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live Fotogalerie (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX control for remote connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR
xp-AntiSpy 3.97-9
Xvid 1.1.3 final uninstall (Version: 1.1)
Zak McKracken - Between Time and Space

========================= Memory info: ===================================

Percentage of memory in use: 62%
Total physical RAM: 1788.87 MB
Available physical RAM: 664.11 MB
Total Pagefile: 3577.73 MB
Available Pagefile: 1928.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.23 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:146.39 GB) (Free:69.73 GB) NTFS
2 Drive d: () (Fixed) (Total:151.6 GB) (Free:19.91 GB) NTFS

========================= Users: ========================================

Benutzerkonten fr \\SAKI-PC

Administrator            Gast                    Saki                   
Der Befehl wurde erfolgreich ausgefhrt.


**** End of log ****
Gruß

Larusso 25.12.2011 05:19
Auch nichts :/

Downloade dir bitte Farbar's Recovery Scan Tool und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Bitte poste in deiner nächsten Antwort
FRST.txt

riera77 25.12.2011 16:30
Frohe Weihnachten allen hier auf dem Board :)

Code:
Scan result of Farbars's Recovery Tool (FRST written by farbar) Version 2.3.0
Ran by SYSTEM at 2011-12-25 16:23:29
Running from G:\
Windows 7 Enterprise  (X86) OS Language: German Standard
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-29] (Synaptics Incorporated)
HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [29984 2007-11-13] (Nuance Communications, Inc.)
HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46368 2007-11-13] (Nuance Communications, Inc.)
HKLM\...\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1808784 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM\...\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [287800 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Nitro PDF Printer Monitor] "C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [209216 2009-05-14] ()
HKLM\...\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe [656920 2011-02-01] (PDF Complete Inc)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [4367360 2011-09-29] (Broadcom Corporation)
HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe [458844 2009-07-13] (IDT, Inc.)
HKLM\...\Run: [HTC Sync Loader] "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [593920 2011-08-22] ()
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript [1047208 2011-08-31] (Malwarebytes Corporation)
HKLM\...\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE" /s [1000768 2011-04-13] (Panda Security, S.L.)
HKLM\...\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe" [70464 2011-02-02] (Panda Security, S.L.)
HKU\Saki\...\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2144088 2009-01-26] (Safer Networking Limited)
Winlogon\Notify\avldr: avldr.dll (On-Access Anti-Malware Scanner Sync)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

================================ Services (Whitelisted) ==================

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\aestsrv.exe [81920 2009-03-02] (Andrea Electronics Corporation)
2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-03-27] (LSI Corporation)
2 AMD External Events Utility; C:\Windows\System32\atiesrxx.exe [176128 2009-08-18] (AMD)
2 FUSServices; C:\Windows\system32\FUSServices.exe [10752 2008-09-02] ()
2 Panda Software Controller; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe" [173312 2009-08-10] (Panda Security, S.L.)
2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2011-08-12] ()
2 PAVFNSVR; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe" [202048 2010-10-20] (Panda Security, S.L.)
2 PavPrSrv; "C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe" [62768 2008-02-04] (Panda Security, S.L.)
2 PAVSRV; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe" [314176 2010-06-04] (Panda Security, S.L.)
2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService [1127448 2011-02-01] (PDF Complete Inc)
2 PSIMSVC; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe" [108288 2008-06-19] (Panda Security S.L.)
2 PskSvcRetail; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe" [28992 2010-08-16] (Panda Security, S.L.)
2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\STacSV.exe [221266 2009-07-13] (IDT, Inc.)
3 StorSvc; C:\Windows\System32\storsvc.dll [16384 2009-07-14] (Microsoft Corporation)
2 TPSrv; "C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe" [156992 2011-04-14] (Panda Security, S.L.)
2 wltrysvc; "C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE" "C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe" [3718656 2011-09-29] (Broadcom Corporation)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1161664 2009-04-06] (LSI Corporation)
2 AmFSM; C:\Windows\System32\DRIVERS\amm8660.sys [54344 2010-05-21] (Panda Security, S.L.)
3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [25088 2009-10-26] (HTC, Corporation)
3 atikmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [4994560 2009-08-18] (ATI Technologies Inc.)
3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [18424 2011-09-29] (Broadcom Corporation)
3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation)
3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows (R) Win 7 DDK provider)
0 pavboot; C:\Windows\System32\Drivers\pavboot.sys [26696 2010-06-22] (Panda Security, S.L.)
2 PavProc; \??\C:\Windows\system32\DRIVERS\PavProc.sys [163848 2010-05-06] (Panda Security, S.L.)
3 Point32; C:\Windows\System32\DRIVERS\point32.sys [40984 2011-04-13] (Microsoft Corporation)
3 pwdrvio; \??\C:\Windows\system32\pwdrvio.sys [16472 2010-08-16] ()
3 pwdspio; \??\C:\Windows\system32\pwdspio.sys [11104 2010-08-16] ()
1 ShldDrv; C:\Windows\System32\DRIVERS\ShlDrv51.sys [37448 2011-02-21] (Panda Security, S.L.)
1 SLEE_17_DRIVER; \??\C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
3 XMLDIUSB; C:\Windows\System32\Drivers\XMLDIUSB.sys [33152 2008-01-16] (OEM)
3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
3 zghsmdm; C:\Windows\System32\DRIVERS\zghsmdm.sys [106752 2011-01-13] (ZTE Incorporated)
3 AvFlt; C:\Windows\System32\drivers\av5flt.sys [x]
3 catchme; \??\C:\Users\Saki\AppData\Local\Temp\catchme.sys [x]
3 F-Secure Standalone Minifilter; \??\C:\Users\Saki\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys [x]
3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\mbamswissarmy.sys [x]
3 PavSRK.sys; \??\C:\Windows\system32\PavSRK.sys [x]
3 PavTPK.sys; \??\C:\Windows\system32\PavTPK.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2011-12-23 15:33 - 2011-12-23 15:34 - 0395875 ____A C:\Users\Saki\Desktop\MiniToolBox.exe
2011-12-23 02:51 - 2011-12-23 02:51 - 0000000 ____D C:\Users\All Users\Panda Software
2011-12-23 02:51 - 2011-12-23 02:51 - 0000000 ____D C:\ProgramData\Panda Software
2011-12-22 03:23 - 2011-12-22 03:23 - 0021163 ____A C:\ComboFix.txt
2011-12-22 02:32 - 2011-12-22 02:32 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-22 02:16 - 2011-12-22 03:25 - 0000000 ____D C:\Qoobox
2011-12-22 02:16 - 2011-12-22 03:25 - 0000000 ____D C:\ComboFix
2011-12-22 02:16 - 2011-12-22 02:39 - 0000000 ____D C:\Windows\ERDNT
2011-12-22 02:16 - 2011-06-26 07:45 - 0256000 ____A C:\Windows\PEV.exe
2011-12-22 02:16 - 2010-11-07 18:20 - 0208896 ____A C:\Windows\MBR.exe
2011-12-22 02:16 - 2009-04-20 05:56 - 0060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0098816 ____A C:\Windows\sed.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0080412 ____A C:\Windows\grep.exe
2011-12-22 02:16 - 2000-08-31 01:00 - 0068096 ____A C:\Windows\zip.exe
2011-12-21 19:09 - 2011-12-21 19:10 - 4347226 ____R (Swearware) C:\Users\Saki\Desktop\ComboFix.exe
2011-12-20 21:14 - 2011-12-23 02:27 - 0008627 ____A C:\Windows\System32\PAV_FOG.OPC
2011-12-20 20:53 - 2011-12-20 20:53 - 0000000 ____D C:\Users\Saki\AppData\Local\Panda Security
2011-12-20 20:51 - 2011-12-20 20:51 - 0000250 ____A C:\Windows\System32\PavCPL.dat
2011-12-20 20:51 - 2010-06-22 18:13 - 0026696 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\pavboot.sys
2011-12-20 20:50 - 2011-12-20 20:52 - 0000000 ____D C:\Users\All Users\Panda Security
2011-12-20 20:50 - 2011-12-20 20:52 - 0000000 ____D C:\ProgramData\Panda Security
2011-12-20 20:50 - 2011-12-20 20:51 - 0000000 ____D C:\Program Files\Panda Security
2011-12-20 20:50 - 2011-12-20 20:50 - 0000000 ____D C:\Windows\System32\PAV
2011-12-20 20:50 - 2011-12-20 20:50 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Panda Security
2011-12-20 20:50 - 2010-06-21 17:02 - 0193344 ____A (Panda Security, S.L.) C:\Windows\System32\TpUtil.dll
2011-12-20 20:50 - 2010-06-21 17:01 - 0520000 ____A (Panda Security, S.L.) C:\Windows\System32\PavSHook.dll
2011-12-20 20:50 - 2010-06-21 17:01 - 0087360 ____A (Panda Security, S.L.) C:\Windows\System32\PavLspHook.dll
2011-12-20 20:50 - 2010-06-21 17:01 - 0055616 ____A (Panda Security, S.L.) C:\Windows\System32\pavipc.dll
2011-12-20 20:50 - 2010-05-21 13:50 - 0054344 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\amm8660.sys
2011-12-20 20:50 - 2010-03-24 12:55 - 0055552 ____A (On-Access Anti-Malware Scanner Sync) C:\Windows\System32\avldr.dll
2011-12-20 20:50 - 2007-03-15 19:38 - 0054832 ____A (Panda Software) C:\Windows\System32\pavcpl.cpl
2011-12-20 20:50 - 2007-02-08 10:53 - 0107568 ____A (Panda Software) C:\Windows\System32\SYSTOOLS.DLL
2011-12-20 20:50 - 2003-10-22 18:23 - 0446464 ____A (eHelp Corporation.) C:\Windows\System32\HHActiveX.dll
2011-12-20 20:48 - 2011-12-20 20:48 - 0000000 ____D C:\Program Files\Common Files\Panda Security
2011-12-20 20:48 - 2011-02-21 14:38 - 0037448 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\ShlDrv51.sys
2011-12-20 20:48 - 2010-05-06 17:11 - 0163848 ____A (Panda Security, S.L.) C:\Windows\System32\Drivers\PavProc.sys
2011-12-20 20:45 - 2011-12-25 13:31 - 0001326 ____A C:\Windows\setupact.log
2011-12-20 20:45 - 2011-12-22 02:30 - 0001728 ____A C:\Windows\PFRO.log
2011-12-20 20:45 - 2011-12-20 20:45 - 0000000 ____A C:\Windows\setuperr.log
2011-12-20 20:19 - 2011-12-20 20:31 - 65244568 ____A C:\Users\Saki\Downloads\Panda_Antivirus_Pro_2012_AS.exe
2011-12-19 15:01 - 2011-12-19 15:01 - 0000162 ___AH C:\Users\Saki\Desktop\~$xte lesen, Texte schreiben.docx
2011-12-18 22:29 - 2011-12-18 22:29 - 3588742 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
2011-12-18 22:29 - 2011-12-18 22:29 - 3354365 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
2011-12-18 22:28 - 2011-12-18 22:28 - 0394381 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
2011-12-17 23:58 - 2011-12-17 23:58 - 0000162 ___AH C:\Users\Saki\Desktop\~$rkstatt für Flyer.docx
2011-12-15 21:58 - 2011-12-19 01:24 - 0023414 ____H C:\Users\Saki\Desktop\~WRL0928.tmp
2011-12-15 00:48 - 2011-11-04 00:02 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-12-15 00:48 - 2011-11-03 23:47 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-12-15 00:48 - 2011-11-03 23:46 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-12-15 00:48 - 2011-11-03 23:40 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-12-15 00:48 - 2011-11-03 23:40 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-12-15 00:48 - 2011-11-03 23:39 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-12-15 00:48 - 2011-11-03 23:38 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-12-15 00:48 - 2011-11-03 23:37 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-12-15 00:48 - 2011-11-03 23:34 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-12-15 00:48 - 2011-11-03 23:32 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-12-15 00:48 - 2011-11-03 23:32 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-12-15 00:48 - 2011-11-03 23:31 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-12-15 00:48 - 2011-11-03 23:28 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-12-14 15:09 - 2011-11-24 05:25 - 2342912 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-12-14 15:09 - 2011-11-05 05:26 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-12-14 15:08 - 2011-10-26 05:47 - 3967856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-12-14 15:08 - 2011-10-26 05:47 - 3912560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-12-14 15:08 - 2011-10-26 05:28 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-12-14 15:08 - 2011-10-15 06:38 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\Users\Saki\AppData\Local\Microsoft Help
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-13 00:24 - 2011-12-13 00:24 - 0001812 ____A C:\Users\Saki\Desktop\readme.txt
2011-12-13 00:24 - 2011-12-13 00:24 - 0000000 ____D C:\Users\Saki\AppData\Roaming\f-secure
2011-12-13 00:23 - 2011-12-13 00:23 - 0000000 ____D C:\Users\All Users\F-Secure
2011-12-13 00:23 - 2011-12-13 00:23 - 0000000 ____D C:\ProgramData\F-Secure
2011-12-13 00:17 - 2011-12-13 00:17 - 0000000 ____D C:\Windows\Sun
2011-12-11 15:54 - 2011-12-11 15:54 - 2322184 ____A (ESET) C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
2011-12-11 15:54 - 2011-12-11 15:54 - 0000000 ____D C:\Program Files\ESET
2011-12-09 19:11 - 2011-12-09 19:11 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-12-09 19:10 - 2011-08-31 17:00 - 0022216 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2011-12-09 19:06 - 2011-12-09 19:07 - 9852544 ____A (Malwarebytes Corporation                                    ) C:\Users\Saki\Downloads\mbam-setup-1.51.2.1300.exe
2011-12-09 19:03 - 2011-12-09 19:03 - 0005130 ____A C:\Users\Saki\Desktop\12092011_185841 OTL.txt
2011-12-09 18:58 - 2011-12-09 18:58 - 0000000 ____D C:\_OTL
2011-12-07 23:51 - 2010-03-09 22:23 - 51896296 ____A C:\Users\Saki\Downloads\Treffen sich zwei.mp3
2011-12-07 23:51 - 2009-09-25 17:35 - 0000217 ____A C:\Users\Saki\Downloads\WwW.RapidRise.Org.url
2011-12-07 23:51 - 2009-09-25 17:35 - 0000074 ____A C:\Users\Saki\Downloads\RapidRise - Powered by vBulletin.URL
2011-12-07 23:51 - 2009-09-11 19:58 - 0001557 ____A C:\Users\Saki\Downloads\Read Me.txt
2011-12-07 23:41 - 2011-12-07 23:48 - 54490424 ____A C:\Users\Saki\Downloads\IH-Tsz.by.RapidRise.org.rar
2011-12-07 15:21 - 2011-12-07 15:21 - 0004405 ____A C:\Users\Saki\Desktop\Gmer.text
2011-12-07 04:45 - 2011-12-07 04:45 - 0000000 ____A C:\Users\Saki\Desktop\Neues Textdokument.txt
2011-12-07 04:41 - 2011-12-07 04:41 - 0040296 ____A C:\Users\Saki\Desktop\Extras.Txt
2011-12-07 04:27 - 2011-12-07 04:40 - 0113472 ____A C:\Users\Saki\Desktop\OTL.Txt
2011-12-07 04:15 - 2011-12-07 04:18 - 0000470 ____A C:\Users\Saki\Desktop\defogger_disable.log
2011-12-07 04:15 - 2011-12-07 04:15 - 0000000 ____A C:\Users\Saki\defogger_reenable
2011-12-07 04:14 - 2011-12-07 04:15 - 0302592 ____A C:\Users\Saki\Desktop\0erz17xx.exe
2011-12-07 04:09 - 2011-12-07 04:10 - 0584192 ____A (OldTimer Tools) C:\Users\Saki\Desktop\OTL.exe
2011-12-07 04:09 - 2011-12-07 04:09 - 0050477 ____A C:\Users\Saki\Desktop\Defogger.exe
2011-12-02 22:51 - 2011-12-02 22:51 - 0015051 ____A C:\Users\Saki\Desktop\Werkstatt für Flyer.docx
2011-12-02 22:30 - 2011-12-02 22:30 - 0000000 ___RD C:\MSOCache
2011-11-30 00:04 - 2011-11-30 00:04 - 0029562 ____A C:\Users\Saki\Downloads\384451_10150469359164553_108707184552_10268136_699777210_n.jpg
2011-11-25 23:51 - 2011-12-03 12:37 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2011-11-25 23:51 - 2011-12-03 12:37 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2011-11-25 00:13 - 2011-12-21 19:14 - 0000000 ____D C:\Users\Saki\AppData\Roaming\SoftGrid Client
2011-11-25 00:13 - 2011-11-25 00:13 - 0000000 ____D C:\Users\Saki\AppData\Local\SoftGrid Client
2011-11-25 00:00 - 2011-11-25 12:33 - 0000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2011-11-25 00:00 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Microsoft Office
2011-11-25 00:00 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Common Files\DESIGNER


============ 3 Months Modified Files and Folders ===============

2011-12-25 16:23 - 2011-12-25 16:23 - 0000000 ____D C:\FRST
2011-12-25 16:08 - 2011-09-07 13:35 - 1431611 ____A C:\Windows\WindowsUpdate.log
2011-12-25 13:38 - 2009-07-14 05:34 - 0014928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2011-12-25 13:38 - 2009-07-14 05:34 - 0014928 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2011-12-25 13:32 - 2011-10-09 14:07 - 0000000 ____D C:\Users\Saki\AppData\Local\Htc
2011-12-25 13:31 - 2011-12-20 20:45 - 0001326 ____A C:\Windows\setupact.log
2011-12-25 13:31 - 2011-09-29 22:57 - 0000000 ____D C:\Users\All Users\PDFC
2011-12-25 13:31 - 2011-09-29 22:57 - 0000000 ____D C:\ProgramData\PDFC
2011-12-25 13:31 - 2010-09-22 19:15 - 1875763200 __ASH C:\hiberfil.sys
2011-12-25 13:31 - 2009-07-14 05:53 - 0000006 ___AH C:\Windows\Tasks\SA.DAT
2011-12-23 15:35 - 2010-09-22 19:53 - 0000000 ____D C:\Program Files\Mozilla Firefox
2011-12-23 15:34 - 2011-12-23 15:33 - 0395875 ____A C:\Users\Saki\Desktop\MiniToolBox.exe
2011-12-23 02:51 - 2011-12-23 02:51 - 0000000 ____D C:\Users\All Users\Panda Software
2011-12-23 02:51 - 2011-12-23 02:51 - 0000000 ____D C:\ProgramData\Panda Software
2011-12-23 02:27 - 2011-12-20 21:14 - 0008627 ____A C:\Windows\System32\PAV_FOG.OPC
2011-12-22 03:25 - 2011-12-22 02:16 - 0000000 ____D C:\Qoobox
2011-12-22 03:25 - 2011-12-22 02:16 - 0000000 ____D C:\ComboFix
2011-12-22 03:24 - 2009-07-14 03:37 - 0000000 __RHD C:\users\Default
2011-12-22 03:24 - 2009-07-14 03:37 - 0000000 ___RD C:\users\Public
2011-12-22 03:23 - 2011-12-22 03:23 - 0021163 ____A C:\ComboFix.txt
2011-12-22 02:39 - 2011-12-22 02:16 - 0000000 ____D C:\Windows\ERDNT
2011-12-22 02:32 - 2011-12-22 02:32 - 0000000 __SHD C:\$RECYCLE.BIN
2011-12-22 02:32 - 2009-07-14 03:04 - 0000215 ____A C:\Windows\system.ini
2011-12-22 02:32 - 2009-07-14 03:04 - 0000027 ____A C:\Windows\System32\Drivers\etc\hosts
2011-12-22 02:30 - 2011-12-20 20:45 - 0001728 ____A C:\Windows\PFRO.log
2011-12-21 19:14 - 2011-11-25 00:13 - 0000000 ____D C:\Users\Saki\AppData\Roaming\SoftGrid Client
2011-12-21 19:10 - 2011-12-21 19:09 - 4347226 ____R (Swearware) C:\Users\Saki\Desktop\ComboFix.exe
2011-12-21 00:48 - 2010-06-08 19:59 - 2138488 ____A C:\Windows\System32\PerfStringBackup.INI
2011-12-20 20:53 - 2011-12-20 20:53 - 0000000 ____D C:\Users\Saki\AppData\Local\Panda Security
2011-12-20 20:53 - 2009-07-14 03:04 - 0000460 ____A C:\Windows\win.ini
2011-12-20 20:52 - 2011-12-20 20:50 - 0000000 ____D C:\Users\All Users\Panda Security
2011-12-20 20:52 - 2011-12-20 20:50 - 0000000 ____D C:\ProgramData\Panda Security
2011-12-20 20:51 - 2011-12-20 20:51 - 0000250 ____A C:\Windows\System32\PavCPL.dat
2011-12-20 20:51 - 2011-12-20 20:50 - 0000000 ____D C:\Program Files\Panda Security
2011-12-20 20:50 - 2011-12-20 20:50 - 0000000 ____D C:\Windows\System32\PAV
2011-12-20 20:50 - 2011-12-20 20:50 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Panda Security
2011-12-20 20:50 - 2011-05-24 15:42 - 0000000 ___HD C:\Program Files\InstallShield Installation Information
2011-12-20 20:48 - 2011-12-20 20:48 - 0000000 ____D C:\Program Files\Common Files\Panda Security
2011-12-20 20:45 - 2011-12-20 20:45 - 0000000 ____A C:\Windows\setuperr.log
2011-12-20 20:34 - 2010-10-22 22:18 - 0000000 ____D C:\Program Files\Common Files\InstallShield
2011-12-20 20:31 - 2011-12-20 20:19 - 65244568 ____A C:\Users\Saki\Downloads\Panda_Antivirus_Pro_2012_AS.exe
2011-12-20 20:15 - 2011-02-18 21:47 - 0000000 ____D C:\Windows\Minidump
2011-12-20 20:15 - 2010-10-03 23:57 - 0000000 ____D C:\Users\All Users\Spybot - Search & Destroy
2011-12-20 20:15 - 2010-10-03 23:57 - 0000000 ____D C:\ProgramData\Spybot - Search & Destroy
2011-12-19 15:01 - 2011-12-19 15:01 - 0000162 ___AH C:\Users\Saki\Desktop\~$xte lesen, Texte schreiben.docx
2011-12-19 14:43 - 2010-11-29 00:02 - 0000000 ____D C:\Users\Saki\Documents\Haus
2011-12-19 14:11 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\rescache
2011-12-19 01:24 - 2011-12-15 21:58 - 0023414 ____H C:\Users\Saki\Desktop\~WRL0928.tmp
2011-12-18 22:29 - 2011-12-18 22:29 - 3588742 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
2011-12-18 22:29 - 2011-12-18 22:29 - 3354365 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
2011-12-18 22:28 - 2011-12-18 22:28 - 0394381 ____A C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
2011-12-17 23:58 - 2011-12-17 23:58 - 0000162 ___AH C:\Users\Saki\Desktop\~$rkstatt für Flyer.docx
2011-12-15 14:07 - 2009-07-14 05:33 - 0301080 ____A C:\Windows\System32\FNTCACHE.DAT
2011-12-15 14:06 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\el-GR
2011-12-15 14:06 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\de-DE
2011-12-15 00:48 - 2010-06-08 20:04 - 52988224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2011-12-14 11:50 - 2011-10-04 17:09 - 0000000 ____D C:\Users\Saki\Desktop\Lefkada
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\Users\Saki\AppData\Local\Microsoft Help
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\Users\All Users\Microsoft Help
2011-12-13 23:32 - 2011-12-13 23:32 - 0000000 ____D C:\ProgramData\Microsoft Help
2011-12-13 12:05 - 2010-09-22 19:20 - 0000000 ____D C:\users\Saki
2011-12-13 00:24 - 2011-12-13 00:24 - 0001812 ____A C:\Users\Saki\Desktop\readme.txt
2011-12-13 00:24 - 2011-12-13 00:24 - 0000000 ____D C:\Users\Saki\AppData\Roaming\f-secure
2011-12-13 00:23 - 2011-12-13 00:23 - 0000000 ____D C:\Users\All Users\F-Secure
2011-12-13 00:23 - 2011-12-13 00:23 - 0000000 ____D C:\ProgramData\F-Secure
2011-12-13 00:17 - 2011-12-13 00:17 - 0000000 ____D C:\Windows\Sun
2011-12-11 15:54 - 2011-12-11 15:54 - 2322184 ____A (ESET) C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
2011-12-11 15:54 - 2011-12-11 15:54 - 0000000 ____D C:\Program Files\ESET
2011-12-11 15:50 - 2011-03-23 00:11 - 0000000 ____D C:\Program Files\Opera
2011-12-09 19:29 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\ModemLogs
2011-12-09 19:11 - 2011-12-09 19:11 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\Users\All Users\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\ProgramData\Malwarebytes
2011-12-09 19:10 - 2011-12-09 19:10 - 0000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2011-12-09 19:07 - 2011-12-09 19:06 - 9852544 ____A (Malwarebytes Corporation                                    ) C:\Users\Saki\Downloads\mbam-setup-1.51.2.1300.exe
2011-12-09 19:03 - 2011-12-09 19:03 - 0005130 ____A C:\Users\Saki\Desktop\12092011_185841 OTL.txt
2011-12-09 18:58 - 2011-12-09 18:58 - 0000000 ____D C:\_OTL
2011-12-08 00:34 - 2011-11-06 15:23 - 0000000 ____D C:\Users\Saki\Desktop\Uni
2011-12-07 23:48 - 2011-12-07 23:41 - 54490424 ____A C:\Users\Saki\Downloads\IH-Tsz.by.RapidRise.org.rar
2011-12-07 15:21 - 2011-12-07 15:21 - 0004405 ____A C:\Users\Saki\Desktop\Gmer.text
2011-12-07 04:45 - 2011-12-07 04:45 - 0000000 ____A C:\Users\Saki\Desktop\Neues Textdokument.txt
2011-12-07 04:41 - 2011-12-07 04:41 - 0040296 ____A C:\Users\Saki\Desktop\Extras.Txt
2011-12-07 04:40 - 2011-12-07 04:27 - 0113472 ____A C:\Users\Saki\Desktop\OTL.Txt
2011-12-07 04:18 - 2011-12-07 04:15 - 0000470 ____A C:\Users\Saki\Desktop\defogger_disable.log
2011-12-07 04:15 - 2011-12-07 04:15 - 0000000 ____A C:\Users\Saki\defogger_reenable
2011-12-07 04:15 - 2011-12-07 04:14 - 0302592 ____A C:\Users\Saki\Desktop\0erz17xx.exe
2011-12-07 04:10 - 2011-12-07 04:09 - 0584192 ____A (OldTimer Tools) C:\Users\Saki\Desktop\OTL.exe
2011-12-07 04:09 - 2011-12-07 04:09 - 0050477 ____A C:\Users\Saki\Desktop\Defogger.exe
2011-12-07 03:30 - 2010-11-12 11:26 - 0000000 ____D C:\Users\Saki\Documents\Geschäft
2011-12-07 03:17 - 2011-11-10 15:17 - 0000000 ____D C:\Users\Saki\Desktop\DownL
2011-12-05 14:33 - 2011-11-10 14:33 - 0000000 ____D C:\Program Files\JDownloader
2011-12-03 12:37 - 2011-11-25 23:51 - 0000000 ____D C:\Users\All Users\VirtualizedApplications
2011-12-03 12:37 - 2011-11-25 23:51 - 0000000 ____D C:\ProgramData\VirtualizedApplications
2011-12-02 22:51 - 2011-12-02 22:51 - 0015051 ____A C:\Users\Saki\Desktop\Werkstatt für Flyer.docx
2011-12-02 22:30 - 2011-12-02 22:30 - 0000000 ___RD C:\MSOCache
2011-12-02 22:26 - 2009-07-14 03:37 - 0000000 ____D C:\Program Files\Common Files\microsoft shared
2011-11-30 00:04 - 2011-11-30 00:04 - 0029562 ____A C:\Users\Saki\Downloads\384451_10150469359164553_108707184552_10268136_699777210_n.jpg
2011-11-25 12:33 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Microsoft Application Virtualization Client
2011-11-25 00:13 - 2011-11-25 00:13 - 0000000 ____D C:\Users\Saki\AppData\Local\SoftGrid Client
2011-11-25 00:03 - 2011-11-24 23:55 - 0000000 ____D C:\Users\Saki\AppData\Roaming\TP
2011-11-25 00:00 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Microsoft Office
2011-11-25 00:00 - 2011-11-25 00:00 - 0000000 ____D C:\Program Files\Common Files\DESIGNER
2011-11-24 23:54 - 2011-11-24 23:54 - 1633168 ____A (Microsoft Corporation) C:\Users\Saki\Downloads\setupOfficeStarter.exe
2011-11-24 05:25 - 2011-12-14 15:09 - 2342912 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2011-11-23 21:32 - 2011-11-23 21:32 - 0000000 ____D C:\Program Files\vShare
2011-11-23 21:32 - 2011-11-23 21:29 - 0000000 ____D C:\Users\Saki\Downloads\vshare-plugin
2011-11-23 21:32 - 2010-09-22 19:21 - 0000000 ____D C:\Users\Saki\AppData\LocalLow
2011-11-23 21:27 - 2011-11-23 21:27 - 0092564 ____A C:\Users\Saki\Downloads\vshare-plugin.zip
2011-11-22 18:04 - 2011-08-28 11:11 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Apple Computer
2011-11-22 11:53 - 2011-11-22 11:52 - 0000000 ____D C:\Program Files\QuickTime
2011-11-22 11:52 - 2011-11-22 11:52 - 0000000 ____D C:\Users\All Users\Apple Computer
2011-11-22 11:52 - 2011-11-22 11:52 - 0000000 ____D C:\ProgramData\Apple Computer
2011-11-21 18:13 - 2010-12-08 21:15 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Winamp
2011-11-20 12:58 - 2011-11-20 12:58 - 0000497 ____A C:\Users\Saki\Desktop\Windows-Firewall - Verknüpfung.lnk
2011-11-19 22:21 - 2011-11-19 22:21 - 3462033 ____A C:\Users\Saki\Downloads\pci_filerecovery.exe
2011-11-19 22:21 - 2011-11-19 22:21 - 0000000 ____D C:\Program Files\Convar
2011-11-19 22:21 - 2011-11-19 22:20 - 3462033 ____A C:\Users\Saki\Desktop\pci_filerecovery.exe.part
2011-11-16 00:39 - 2011-04-06 18:28 - 0000000 ____D C:\Users\Saki\.gimp-2.6
2011-11-16 00:31 - 2011-11-16 00:31 - 0000887 ____A C:\Users\Saki\.recently-used.xbel
2011-11-13 16:05 - 2011-11-13 16:05 - 4040793 ____A C:\Users\Saki\Desktop\WiPo.pdf
2011-11-13 15:33 - 2011-11-13 15:32 - 0000000 ____D C:\Users\Saki\AppData\Local\{5AC501DC-7123-43B2-8A0A-BB4430355244}
2011-11-12 01:33 - 2011-11-12 01:33 - 0000000 ____D C:\Program Files\Common Files\Java
2011-11-12 01:32 - 2011-11-12 01:31 - 0003177 ____A C:\Windows\System32\jupdate-1.6.0_29-b11.log
2011-11-12 01:32 - 2011-07-03 20:54 - 0000000 ____D C:\Program Files\Java
2011-11-11 20:45 - 2011-05-20 12:16 - 0414368 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2011-11-10 14:35 - 2011-11-10 14:28 - 0000213 ____A C:\Users\Saki\Downloads\error.log
2011-11-10 14:27 - 2011-11-10 14:23 - 26685568 ____A (AppWork GmbH) C:\Users\Saki\Downloads\JDownloaderSetup.exe
2011-11-10 00:50 - 2009-07-14 03:37 - 0000000 ____D C:\Program Files\Common Files\System
2011-11-06 15:33 - 2010-09-24 01:37 - 0000000 ____D C:\Users\Saki\HTC Desire
2011-11-06 15:31 - 2011-11-06 15:31 - 0000000 ____D C:\Users\Saki\Documents\Bewerbungen
2011-11-05 05:26 - 2011-12-14 15:09 - 0002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2011-11-04 00:02 - 2011-12-15 00:48 - 12279808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2011-11-03 23:47 - 2011-12-15 00:48 - 1798144 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2011-11-03 23:46 - 2011-12-15 00:48 - 9705472 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2011-11-03 23:40 - 2011-12-15 00:48 - 1427456 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2011-11-03 23:40 - 2011-12-15 00:48 - 1103360 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2011-11-03 23:39 - 2011-12-15 00:48 - 1127424 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2011-11-03 23:38 - 2011-12-15 00:48 - 0231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2011-11-03 23:37 - 2011-12-15 00:48 - 0065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2011-11-03 23:34 - 2011-12-15 00:48 - 0716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2011-11-03 23:32 - 2011-12-15 00:48 - 1792000 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2011-11-03 23:32 - 2011-12-15 00:48 - 0072704 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2011-11-03 23:31 - 2011-12-15 00:48 - 2382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2011-11-03 23:28 - 2011-12-15 00:48 - 0176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2011-11-03 20:32 - 2011-11-03 20:31 - 0000000 ____D C:\Users\Saki\AppData\Local\{500D59A8-CE64-4A57-9903-8E08851301BB}
2011-11-03 00:29 - 2009-07-14 05:53 - 0032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2011-10-26 05:47 - 2011-12-14 15:08 - 3967856 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2011-10-26 05:47 - 2011-12-14 15:08 - 3912560 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2011-10-26 05:28 - 2011-12-14 15:08 - 0038912 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2011-10-24 21:39 - 2011-10-24 21:18 - 0000000 ____D C:\Program Files\Signal Iduna
2011-10-24 14:29 - 2011-10-24 14:29 - 0094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2011-10-24 14:29 - 2011-10-24 14:29 - 0069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2011-10-23 22:24 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\NDF
2011-10-23 11:55 - 2011-10-23 11:55 - 6409759 ____A C:\Users\Saki\Desktop\gapps-gb-20110828-signed.zip
2011-10-23 11:14 - 2011-10-23 11:12 - 0000000 ____D C:\Users\Saki\Desktop\Backup HTC Okrober 2011
2011-10-17 19:06 - 2011-03-17 01:30 - 0000000 ____D C:\Program Files\Common Files\Adobe
2011-10-17 19:06 - 2010-09-28 12:02 - 0000000 ____D C:\Users\All Users\Adobe
2011-10-17 19:06 - 2010-09-28 12:02 - 0000000 ____D C:\ProgramData\Adobe
2011-10-17 11:19 - 2011-10-17 11:19 - 0109285 ____A C:\Users\Saki\Documents\Studienordnung.pdf
2011-10-15 06:38 - 2011-12-14 15:08 - 0534528 ____A (Microsoft Corporation) C:\Windows\System32\EncDec.dll
2011-10-14 11:23 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Microsoft.NET
2011-10-09 14:07 - 2010-09-28 15:37 - 0000000 ____D C:\Users\Saki\AppData\Roaming\HTC
2011-10-09 13:29 - 2010-09-28 12:02 - 0000000 ____D C:\Users\Saki\AppData\Local\Downloaded Installations
2011-10-09 13:29 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\DriverStore
2011-10-09 13:28 - 2010-09-28 12:02 - 0000000 ____D C:\Program Files\Common Files\Adobe AIR
2011-10-03 05:06 - 2011-11-12 01:32 - 0157472 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2011-10-03 05:06 - 2011-11-12 01:32 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2011-10-03 05:06 - 2011-11-12 01:32 - 0145184 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2011-10-03 05:06 - 2010-09-28 15:56 - 0472808 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2011-10-02 22:33 - 2011-10-02 22:33 - 0000000 ____D C:\Users\Saki\Downloads\bewerbung
2011-10-02 22:32 - 2011-10-02 22:32 - 0182502 ____A C:\Users\Saki\Downloads\bewerbung.zip
2011-09-30 18:51 - 2011-09-30 18:50 - 0000000 ____D C:\Users\Saki\Desktop\backup 1. okt 2011 - desire
2011-09-30 13:32 - 2011-09-30 13:28 - 87585415 ____A C:\Users\Saki\Desktop\update-cm-7.0.3-Desire-signed.zip
2011-09-30 12:42 - 2011-09-30 12:42 - 0000000 ____D C:\Users\Saki\AppData\Local\PDFC
2011-09-29 23:15 - 2011-09-29 23:09 - 0000000 ____D C:\Program Files\IDT
2011-09-29 23:09 - 2011-09-29 23:06 - 107683168 ____A (Hewlett Packard                                            ) C:\Users\Saki\Downloads\sp45278.exe
2011-09-29 23:09 - 2011-05-24 15:41 - 0000000 ____D C:\swsetup
2011-09-29 23:08 - 2011-09-29 23:08 - 0000000 ____D C:\Windows\Options
2011-09-29 23:08 - 2011-05-24 15:49 - 0000000 ____D C:\Program Files\LSI SoftModem
2011-09-29 23:07 - 2011-09-29 23:07 - 5989496 ____A (Hewlett-Packard Company                                    ) C:\Users\Saki\Downloads\sp45228.exe
2011-09-29 23:07 - 2011-09-29 23:06 - 28662688 ____A (Hewlett Packard                                            ) C:\Users\Saki\Downloads\sp45137.exe
2011-09-29 23:05 - 2011-09-29 23:04 - 0000000 ____D C:\Windows\Hewlett-Packard
2011-09-29 23:02 - 2011-09-29 23:02 - 0000000 ____D C:\Program Files\Cisco
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\zh-TW
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\zh-HK
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\zh-CN
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\tr-TR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\th-TH
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\sv-SE
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\sl-SI
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\sk-SK
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ru-RU
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ro-RO
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\pt-PT
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\pt-BR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\pl-PL
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\nl-NL
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\nb-NO
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\lv-LV
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\lt-LT
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ko-KR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ja-JP
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\it-IT
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\hu-HU
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\hr-HR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\he-IL
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\fr-FR
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\fi-FI
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\et-EE
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\bg-BG
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\System32\ar-SA
2011-09-29 23:02 - 2009-07-14 03:37 - 0000000 ____D C:\Windows\Help
2011-09-29 23:01 - 2011-09-29 23:01 - 0998786 ____A C:\Windows\System32\oem32.inf
2011-09-29 23:00 - 2011-09-29 23:00 - 0000000 ____D C:\Windows\System32\vs08
2011-09-29 22:59 - 2011-09-29 23:00 - 7027200 ____A (Broadcom Corporation) C:\Windows\System32\BCMWLCPL.CPL
2011-09-29 22:59 - 2011-09-29 23:00 - 4190208 ____A (Broadcom Corporation) C:\Windows\System32\bcmttls.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 3866624 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvsrv.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 3555328 ____A (Broadcom Corporation) C:\Windows\System32\bcmihvui.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 2682880 ____A (Microsoft Corporation) C:\Windows\System32\vcredist_x86.exe
2011-09-29 22:59 - 2011-09-29 23:00 - 2661368 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\BCMWL6.SYS
2011-09-29 22:59 - 2011-09-29 23:00 - 0953856 ____A (Broadcom Corporation) C:\Windows\System32\BCMLogon.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0091376 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlcoi.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0057344 ____A (Broadcom Corporation) C:\Windows\System32\bcmwlrmt.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0051712 ____A (Broadcom Corporation) C:\Windows\System32\wltrynt.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0018424 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\bcm42rly.sys
2011-09-29 22:59 - 2011-09-29 23:00 - 0006656 ____A C:\Windows\System32\bcmwlrc.dll
2011-09-29 22:59 - 2011-09-29 23:00 - 0000457 ____A C:\Windows\System32\vcredist_x86.bat
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\Users\Saki\AppData\Roaming\InstallShield
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\Users\All Users\Uninstall
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\ProgramData\Uninstall
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\Program Files\Common Files\Roxio Shared
2011-09-29 22:59 - 2011-09-29 22:59 - 0000000 ____D C:\Program Files\Broadcom
2011-09-29 22:59 - 2011-05-24 15:42 - 0000000 ____D C:\Program Files\Hewlett-Packard
2011-09-29 22:58 - 2011-09-29 22:58 - 0000000 ____D C:\Users\Saki\AppData\Roaming\Roxio Log Files
2011-09-29 22:58 - 2011-09-29 22:28 - 0000000 ____D C:\system.sav
2011-09-29 22:57 - 2011-09-29 22:57 - 0000000 ____D C:\Program Files\PDF Complete
2011-09-29 22:28 - 2011-09-29 22:28 - 0000000 _RASH C:\Windows\System32\Drivers\103C_HP_bNB_615_Y5336AN_0U_QCNU9260M93_EU_4A_I308C_SHP_V27.06_B68GVV F.02_T090617_W71-1_L407_M1789_J320_7AMD_8F31_92.20_#110929_N14E44315;11AB4357_(NX562EA#ABD)_XMOBILE_CN10_Z_2F.02_G10029612.MRK
2011-09-29 22:26 - 2011-09-29 22:24 - 43109320 ____A (Hewlett-Packard Company                                    ) C:\Users\Saki\Downloads\Compaq Wireless Lan update.exe
2011-09-29 22:26 - 2011-09-29 22:24 - 32461280 ____A (Hewlett-Packard                                            ) C:\Users\Saki\Downloads\HP webcam sofware.exe
2011-09-29 22:25 - 2011-09-29 22:25 - 2917080 ____A (Hewlett-Packard Company                                    ) C:\Users\Saki\Downloads\Compaq 123.exe
2011-09-29 22:24 - 2011-09-29 22:23 - 24720024 ____A (Hewlett-Packard Company                                    ) C:\Users\Saki\Downloads\Compaq PDF Complete.exe
2011-09-29 22:23 - 2011-09-29 22:23 - 1528760 ____A (Hewlett-Packard                                            ) C:\Users\Saki\Downloads\COmpaq Diagnosesofware.exe
2011-09-29 22:22 - 2011-09-29 22:22 - 2273544 ____A (Hewlett-Packard Company                                    ) C:\Users\Saki\Downloads\Compaq BIOS UPDATE.exe
2011-09-29 22:22 - 2011-09-29 22:21 - 16465992 ____A (Hewlett-Packard Company                                    ) C:\Users\Saki\Downloads\Compaq Updatessp50370.exe
2011-09-29 17:03 - 2011-11-09 15:34 - 1290608 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2011-09-27 15:27 - 2011-09-27 15:23 - 0000000 ____D C:\Users\Saki\Desktop\Desire Backup September 2011

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 22%
Total physical RAM: 1788.87 MB
Available physical RAM: 1394 MB
Total Pagefile: 1788.87 MB
Available Pagefile: 1394.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.3 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:146.39 GB) (Free:69.36 GB) NTFS
2 Drive e: () (Fixed) (Total:151.6 GB) (Free:19.91 GB) NTFS
4 Drive g: (USB DISK) (Removable) (Total:1.87 GB) (Free:1.87 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[Drive with boot components]

  Datentr„ger ###  Status        Gr”áe    Frei    Dyn  GPT
  ---------------  -------------  -------  -------  ---  ---
  Datentr„ger 0    Online          298 GB      0 B       
  Datentr„ger 1    Online        1912 MB      0 B       

Datentr„gerpartitionierung wird beendet...


==========================================================

Last Boot: 2011-12-22 03:54

======================= End Of Log ==========================
Gruß

Larusso 25.12.2011 18:26
Auch clean.

Machen wir mal einen "sauberen" Systemstart.


Drücke bitte die Windows + R Taste --> msconfig ( eingeben ) --> OK --> Reiter Dienste.
Setze einen Hacken bei Alle Microsoft Dienste ausblenden und klicke auf Alle deaktivieren.

Starte den Rechner neu auf um die Änderung zu bestätigen.
Teile mir bitte mit, ob diese Meldung noch bei weiteren Shutdowns auftritt

riera77 25.12.2011 19:01
Gemacht.
Meldung erscheint jetzt für ca. eine halbe Sekunde, fährt aber von alleine herunter.

Larusso 25.12.2011 21:35
Schließe alle laufenden Programme.
Starte bitte OTL und klicke den Quick Scan Button.


Poste die OTL.txt bitte hier

riera77 26.12.2011 00:37
so, gerade nach hause gekommen und ein paar mal heruntergefahren. diese "schließen erzwingen" maske scheint nicht mehr da zu sein.

hier die otl
Code:
OTL logfile created on: 26.12.2011 00:31:11 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,26 Gb Available Physical Memory | 72,08% Memory free
3,49 Gb Paging File | 2,74 Gb Available in Paging File | 78,34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,34 Gb Free Space | 47,37% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,91 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.04.13 17:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 11:01:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.07.14 10:03:02 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Disabled | Stopped] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.14 16:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe -- (TPSrv)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Disabled | Stopped] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.10.20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010.06.04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Disabled | Stopped] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Disabled | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Disabled | Stopped] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
SRV - [2008.06.19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Disabled | Stopped] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Disabled | Stopped] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.02.21 14:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010.05.21 13:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010.05.06 17:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 00:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2011.12.24 15:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2010.12.01 22:24:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011.11.15 23:31:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.12.19 18:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\11-suche.xml
[2011.12.19 18:22:46 | 000,002,419 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:22:45 | 000,010,525 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\gmx-suche.xml
[2011.12.14 17:50:39 | 000,001,854 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.12.19 18:22:46 | 000,002,457 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\lastminute.xml
[2011.12.19 18:22:45 | 000,005,508 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\webde-suche.xml
[2011.12.26 00:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.12.26 00:28:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.22 02:32:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.25 16:23:16 | 000,000,000 | ---D | C] -- C:\FRST
[2011.12.23 02:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2011.12.22 03:24:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.22 02:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.22 02:30:03 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\temp
[2011.12.22 02:16:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.22 02:16:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.22 02:16:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.22 02:16:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.22 02:16:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.22 02:16:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.21 19:09:18 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.20 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Panda Security
[2011.12.20 20:51:46 | 000,026,696 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011.12.20 20:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011.12.20 20:50:52 | 000,054,832 | ---- | C] (Panda Software) -- C:\Windows\System32\pavcpl.cpl
[2011.12.20 20:50:35 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\System32\HHActiveX.dll
[2011.12.20 20:50:33 | 000,520,000 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavSHook.dll
[2011.12.20 20:50:33 | 000,193,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\TpUtil.dll
[2011.12.20 20:50:33 | 000,107,568 | ---- | C] (Panda Software) -- C:\Windows\System32\SYSTOOLS.DLL
[2011.12.20 20:50:33 | 000,087,360 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavLspHook.dll
[2011.12.20 20:50:33 | 000,055,616 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\pavipc.dll
[2011.12.20 20:50:31 | 000,055,552 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\Windows\System32\avldr.dll
[2011.12.20 20:50:31 | 000,054,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\amm8660.sys
[2011.12.20 20:50:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\PAV
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Panda Security
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011.12.20 20:48:57 | 000,163,848 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PavProc.sys
[2011.12.20 20:48:57 | 000,037,448 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\ShlDrv51.sys
[2011.12.20 20:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Microsoft Help
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.12.13 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.12.13 00:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.13 00:17:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.11 15:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.11 15:54:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.09 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Malwarebytes
[2011.12.09 19:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.09 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.09 19:10:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.09 18:58:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.07 04:09:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.02 22:30:09 | 000,000,000 | R--D | C] -- C:\MSOCache
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.26 00:29:52 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 00:29:52 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.26 00:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.26 00:22:27 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.23 15:34:02 | 000,395,875 | ---- | M] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.23 02:27:01 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.22 02:32:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.21 19:10:07 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.21 00:48:12 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 00:48:12 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 00:48:12 | 000,552,214 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011.12.21 00:48:12 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 00:48:12 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 00:48:12 | 000,089,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011.12.20 20:51:59 | 000,000,250 | ---- | M] () -- C:\Windows\System32\PavCPL.dat
[2011.12.18 22:29:08 | 003,588,742 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:01 | 003,354,365 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:56 | 000,394,381 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.15 14:07:41 | 000,301,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.11 15:54:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.07 15:21:33 | 000,004,405 | ---- | M] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:57 | 000,302,592 | ---- | M] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:15:42 | 000,000,000 | ---- | M] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.07 04:09:44 | 000,050,477 | ---- | M] () -- C:\Users\Saki\Desktop\Defogger.exe
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.23 15:33:58 | 000,395,875 | ---- | C] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.22 02:16:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.22 02:16:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.22 02:16:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.22 02:16:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.22 02:16:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.20 21:14:24 | 000,008,627 | ---- | C] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.20 20:51:59 | 000,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2011.12.18 22:29:06 | 003,588,742 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:00 | 003,354,365 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:47 | 000,394,381 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.07 15:21:32 | 000,004,405 | ---- | C] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:42 | 000,000,000 | ---- | C] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:14:38 | 000,302,592 | ---- | C] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:09:33 | 000,050,477 | ---- | C] () -- C:\Users\Saki\Desktop\Defogger.exe
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,552,214 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,089,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,301,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.11.27 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Ashampoo
[2010.12.01 22:24:46 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.13 00:24:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.04.06 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\gtk-2.0
[2011.10.09 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC
[2011.04.27 15:36:18 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.03 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Nitro PDF
[2010.09.28 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\OpenOffice.org
[2011.03.23 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Opera
[2011.12.20 20:50:30 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Panda Security
[2011.04.06 18:25:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Scribus
[2011.05.28 15:13:06 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\ScummVM
[2011.12.21 19:14:42 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\SoftGrid Client
[2011.06.12 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Steganos
[2010.12.08 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\streamripper
[2011.11.25 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\TP
[2011.07.05 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Windows Live Writer
[2011.11.03 00:29:06 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
gruß

Larusso 26.12.2011 00:48
Gut, dann sehen wir mal.
Stelle bitte die Services via MsConfig wieder an.


Hast du während der Bereinigung zufällig Avira deinstalliert ? Wenn ja, warum.



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.



Bitte poste in deiner nächsten Antwort
OTL.txt
Extras.txt

riera77 27.12.2011 23:47
Antivira habe ich gelöscht weil Panda es verlangt hat.

OTL
Code:
OTL logfile created on: 27.12.2011 23:23:34 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,25% Memory free
3,49 Gb Paging File | 2,09 Gb Available in Paging File | 59,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,12 Gb Free Space | 47,22% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,91 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () -- C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
PRC - [2011.09.29 22:59:53 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.14 16:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe
PRC - [2011.04.13 17:06:56 | 001,000,768 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\ApVxdWin.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.08.16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\psksvc.exe
PRC - [2010.06.04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe
PRC - [2010.05.28 13:42:32 | 000,225,600 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\AVENGINE.EXE
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.04.22 18:29:12 | 000,107,776 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\WebProxy.exe
PRC - [2010.03.05 13:05:52 | 000,065,280 | ---- | M] (Panda Security S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\avciman.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.08.10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PsCtrlS.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
PRC - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () -- C:\Windows\System32\FUSServices.exe
PRC - [2008.06.19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe
PRC - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) -- C:\Programme\Common Files\Panda Security\PavShld\PavPrSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.10.14 11:01:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 11:01:40 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011.10.14 11:01:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 11:01:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
MOD - [2007.02.14 13:55:12 | 000,165,424 | ---- | M] () -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\MiniCrypto.dll
MOD - [2004.05.19 11:33:12 | 000,507,904 | ---- | M] () -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\LIBXML2.DLL
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.14 16:07:56 | 000,156,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\TPSrv.exe -- (TPSrv)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.10.20 15:49:18 | 000,202,048 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PavFnSvr.exe -- (PAVFNSVR)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.08.16 14:54:46 | 000,028,992 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PskSvc.exe -- (PskSvcRetail)
SRV - [2010.06.04 10:37:50 | 000,314,176 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\pavsrvx86.exe -- (PAVSRV)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.08.10 14:46:08 | 000,173,312 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsCtrls.exe -- (Panda Software Controller)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
SRV - [2008.06.19 12:59:50 | 000,108,288 | ---- | M] (Panda Security S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Antivirus Pro 2012\PsImSvc.exe -- (PSIMSVC)
SRV - [2008.02.04 17:26:48 | 000,062,768 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe -- (PavPrSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Running] --  -- (PavTPK.sys)
DRV - File not found [Kernel | On_Demand | Running] --  -- (PavSRK.sys)
DRV - File not found [File_System | On_Demand | Running] --  -- (AvFlt)
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.02.21 14:38:32 | 000,037,448 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\Windows\System32\drivers\ShlDrv51.sys -- (ShldDrv)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.06.22 18:13:00 | 000,026,696 | ---- | M] (Panda Security, S.L.) [File_System | Boot | Running] -- C:\Windows\system32\Drivers\pavboot.sys -- (pavboot)
DRV - [2010.05.21 13:50:40 | 000,054,344 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\amm8660.sys -- (AmFSM)
DRV - [2010.05.06 17:11:58 | 000,163,848 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\PavProc.sys -- (PavProc)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 00:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2011.12.24 15:54:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2010.12.01 22:24:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011.11.15 23:31:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.12.19 18:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\11-suche.xml
[2011.12.19 18:22:46 | 000,002,419 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:22:45 | 000,010,525 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\gmx-suche.xml
[2011.12.14 17:50:39 | 000,001,854 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.12.19 18:22:46 | 000,002,457 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\lastminute.xml
[2011.12.19 18:22:45 | 000,005,508 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\webde-suche.xml
[2011.12.26 00:28:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.12.26 00:28:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.22 02:32:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [APVXDWIN] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\APVXDWIN.EXE (Panda Security, S.L.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SCANINICIO] C:\Program Files\Panda Security\Panda Antivirus Pro 2012\Inicio.exe (Panda Security, S.L.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\avldr: DllName - (avldr.dll) - C:\Windows\System32\avldr.dll (On-Access Anti-Malware Scanner Sync)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.25 16:23:16 | 000,000,000 | ---D | C] -- C:\FRST
[2011.12.23 02:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2011.12.22 03:24:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.22 02:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.22 02:30:03 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\temp
[2011.12.22 02:16:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.22 02:16:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.22 02:16:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.22 02:16:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.22 02:16:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.22 02:16:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.21 19:09:18 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.20 20:53:12 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Panda Security
[2011.12.20 20:51:46 | 000,026,696 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\pavboot.sys
[2011.12.20 20:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Antivirus Pro 2012
[2011.12.20 20:50:52 | 000,054,832 | ---- | C] (Panda Software) -- C:\Windows\System32\pavcpl.cpl
[2011.12.20 20:50:35 | 000,446,464 | ---- | C] (eHelp Corporation.) -- C:\Windows\System32\HHActiveX.dll
[2011.12.20 20:50:33 | 000,520,000 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavSHook.dll
[2011.12.20 20:50:33 | 000,193,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\TpUtil.dll
[2011.12.20 20:50:33 | 000,107,568 | ---- | C] (Panda Software) -- C:\Windows\System32\SYSTOOLS.DLL
[2011.12.20 20:50:33 | 000,087,360 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\PavLspHook.dll
[2011.12.20 20:50:33 | 000,055,616 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\pavipc.dll
[2011.12.20 20:50:31 | 000,055,552 | ---- | C] (On-Access Anti-Malware Scanner Sync) -- C:\Windows\System32\avldr.dll
[2011.12.20 20:50:31 | 000,054,344 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\amm8660.sys
[2011.12.20 20:50:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\PAV
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Panda Security
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\Program Files\Panda Security
[2011.12.20 20:48:57 | 000,163,848 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\PavProc.sys
[2011.12.20 20:48:57 | 000,037,448 | ---- | C] (Panda Security, S.L.) -- C:\Windows\System32\drivers\ShlDrv51.sys
[2011.12.20 20:48:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Panda Security
[2011.12.15 00:48:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.15 00:48:15 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.15 00:48:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.15 00:48:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.15 00:48:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.15 00:48:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 15:09:13 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 15:09:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 15:08:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 15:08:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 15:08:46 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 15:08:45 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Microsoft Help
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.12.13 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.12.13 00:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.13 00:17:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.11 15:54:51 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011.12.11 15:54:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.09 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Malwarebytes
[2011.12.09 19:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.09 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.09 19:10:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.09 18:58:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.07 04:09:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.02 22:30:09 | 000,000,000 | R--D | C] -- C:\MSOCache
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.27 23:26:43 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 23:26:43 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.27 23:19:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.27 23:18:52 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.23 15:34:02 | 000,395,875 | ---- | M] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.23 02:27:01 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.22 02:32:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.21 19:10:07 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.21 00:48:12 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.21 00:48:12 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.21 00:48:12 | 000,552,214 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011.12.21 00:48:12 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.21 00:48:12 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.21 00:48:12 | 000,089,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011.12.20 20:51:59 | 000,000,250 | ---- | M] () -- C:\Windows\System32\PavCPL.dat
[2011.12.18 22:29:08 | 003,588,742 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:01 | 003,354,365 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:56 | 000,394,381 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.15 14:07:41 | 000,301,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.11 15:54:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.07 15:21:33 | 000,004,405 | ---- | M] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:57 | 000,302,592 | ---- | M] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:15:42 | 000,000,000 | ---- | M] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.07 04:09:44 | 000,050,477 | ---- | M] () -- C:\Users\Saki\Desktop\Defogger.exe
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.23 15:33:58 | 000,395,875 | ---- | C] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.22 02:16:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.22 02:16:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.22 02:16:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.22 02:16:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.22 02:16:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.20 21:14:24 | 000,008,627 | ---- | C] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.20 20:51:59 | 000,000,250 | ---- | C] () -- C:\Windows\System32\PavCPL.dat
[2011.12.18 22:29:06 | 003,588,742 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:00 | 003,354,365 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:47 | 000,394,381 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.07 15:21:32 | 000,004,405 | ---- | C] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:42 | 000,000,000 | ---- | C] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:14:38 | 000,302,592 | ---- | C] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:09:33 | 000,050,477 | ---- | C] () -- C:\Users\Saki\Desktop\Defogger.exe
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,552,214 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,089,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,301,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,616,452 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,106,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >
Extra
Code:
OTL Extras logfile created on: 27.12.2011 23:23:34 - Run 3
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,81 Gb Available Physical Memory | 46,25% Memory free
3,49 Gb Paging File | 2,09 Gb Available in Paging File | 59,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,12 Gb Free Space | 47,22% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,91 Gb Free Space | 13,13% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.js [@ = JSFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.jse [@ = JSEFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbe [@ = VBEFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.vbs [@ = VBSFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsf [@ = WSFFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
.wsh [@ = WSHFile] -- C:\Programme\Panda Security\Panda Antivirus Pro 2012\PAVSCRIP.EXE (Panda Security, S.L.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
jsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
jsefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
vbefile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
vbsfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE "%1" %* (Panda Security, S.L.)
wsffile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
wshfile [open] -- C:\PROGRA~1\PANDAS~1\PANDAA~1\PAVSCRIP.EXE  "%1" %* (Panda Security, S.L.)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{753B874E-A0C0-47C5-9D8A-A8443384A93F}}" = Steganos Online-Banking 2011
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 29
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{3538DD8F-A0CF-4CB9-8B38-0963CAA509EA}" = Panda Antivirus Pro 2012
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACE3E86-78B6-43A1-B104-E3F3006FC576}" = Companion Suite Pro LL2 Drivers
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDB5A8F-A163-4FD7-A8AE-E2695ACFEA90}" = Companion Suite Pro LL2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1D3568D-BC21-4C50-92A5-2396570DF1DE}_is1" = Panda Secure Vault 5
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D7659F54-7502-4312-AA24-F103C92C26F5}" = ScanSoft PaperPort 11
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E55FB276-73C9-4776-AB53-BC028C0509ED}" = Panda Antivirus Pro 2012
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"AudibleManager" = AudibleManager
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ESET Online Scanner" = ESET Online Scanner v3
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeNotes2_is1" = Freebie Notes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete Special Edition
"Scribus 1.3.9" = Scribus 1.3.9
"ScummVM_is1" = ScummVM 1.2.1
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SopCast" = SopCast 3.3.2
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"vShare" = vShare Plugin
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 21.12.2011 23:04:15 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.12.2011 08:47:39 | Computer Name = Saki-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar.
 Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.

 
Error - 24.12.2011 12:03:48 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 12:05:47 | Computer Name = Saki-PC | Source = Sentinel | ID = 251722432
Description = Unexpected failure scanning file C:\PROGRAM FILES\NAVIGON\NAVIGON
FRESH\BIN\QTWEBKIT4.DLL.    If the problem persists, please contact with support.
 
Error - 24.12.2011 12:08:26 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.12.2011 12:08:37 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 21:50:05 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 21:52:06 | Computer Name = Saki-PC | Source = Sentinel | ID = 251722432
Description = Unexpected failure scanning file C:\PROGRAM FILES\NAVIGON\NAVIGON
FRESH\BIN\QTWEBKIT4.DLL.    If the problem persists, please contact with support.
 
Error - 24.12.2011 21:56:15 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.12.2011 21:56:23 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 27.12.2011 11:10:48 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:45 | Computer Name = Saki-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 27.12.2011 18:11:45 | Computer Name = Saki-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 8  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:11:59 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 27.12.2011 18:19:06 | Computer Name = Saki-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 27.12.2011 18:19:06 | Computer Name = Saki-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >

Larusso 28.12.2011 00:43
Deinstalliere bitte
Panda Antivirus Pro 2012



Ich sehe in den Logfiles keine laufende Anti Viren Software.

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.



Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
  • Downloade dir bitte die neueste Java-Version von hier
  • Speichere die jxpiinstall.exe
  • Schließe alle laufenden Programme. Speziell deinen Browser.
  • Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 6 Update 30 ) herunter laden.
  • Wenn die installation beendet wurde
    Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
  • Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.
Nach dem Neustart
  • Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
  • Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
  • Klicke auf Dateien löschen....
  • Gehe sicher das überall ein Hacken gesetzt ist und klicke OK.
  • Klicke erneut OK.



Macht der Rechner noch Probleme ?

riera77 28.12.2011 23:19
Zitat:
Ich sehe in den Logfiles keine laufende Anti Viren Software.

Das ist gefährlich. Manchmal bemerkt man Malware durch PopUps oder Google-Umleitungen etc, aber meisten läuft diese unbemerkt im Hintergrund. Ein AVP kann Dir helfen, Malware zu finden. Bitte downloade und Installiere Dir eines der folgenden AVPs.

Avast
Microsoft Security Essentials
Habe MSE installiert :)

Weitere Probleme sind bisher keine aufgetreten. Ich hoffe das bleibt auch so. Wenn etwas demnächst auftritt, werde ich mich melden.
Vielen Dank für die Bereinigung! :dankeschoen:

Larusso 29.12.2011 01:57
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.


Bitte poste in deiner nächsten Antwort
OTL.txt
Extras.txt

riera77 29.12.2011 22:44
Code:
OTL logfile created on: 29.12.2011 22:33:25 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 44,38% Memory free
3,49 Gb Paging File | 2,09 Gb Available in Paging File | 59,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 67,96 Gb Free Space | 46,43% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,71 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.26 00:28:34 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () -- C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
PRC - [2011.09.29 22:59:53 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
PRC - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () -- C:\Windows\System32\FUSServices.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.26 00:28:34 | 002,124,760 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2011.11.11 20:45:34 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011.10.14 11:01:51 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 11:01:40 | 011,819,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MOD - [2011.10.14 11:01:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 11:01:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2009.05.14 11:05:48 | 000,688,432 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\N5ShellExtension.dll
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.27 17:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.12.29 22:33:17 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0D59A4D-1DFE-4811-BEF1-E148E6B9D2E5}\MpKsl211648ec.sys -- (MpKsl211648ec)
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.04.06 16:12:44 | 001,161,664 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 00:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2011.12.29 00:13:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2010.12.01 22:24:47 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2011.11.15 23:31:08 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.12.19 18:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\11-suche.xml
[2011.12.19 18:22:46 | 000,002,419 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:22:45 | 000,010,525 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\gmx-suche.xml
[2011.12.14 17:50:39 | 000,001,854 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.12.19 18:22:46 | 000,002,457 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\lastminute.xml
[2011.12.19 18:22:45 | 000,005,508 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\webde-suche.xml
[2011.12.28 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.28 13:10:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.12.26 00:28:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.28 13:10:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.12.22 02:32:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.28 13:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.28 13:10:46 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.28 13:10:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.28 13:10:46 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.28 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011.12.25 16:23:16 | 000,000,000 | ---D | C] -- C:\FRST
[2011.12.23 02:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Software
[2011.12.22 03:24:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011.12.22 02:32:12 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.22 02:30:03 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\temp
[2011.12.22 02:16:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011.12.22 02:16:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011.12.22 02:16:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011.12.22 02:16:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.12.22 02:16:43 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011.12.22 02:16:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.12.21 19:09:18 | 004,347,226 | R--- | C] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.20 20:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2011.12.15 00:48:16 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.12.15 00:48:15 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.12.15 00:48:14 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.12.15 00:48:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.12.15 00:48:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.12.15 00:48:10 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.12.14 15:09:13 | 002,342,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.12.14 15:09:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011.12.14 15:08:53 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.12.14 15:08:51 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011.12.14 15:08:46 | 003,912,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.12.14 15:08:45 | 003,967,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Microsoft Help
[2011.12.13 23:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011.12.13 00:24:11 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.12.13 00:23:24 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2011.12.13 00:17:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2011.12.11 15:54:33 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.09 19:11:29 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Malwarebytes
[2011.12.09 19:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.09 19:10:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.09 19:10:41 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.09 19:10:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.09 18:58:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.07 04:09:56 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.02 22:30:09 | 000,000,000 | R--D | C] -- C:\MSOCache
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.29 22:28:26 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 22:28:26 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.29 22:20:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.29 22:20:48 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.28 16:15:04 | 000,656,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.12.28 16:15:04 | 000,618,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.12.28 16:15:04 | 000,554,314 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2011.12.28 16:15:04 | 000,131,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.12.28 16:15:04 | 000,107,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.12.28 16:15:04 | 000,090,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2011.12.28 13:10:29 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.12.28 13:10:29 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.12.28 13:10:28 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.12.28 13:10:27 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011.12.28 12:38:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2011.12.23 15:34:02 | 000,395,875 | ---- | M] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.23 02:27:01 | 000,008,627 | ---- | M] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.22 02:32:03 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.21 19:10:07 | 004,347,226 | R--- | M] (Swearware) -- C:\Users\Saki\Desktop\ComboFix.exe
[2011.12.20 17:42:46 | 002,776,251 | ---- | M] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp
[2011.12.18 22:29:08 | 003,588,742 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:01 | 003,354,365 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:56 | 000,394,381 | ---- | M] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.15 14:07:41 | 000,301,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.11 15:54:46 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Saki\Desktop\esetsmartinstaller_enu.exe
[2011.12.07 15:21:33 | 000,004,405 | ---- | M] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:57 | 000,302,592 | ---- | M] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:15:42 | 000,000,000 | ---- | M] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:10:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Desktop\OTL.exe
[2011.12.07 04:09:44 | 000,050,477 | ---- | M] () -- C:\Users\Saki\Desktop\Defogger.exe
[1 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.28 16:22:49 | 002,776,251 | ---- | C] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp
[2011.12.28 12:38:42 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.12.28 12:38:13 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.12.23 15:33:58 | 000,395,875 | ---- | C] () -- C:\Users\Saki\Desktop\MiniToolBox.exe
[2011.12.22 02:16:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011.12.22 02:16:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011.12.22 02:16:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011.12.22 02:16:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011.12.22 02:16:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011.12.20 21:14:24 | 000,008,627 | ---- | C] () -- C:\Windows\System32\PAV_FOG.OPC
[2011.12.18 22:29:06 | 003,588,742 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne_rauch.pdf
[2011.12.18 22:29:00 | 003,354,365 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_vorne.pdf
[2011.12.18 22:28:47 | 000,394,381 | ---- | C] () -- C:\Users\Saki\Desktop\Werkstatt_Flyer_hinten.pdf
[2011.12.07 15:21:32 | 000,004,405 | ---- | C] () -- C:\Users\Saki\Desktop\Gmer.text
[2011.12.07 04:15:42 | 000,000,000 | ---- | C] () -- C:\Users\Saki\defogger_reenable
[2011.12.07 04:14:38 | 000,302,592 | ---- | C] () -- C:\Users\Saki\Desktop\0erz17xx.exe
[2011.12.07 04:09:33 | 000,050,477 | ---- | C] () -- C:\Users\Saki\Desktop\Defogger.exe
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,554,314 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,090,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,656,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,131,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,301,080 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll

< End of report >
Extras
Code:
OTL Extras logfile created on: 29.12.2011 22:33:25 - Run 4
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,78 Gb Available Physical Memory | 44,38% Memory free
3,49 Gb Paging File | 2,09 Gb Available in Paging File | 59,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 67,96 Gb Free Space | 46,43% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,71 Gb Free Space | 13,00% Space Free | Partition Type: NTFS
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{753B874E-A0C0-47C5-9D8A-A8443384A93F}}" = Steganos Online-Banking 2011
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACE3E86-78B6-43A1-B104-E3F3006FC576}" = Companion Suite Pro LL2 Drivers
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDB5A8F-A163-4FD7-A8AE-E2695ACFEA90}" = Companion Suite Pro LL2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D7659F54-7502-4312-AA24-F103C92C26F5}" = ScanSoft PaperPort 11
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"AudibleManager" = AudibleManager
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeNotes2_is1" = Freebie Notes
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete Special Edition
"Scribus 1.3.9" = Scribus 1.3.9
"ScummVM_is1" = ScummVM 1.2.1
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SopCast" = SopCast 3.3.2
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 24.12.2011 12:03:48 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 12:05:47 | Computer Name = Saki-PC | Source = Sentinel | ID = 251722432
Description =
 
Error - 24.12.2011 12:08:26 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.12.2011 12:08:37 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 21:50:05 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 24.12.2011 21:52:06 | Computer Name = Saki-PC | Source = Sentinel | ID = 251722432
Description =
 
Error - 24.12.2011 21:56:15 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
 - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der Wert "*" des "language"-Attributs
 im assemblyIdentity-Element ist ungültig.
 
Error - 24.12.2011 21:56:23 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\HTC\htc
 sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 27.12.2011 10:45:07 | Computer Name = Saki-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ApVxdWin.exe, Version: 12.10.12.17,
 Zeitstempel: 0x4da5ae5b  Name des fehlerhaften Moduls: PSAUI.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4e82ceac  Ausnahmecode: 0xc0000005  Fehleroffset: 0x05636688
ID
 des fehlerhaften Prozesses: 0xcd8  Startzeit der fehlerhaften Anwendung: 0x01ccc4a511b2280b
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Panda Security\Panda Antivirus Pro
 2012\ApVxdWin.exe  Pfad des fehlerhaften Moduls: PSAUI.dll  Berichtskennung: 5de12503-3099-11e1-aeda-00247e83dc50
 
Error - 27.12.2011 18:36:04 | Computer Name = Saki-PC | Source = Windows Backup | ID = 4104
Description =
 
[ System Events ]
Error - 28.12.2011 19:13:20 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 28.12.2011 19:13:20 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 28.12.2011 19:13:20 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 28.12.2011 19:13:20 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 1    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.12.2011 17:20:53 | Computer Name = Saki-PC | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 29.12.2011 17:20:53 | Computer Name = Saki-PC | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 29.12.2011 17:21:24 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.12.2011 17:21:24 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.12.2011 17:21:24 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 11  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
Error - 29.12.2011 17:21:24 | Computer Name = Saki-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler.    Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
 3  Fehlertyp: 256  Prozessor-ID: 0    Die Detailansicht dieses Eintrags beinhaltet weitere
 Informationen.
 
 
< End of report >

Larusso 30.12.2011 01:01
Well done :daumenhoc

Wenn du keine offenen Probleme mehr hast, sind wir hier fertig.
Bitte folge die letzten paar Schritte



Starte bitte Defogger und klicke den Re-enable Button.
Defogger wir gegebenfalls einen Neustart verlangen. Dies bitte zulassen.

Wichtig: Sollte es eine Fehlermeldung geben, poste bitte die Defogger_reenable Log hier.




Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.
Code:
Combofix /Uninstall
http://larusso.trojaner-board.de/Images/CFuninstall.jpg

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.




Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.




Hier noch ein paar Tipps zur Absicherung deines Systems.


Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates
    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.


Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.


Zusätzlicher Schutz
  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
  • WinPatrol
    Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.


Sicheres Browsen
  • SpywareBlaster
    Eine kurze Einführung findest du Hier
  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
  • Opera
  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
      Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
    • AdblockPlus
      Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
      Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )



Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.


Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

riera77 30.12.2011 12:56
OK, alles runter geladen und installiert. System auf Vordermann gebracht (Updates und co.). Fragen habe ich keine. Beschreibungen waren sehr gut.

Wie weiter oben, bedanke ich mich noch mal für die Bereinigung und wünsche alles Gute für das neue Jahr!:daumenhoc

Gruß

Larusso 30.12.2011 14:41
Froh das wir helfen konnten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

riera77 23.01.2012 22:42
Hallo Larusso, schau doch bitte in deine privaten Nachrichten. Hattest ja geschrieben, dass ich dir eine PM schicken soll falls etwas ist.
Vielen Dank & Gruß

Larusso 24.01.2012 00:26
Auch ich darf einmal auf was vergessen, oder nicht ?


Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%systemroot%\system32\*.manifest /3
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Wenn der Scan beendet wurde, wird sich ein Textdokument öffnen.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

riera77 25.01.2012 01:00
Klar, wollte nur darauf hinweisen :)

Code:
OTL Extras logfile created on: 25.01.2012 00:46:03 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 71,06% Memory free
3,49 Gb Paging File | 2,25 Gb Available in Paging File | 64,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,42 Gb Free Space | 47,42% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,58 Gb Free Space | 12,91% Space Free | Partition Type: NTFS
Drive E: | 417,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,69 Gb Total Space | 2,05 Gb Free Space | 55,72% Space Free | Partition Type: FAT32
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{{753B874E-A0C0-47C5-9D8A-A8443384A93F}}" = Steganos Online-Banking 2011
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{12FEC00C-027C-4A34-9AAB-562EDA43DC18}_is1" = MiniTool Partition Wizard Home Edition 5.2
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2B4E24A0-A06F-488D-87D8-16738E5E1104}" = Windows Live Family Safety
"{2FF11610-5CB9-4A10-8572-470256CD9878}" = RuntimeInstallieren
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{35A81F0A-A1CA-458D-8FCD-7D838E3D95FF}" = Microsoft WorldWide Telescope
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ACE3E86-78B6-43A1-B104-E3F3006FC576}" = Companion Suite Pro LL2 Drivers
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{54B6DC7D-8C5B-4DFB-BC15-C010A3326B2B}" = Microsoft Security Client
"{54C65FE7-83BD-4A5B-A9B4-41F793C5F241}" = HP System Default Settings
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{853F9C53-2518-4AD0-ABA2-A72EDF4441A4}" = Nitro PDF Professional
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2F9B2C-1585-43AD-9EF9-48AAD60DFC04}" = Microsoft IntelliPoint 8.1
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABDB5A8F-A163-4FD7-A8AE-E2695ACFEA90}" = Companion Suite Pro LL2
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5B18B60-4FC3-42AD-A629-9CA10ACC06CD}" = HTC Sync
"{D7659F54-7502-4312-AA24-F103C92C26F5}" = ScanSoft PaperPort 11
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Photo Commander 7_is1" = Ashampoo Photo Commander 7.60
"Audacity_is1" = Audacity 1.2.6
"AudibleManager" = AudibleManager
"BabylonToolbar" = Babylon toolbar on IE
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"Free Studio_is1" = Free Studio version 5.3.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreeNotes2_is1" = Freebie Notes
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"NAVIGON Fresh" = NAVIGON Fresh 3.3.1
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 11.60.1185" = Opera 11.60
"PDF Complete" = PDF Complete Special Edition
"Scribus 1.3.9" = Scribus 1.3.9
"ScummVM_is1" = ScummVM 1.2.1
"SIGNAL IDUNA Beratungssoftware externe Vertriebe" = SIGNAL IDUNA Beratungssoftware freie Vertriebe
"SopCast" = SopCast 3.3.2
"SpywareBlaster_is1" = SpywareBlaster 4.5
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Veetle TV" = Veetle TV 0.9.18
"Winamp" = Winamp
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Zak McKracken - Between Time and Space" = Zak McKracken - Between Time and Space
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 12.01.2012 18:09:36 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.01.2012 18:11:55 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 14.01.2012 18:38:40 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 14.01.2012 18:40:49 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 15.01.2012 19:08:06 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 15.01.2012 19:10:02 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
Error - 17.01.2012 16:25:10 | Computer Name = Saki-PC | Source = Microsoft-Windows-Backup | ID = 517
Description = Fehler bei der um 2012-01-17T19:46:17.896826900Z gestarteten Sicherung.
 Fehlercode: "2155348269" (%%2155348269). Suchen Sie in den Ereignisdetails nach
 einer Lösung, und führen Sie die Sicherung erneut aus, nachdem das Problem behoben
 wurde.
 
Error - 17.01.2012 16:25:14 | Computer Name = Saki-PC | Source = Windows Backup | ID = 4104
Description =
 
Error - 21.01.2012 17:03:36 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\HTC\HTC
 Sync 3.0\FDAgentForOutlook64.exe".  Die abhängige Assemblierung "Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 21.01.2012 17:06:53 | Computer Name = Saki-PC | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
 security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
 files\microsoft security client\MSESysprep.dll" in Zeile 10.  Das imaging-Element
 wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
 angezeigt, das von dieser Windows-Version nicht unterstützt wird.
 
[ System Events ]
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:08 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:12 | Computer Name = Saki-PC | Source = atapi | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Ide\IdePort0 gefunden.
 
Error - 24.01.2012 15:43:45 | Computer Name = Saki-PC | Source = volsnap | ID = 393230
Description = Die Schattenkopien von Volume "C:" wurden aufgrund eines E/A-Fehlers
 auf Volume "C:" abgebrochen.
 
 
< End of report >

Code:
OTL logfile created on: 25.01.2012 00:46:03 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Saki\Downloads
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 71,06% Memory free
3,49 Gb Paging File | 2,25 Gb Available in Paging File | 64,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,39 Gb Total Space | 69,42 Gb Free Space | 47,42% Space Free | Partition Type: NTFS
Drive D: | 151,60 Gb Total Space | 19,58 Gb Free Space | 12,91% Space Free | Partition Type: NTFS
Drive E: | 417,06 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 3,69 Gb Total Space | 2,05 Gb Free Space | 55,72% Space Free | Partition Type: FAT32
 
Computer Name: SAKI-PC | User Name: Saki | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.25 00:36:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Saki\Downloads\OTL.exe
PRC - [2011.12.05 20:17:44 | 024,242,056 | ---- | M] (Dropbox, Inc.) -- C:\Users\Saki\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.09.29 22:59:54 | 004,367,360 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE
PRC - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () -- C:\Programme\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
PRC - [2011.09.29 22:59:53 | 003,718,656 | ---- | M] (Broadcom Corporation) -- C:\Programme\Broadcom\Broadcom 802.11\BCMWLTRY.EXE
PRC - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
PRC - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.06.15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011.04.13 14:02:34 | 001,808,784 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) -- C:\Programme\PDF Complete\pdfsvc.exe
PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.10.20 15:23:26 | 000,821,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2010.09.21 13:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 13:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.20 23:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.02.25 14:18:20 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Programme\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2009.12.03 19:28:08 | 000,026,112 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.13 14:56:02 | 000,458,844 | ---- | M] (IDT, Inc.) -- C:\Programme\IDT\WDM\sttray.exe
PRC - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe
PRC - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
PRC - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe
PRC - [2009.01.26 14:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.15 08:42:21 | 000,016,896 | ---- | M] () -- C:\Windows\System32\LFOGRPOW.EXE
PRC - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () -- C:\Windows\System32\FUSServices.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.30 12:36:59 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011.12.30 12:36:42 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.14 11:01:47 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f8196c3588c2229e84516af4b6a0ee60\System.Data.ni.dll
MOD - [2011.10.14 11:01:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.14 11:01:18 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.14 11:01:09 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.14 11:01:00 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.08.22 09:01:00 | 001,515,520 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\Maps\R66Api.dll
MOD - [2011.08.22 09:01:00 | 000,593,920 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcUPCTLoader.exe
MOD - [2011.08.22 09:01:00 | 000,559,244 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.7.dll
MOD - [2011.08.22 09:01:00 | 000,516,599 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\sqlite3.dll
MOD - [2011.08.22 09:01:00 | 000,389,120 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetect.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDisk.dll
MOD - [2011.08.22 09:01:00 | 000,139,264 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\htcDetectLegend.dll
MOD - [2011.08.22 09:01:00 | 000,094,208 | ---- | M] () -- C:\Programme\HTC\HTC Sync 3.0\fdHttpd.dll
MOD - [2011.03.21 19:57:34 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.03.21 19:56:16 | 001,230,704 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 14:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2009.05.14 11:05:52 | 000,209,216 | ---- | M] () -- C:\Programme\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe
MOD - [2008.12.12 15:48:50 | 000,507,904 | ---- | M] () -- C:\Programme\Common Files\BCL Technologies\NitroPDF6\bepprint.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.09.29 22:59:54 | 000,026,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE -- (wltrysvc)
SRV - [2011.08.12 16:13:26 | 000,087,040 | ---- | M] () [Auto | Running] -- C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.27 15:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011.04.27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.03.04 19:22:34 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2011.02.01 00:23:10 | 001,127,448 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2010.09.14 05:46:26 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:46:16 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.12.03 19:28:08 | 000,026,112 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.13 14:56:02 | 000,221,266 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\stacsv.exe -- (STacSV)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_b3d7bbbd6875f4bb\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008.09.02 23:38:28 | 000,010,752 | ---- | M] () [Auto | Running] -- C:\Windows\System32\FUSServices.exe -- (FUSServices)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.09.29 22:59:50 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2011.04.27 15:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011.04.18 13:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2011.01.13 02:17:18 | 000,106,752 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zghsmdm.sys -- (zghsmdm)
DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.14 05:46:26 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2010.09.14 05:46:22 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2010.09.14 05:46:18 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2010.09.14 05:46:14 | 000,577,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.08.16 14:31:08 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2010.08.16 14:31:06 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2010.06.23 09:24:56 | 000,023,040 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2010.02.25 14:18:58 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2010.02.17 14:21:12 | 000,094,560 | ---- | M] (Softwareentwicklung Remus - ArchiCrypt - ) [Driver] [Kernel | System | Running] -- C:\Windows\System32\drivers\SleeN17.sys -- (SLEE_17_DRIVER)
DRV - [2010.01.26 16:38:06 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 07:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.28 08:22:00 | 000,315,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\serial.sys -- (Serial)
DRV - [2009.07.13 14:56:02 | 000,408,576 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2008.01.16 22:47:06 | 000,033,152 | ---- | M] (OEM) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\XMLDIUSB.sys -- (XMLDIUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: el-GR@dictionaries.addons.mozilla.org:0.8.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.20 13:23:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.12.26 00:28:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.06 20:57:58 | 000,000,000 | ---D | M]
 
[2010.09.22 19:53:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Extensions
[2012.01.19 19:10:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions
[2011.12.30 12:20:50 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.12.31 00:03:02 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.01.18 01:17:42 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2011.02.13 15:41:40 | 000,000,000 | ---D | M] (Greek Spelling dictionary) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\el-GR@dictionaries.addons.mozilla.org
[2012.01.11 18:08:46 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\https-everywhere@eff.org
[2011.03.12 21:15:09 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Saki\AppData\Roaming\mozilla\Firefox\Profiles\vfx8xca9.default\extensions\personas@christopher.beard
[2011.12.19 18:22:46 | 000,000,933 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\11-suche.xml
[2011.12.19 18:22:46 | 000,002,419 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\englische-ergebnisse.xml
[2011.12.19 18:22:45 | 000,010,525 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\gmx-suche.xml
[2011.12.14 17:50:39 | 000,001,854 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\idealode.xml
[2011.12.19 18:22:46 | 000,002,457 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\lastminute.xml
[2011.12.19 18:22:45 | 000,005,508 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Mozilla\Firefox\Profiles\vfx8xca9.default\searchplugins\webde-suche.xml
[2011.12.28 13:10:49 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.12.28 13:10:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\ICH@MALTEGOETZ.DE.XPI
() (No name found) -- C:\USERS\SAKI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\VFX8XCA9.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2011.12.26 00:28:34 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.12.28 13:10:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011.10.27 14:45:50 | 000,083,456 | ---- | M] (LiveVDO ) -- C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll
[2010.12.06 23:03:18 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.02 21:14:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.02 21:14:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.02 21:14:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.11.10 14:35:19 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011.10.02 21:14:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.02 21:14:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.02 21:14:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Saki\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Saki\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Saki\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: LiveVDO plug-in (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npvsharetvplg.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.0.60401.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google-Suche = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: DivX HiQ = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
CHR - Extension: Google Mail = C:\Users\Saki\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011.12.22 02:32:03 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [PDF Complete] C:\Programme\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Saki\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube Download - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93E36856-A876-4600-98F2-82F41288187C}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FC9A6404-A68F-4B4B-A706-831C3A54487A}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - State: "services" - 0
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.23 21:02:59 | 000,000,000 | ---D | C] -- C:\Users\Saki\Desktop\recording1469954000.3gpp_data
[2012.01.23 17:17:04 | 000,719,872 | ---- | C] (Abysmal Software) -- C:\Windows\System32\devil.dll
[2012.01.23 17:17:03 | 000,369,152 | ---- | C] (The Public) -- C:\Windows\System32\avisynth.dll
[2012.01.23 17:17:03 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\yv12vfw.dll
[2012.01.23 17:17:03 | 000,070,656 | ---- | C] (www.helixcommunity.org) -- C:\Windows\System32\i420vfw.dll
[2012.01.23 17:17:01 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2012.01.23 17:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2012.01.23 17:11:15 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012.01.23 17:11:15 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2012.01.23 17:11:15 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2012.01.23 17:11:14 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2012.01.23 17:11:14 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2012.01.23 17:11:14 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2012.01.23 17:11:13 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2012.01.23 17:11:13 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2012.01.23 17:11:12 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2012.01.23 17:11:11 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2012.01.23 17:11:10 | 000,169,472 | RHS- | C] (Gabest) -- C:\Windows\System32\MatroskaDX.ax
[2012.01.23 17:11:09 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2012.01.23 17:11:08 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2012.01.23 17:10:32 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2012.01.23 17:10:20 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\Babylon
[2012.01.23 17:10:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.01.23 17:10:15 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Babylon
[2012.01.23 17:09:54 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012.01.23 15:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Audacity
[2012.01.23 13:49:09 | 000,664,504 | ---- | C] (Softwareentwicklung Patric Remus -ArchiCrypt) -- C:\Users\Saki\Desktop\AntiBundestrojaner.exe
[2012.01.23 13:42:48 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.01.18 14:07:09 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\{691B4F2C-E4D7-447B-9072-7A549C17F70E}
[2012.01.18 14:06:45 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Local\{C00F7A5B-BBEA-4F8D-A011-A6D06AB822B9}
[2012.01.18 00:03:49 | 000,000,000 | R--D | C] -- C:\Users\Saki\Dropbox
[2012.01.17 23:58:17 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012.01.17 23:56:58 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Dropbox
[2012.01.11 18:30:34 | 000,000,000 | ---D | C] -- C:\Users\Saki\Desktop\SD Card
[2011.12.31 12:50:47 | 000,000,000 | ---D | C] -- C:\Users\Saki\Desktop\Backup Desire Dez 11
[2011.12.31 00:02:19 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoft
[2011.12.31 00:00:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011.12.30 15:24:42 | 000,000,000 | ---D | C] -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2011.12.30 15:24:37 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2011.12.30 15:24:36 | 000,000,000 | ---D | C] -- C:\Users\Saki\Documents\VirtualDJ
[2011.12.30 12:32:40 | 000,000,000 | ---D | C] -- C:\b0e0ddd14395ce2604
[2011.12.30 12:13:08 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011.12.30 12:12:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2011.12.30 12:11:51 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011.12.29 23:34:05 | 012,030,044 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\idtcpl.cpl
[2011.12.29 23:34:05 | 001,953,792 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\stlang.dll
[2011.12.29 23:34:05 | 000,458,844 | ---- | C] (IDT, Inc.) -- C:\Windows\sttray.exe
[2011.12.29 23:33:58 | 000,179,712 | ---- | C] (IDT, Inc.) -- C:\Windows\System32\staco.dll
[2011.12.28 13:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.12.28 12:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.24 21:10:51 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 21:10:51 | 000,014,928 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.24 19:34:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.24 19:34:33 | 1875,763,200 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.23 21:07:49 | 000,002,326 | ---- | M] () -- C:\Users\Saki\Desktop\Google Chrome (2).lnk
[2012.01.23 21:03:09 | 000,220,030 | ---- | M] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp.aup
[2012.01.23 17:21:59 | 068,262,797 | ---- | M] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp.MP3
[2012.01.23 17:10:38 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.01.23 15:24:17 | 000,000,913 | ---- | M] () -- C:\Users\Saki\Desktop\Audacity.lnk
[2012.01.18 00:03:49 | 000,001,037 | ---- | M] () -- C:\Users\Saki\Desktop\Dropbox.lnk
[2012.01.17 23:58:33 | 000,001,017 | ---- | M] () -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.13 14:39:59 | 000,656,710 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.13 14:39:59 | 000,618,552 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.13 14:39:59 | 000,554,314 | ---- | M] () -- C:\Windows\System32\perfh008.dat
[2012.01.13 14:39:59 | 000,131,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.13 14:39:59 | 000,107,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.13 14:39:59 | 000,090,622 | ---- | M] () -- C:\Windows\System32\perfc008.dat
[2012.01.04 16:59:53 | 000,000,158 | ---- | M] () -- C:\Users\Saki\Desktop\attachment.php
[2012.01.04 14:08:16 | 143,032,131 | ---- | M] () -- C:\Users\Saki\Desktop\3.14.405.1_WildFirE_V1.zip
[2011.12.31 12:48:58 | 091,151,315 | ---- | M] () -- C:\Users\Saki\Desktop\update-cm-7.1.0-Desire-signed.zip
[2011.12.30 21:13:36 | 000,000,146 | ---- | M] () -- C:\Users\Saki\Desktop\Sound - Verknüpfung.lnk
[2011.12.30 20:32:24 | 000,302,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.28 12:38:42 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2 C:\Users\Saki\Desktop\*.tmp files -> C:\Users\Saki\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.23 21:06:44 | 000,002,326 | ---- | C] () -- C:\Users\Saki\Desktop\Google Chrome (2).lnk
[2012.01.23 21:03:09 | 000,220,030 | ---- | C] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp.aup
[2012.01.23 17:21:50 | 068,262,797 | ---- | C] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp.MP3
[2012.01.23 17:17:03 | 000,032,256 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2012.01.23 17:11:14 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
[2012.01.23 17:11:14 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2012.01.23 17:11:13 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2012.01.23 17:11:12 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2012.01.23 17:11:12 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2012.01.23 17:11:11 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2012.01.23 17:11:10 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2012.01.23 17:11:09 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2012.01.23 17:11:08 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2012.01.23 17:11:08 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2012.01.23 17:10:35 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.01.23 15:24:17 | 000,000,925 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2012.01.23 15:24:17 | 000,000,913 | ---- | C] () -- C:\Users\Saki\Desktop\Audacity.lnk
[2012.01.18 00:03:49 | 000,001,037 | ---- | C] () -- C:\Users\Saki\Desktop\Dropbox.lnk
[2012.01.17 23:58:33 | 000,001,017 | ---- | C] () -- C:\Users\Saki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.01.04 16:59:51 | 000,000,158 | ---- | C] () -- C:\Users\Saki\Desktop\attachment.php
[2012.01.04 14:03:22 | 143,032,131 | ---- | C] () -- C:\Users\Saki\Desktop\3.14.405.1_WildFirE_V1.zip
[2011.12.31 13:01:32 | 002,776,251 | ---- | C] () -- C:\Users\Saki\Desktop\recording1469954000.3gpp
[2011.12.31 12:45:03 | 091,151,315 | ---- | C] () -- C:\Users\Saki\Desktop\update-cm-7.1.0-Desire-signed.zip
[2011.12.30 21:13:36 | 000,000,146 | ---- | C] () -- C:\Users\Saki\Desktop\Sound - Verknüpfung.lnk
[2011.12.29 23:34:06 | 000,001,641 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDT HD Audio.lnk
[2011.12.28 12:38:42 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
[2011.12.28 12:38:13 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011.09.29 23:00:05 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2011.09.15 16:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.06.29 20:31:30 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.06.29 20:31:29 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.05.24 16:09:43 | 000,369,984 | ---- | C] () -- C:\Windows\System32\perfi008.dat
[2011.05.24 16:09:42 | 000,554,314 | ---- | C] () -- C:\Windows\System32\perfh008.dat
[2011.05.24 16:09:42 | 000,090,622 | ---- | C] () -- C:\Windows\System32\perfc008.dat
[2011.05.24 16:09:42 | 000,045,182 | ---- | C] () -- C:\Windows\System32\perfd008.dat
[2011.04.27 18:10:37 | 000,725,064 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2011.04.27 18:10:36 | 000,016,472 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2011.04.27 18:10:35 | 000,011,104 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2011.04.09 22:24:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2011.04.09 22:21:12 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.10.22 22:20:25 | 000,031,658 | ---- | C] () -- C:\Windows\maxlink.ini
[2010.10.22 22:17:21 | 000,055,296 | ---- | C] () -- C:\Windows\System32\LFOGRPJL.DLL
[2010.10.22 22:17:21 | 000,016,896 | ---- | C] () -- C:\Windows\System32\LFOGRPOW.EXE
[2010.10.22 22:17:21 | 000,013,312 | ---- | C] () -- C:\Windows\System32\LFOGRCOI.DLL
[2010.10.04 03:41:32 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.10.04 03:41:31 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2010.10.04 01:18:45 | 000,007,605 | ---- | C] () -- C:\Users\Saki\AppData\Local\Resmon.ResmonCfg
[2010.09.22 19:17:32 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 10:04:11 | 000,656,710 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:04:11 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:04:11 | 000,131,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:04:11 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 000,302,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,618,552 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,107,574 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.18 18:29:04 | 000,197,654 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009.05.14 11:05:56 | 000,508,200 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008.09.02 23:38:28 | 000,010,752 | ---- | C] () -- C:\Windows\System32\FUSServices.exe
[2006.03.09 15:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== LOP Check ==========
 
[2010.11.27 01:17:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Ashampoo
[2012.01.23 17:10:15 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Babylon
[2012.01.25 00:00:04 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Dropbox
[2011.12.31 00:05:26 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoft
[2011.12.31 00:03:01 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.12.13 00:24:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\f-secure
[2011.04.06 18:33:28 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\gtk-2.0
[2011.10.09 14:07:34 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC
[2011.04.27 15:36:18 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2011.07.03 14:15:50 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Nitro PDF
[2010.09.28 16:55:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\OpenOffice.org
[2011.03.23 00:12:11 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Opera
[2011.04.06 18:25:54 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Scribus
[2011.05.28 15:13:06 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\ScummVM
[2012.01.24 02:50:51 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\SoftGrid Client
[2011.06.12 22:44:57 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Steganos
[2010.12.08 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\streamripper
[2011.11.25 00:03:38 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\TP
[2011.07.05 23:15:55 | 000,000,000 | ---D | M] -- C:\Users\Saki\AppData\Roaming\Windows Live Writer
[2011.12.28 13:02:42 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2011.12.22 02:32:12 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.11.04 13:41:57 | 000,000,000 | ---D | M] -- C:\ADB
[2011.12.30 12:33:10 | 000,000,000 | ---D | M] -- C:\b0e0ddd14395ce2604
[2010.09.22 19:20:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2011.12.25 16:24:43 | 000,000,000 | ---D | M] -- C:\FRST
[2011.12.02 22:30:09 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.23 17:17:01 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.01.23 17:10:16 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.09.22 19:20:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.09.22 19:20:47 | 000,000,000 | ---D | M] -- C:\Recovery
[2011.12.29 23:31:06 | 000,000,000 | ---D | M] -- C:\swsetup
[2012.01.25 00:49:48 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.09.29 22:58:31 | 000,000,000 | ---D | M] -- C:\system.sav
[2010.09.22 19:20:59 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.23 17:14:27 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\ERDNT\cache\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\ERDNT\cache\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\ERDNT\cache\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-01-12 01:16:25
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:5C321E34

< End of report >
Gruß

Larusso 25.01.2012 08:15
Code:
:otl
FF - prefs.js..keyword.URL: "hxxp://startsear.ch/?aff=2&src=sp&cf=8cfe85a6-2044-11e1-a791-00247e83dc50&q="
 
:commands
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt )
    Kopiere nun den Inhalt hier in Deinen Thread


Sollte jetzt verschwunden sein.

Larusso 31.01.2012 16:44
Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:33 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131