Erst Werbebombe, jetzt virenverteiler über ICQ.

#0
31.05.2010, 19:31
Member

Beiträge: 32
#1 Hallo zusammen,
Vor einigen Tagen bekam ich eine Nachricht per ICQ von wegen neues Foto und so.
Ich klick frohem Mutes drauf, will es öffnen und es klappt nicht, nachher stellte sich heraus, dass es nur 49 KB hat und anscheinen ein Virus war/ ist.
Von da an, öffnete sich ca. alle 10 Minuten der Internet Explorer und zeigte mir igrentwelche Werbeseiten.
Nachdem ich den beiden Prozessen im Taskmanager nachging ("Deiteipfad öffnen"), und die beiden Störenfriede manuell Löschte und anschließend noch mit Avira AntiVir Personal 3 Viren Irgentwo fand, war das Thema für mich Abgeschlossen.

So:
Nun zu meinem jetzigen Problem.. Ich saß vor gut einer Halben Stunde vor dem Rechner und hatte nebenbei ICQ laufen. Plötzlich öffnete sich von selbst ein Nachrichtenfenster und schickte den gleichen Link, den ich auch bekommen hatte, und die gleichen Schriftzeilen an meine "Freunde". Zum glück ist der Internetstecker ja nicht weit, und ich hab in schnell Gezogen..

Wie soll ich denn jetzt weiter vorgehen.? Und gibt es Leute mit einem änlichen, oder sogar mit dem selben Problem.?
Seitenanfang Seitenende
31.05.2010, 19:46
Member

Beiträge: 3716
#2 dann fang mal hiermit an, log posten
http://board.protecus.de/t23187.htm
Seitenanfang Seitenende
31.05.2010, 21:31
Member

Themenstarter

Beiträge: 32
#3 1. Ein ICQ Nachrichtenfenster öffnet sich von slebst und schickt diese Nachricht ( in dem Link ist der Virus versteckt) an meine "Freunde": "wie findest du mein neues foto so
** hxxp://www.popcorn.ma/img431.imageshack.us.php?image=ICH0737830249202010.JPG"

2. Datenträgerbereinigung habe ich dürchgeführt.

3.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4159

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

31.05.2010 20:41:05
mbam-log-2010-05-31 (20-41-05).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 120171
Laufzeit: 6 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\M5T8QL3YW3 (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\m5t8ql3yw3 (Trojan.FakeAlert) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.


4.

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-31 21:12:32
Windows 6.1.7600
Running: ku01bcis.exe; Driver: C:\Users\Marius\AppData\Local\Temp\kwldipow.sys


---- System - GMER 1.0.15 ----

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830383F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830212D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83020898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830381DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830386F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 83038F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 830391A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C51599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C75F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? System32\drivers\fgfkevp.sys Das System kann den angegebenen Pfad nicht finden. !
? System32\Drivers\spha.sys Das System kann den angegebenen Pfad nicht finden. !
.text USBPORT.SYS!DllUnload 94C88CA0 5 Bytes JMP 862EB4E0
.text peauth.sys 9BE37C9D 28 Bytes [15, 05, 68, CE, DC, AD, FF, ...]
.text peauth.sys 9BE37CC1 28 Bytes [15, 05, 68, CE, DC, AD, FF, ...]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [88E81042] \SystemRoot\System32\Drivers\spha.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [88E816D6] \SystemRoot\System32\Drivers\spha.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [88E81800] \SystemRoot\System32\Drivers\spha.sys
IAT \SystemRoot\system32\DRIVERS\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [88E8113E] \SystemRoot\System32\Drivers\spha.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73C32494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73C15624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73C156E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73C3250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73C28573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73C24D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73C250CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73C251A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [73C266D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73C282CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73C28819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73C2907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73C2E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4008] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73C24C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 850761F8
Device \FileSystem\fastfat \FatCdrom 872DB1F8
Device \Driver\usbuhci \Device\USBPDO-0 862F1500
Device \Driver\usbuhci \Device\USBPDO-1 862F1500
Device \Driver\usbuhci \Device\USBPDO-2 862F1500
Device \Driver\usbehci \Device\USBPDO-3 8628C500
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
Device \Driver\usbuhci \Device\USBPDO-4 862F1500
Device \Driver\usbuhci \Device\USBPDO-5 862F1500
Device \Driver\usbuhci \Device\USBPDO-6 862F1500
Device \Driver\volmgr \Device\HarddiskVolume1 850721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\usbehci \Device\USBPDO-7 8628C500
Device \Driver\volmgr \Device\HarddiskVolume2 850721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 861861F8
Device \Driver\volmgr \Device\HarddiskVolume3 850721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom1 861861F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 850741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-3 850741F8
Device \Driver\atapi \Device\Ide\IdePort0 850741F8
Device \Driver\atapi \Device\Ide\IdePort1 850741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T1L0-6 850741F8
Device \Driver\atapi \Device\Ide\IdePort2 850741F8
Device \Driver\atapi \Device\Ide\IdePort3 850741F8
Device \Driver\atapi \Device\Ide\IdePort4 850741F8
Device \Driver\atapi \Device\Ide\IdePort5 850741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-4 850741F8
Device \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-8 850741F8
Device \Driver\volmgr \Device\HarddiskVolume4 850721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume5 850721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\NetBT \Device\NetBT_Tcpip_{6D717477-B8CC-4249-AEBF-1E1A4A772FDA} 862361F8
Device \Driver\volmgr \Device\HarddiskVolume6 850721F8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\USBSTOR \Device\00000069 86D12500
Device \Driver\NetBT \Device\NetBt_Wins_Export 862361F8
Device \Driver\USBSTOR \Device\0000006a 86D12500
Device \Driver\usbuhci \Device\USBFDO-0 862F1500
Device \Driver\usbuhci \Device\USBFDO-1 862F1500
Device \Driver\usbuhci \Device\USBFDO-2 862F1500
Device \Driver\usbehci \Device\USBFDO-3 8628C500
Device \Driver\usbuhci \Device\USBFDO-4 862F1500
Device \Driver\usbuhci \Device\USBFDO-5 862F1500
Device \Driver\usbuhci \Device\USBFDO-6 862F1500
Device \Driver\usbehci \Device\USBFDO-7 8628C500
Device \FileSystem\fastfat \Fat 872DB1F8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

Device \FileSystem\cdfs \Cdfs 871E51F8

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792

---- Files - GMER 1.0.15 ----

File C:\System Volume Information\SPP\metadata-2 5724352 bytes
File C:\System Volume Information\SPP\snapshot-2 8640 bytes

---- EOF - GMER 1.0.15 ----


5.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:25:44, on 31.05.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hardcopy\hardcopy.exe
C:\Users\Public\winnsvc.exe
D:\Program Files (x86)\Opera\opera.exe
C:\Program Files\Orbitdownloader\orbitdm.exe
C:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\TerraTec\TerraTec Home Cinema\CinergyDvr.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe
O4 - Global Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube Download - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6995 bytes

6.

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.2 - Deutsch
Alarm für Cobra 11 - Nitro (remove only)
ASIO4ALL
Avira AntiVir Personal - Free Antivirus
Crysis(R)
Disk Doctors File Shredder 1.0.0
DivX-Setup
Firebird SQL Server - MAGIX Edition
FL Studio 9
Free Audio CD Burner version 1.2
Free YouTube Download 2.4
Free YouTube to MP3 Converter version 3.3
Hardcopy (C:\Program Files\Hardcopy)
Hardcore
Hercules DJ Products Series drivers
HiJackThis
ICQ7.1
IL Download Manager
IrfanView (remove only)
Junk Mail filter update
Loadstreet Fresh RAM 5.0
MAGIX Music Maker 16 Download-Version
MAGIX Screenshare
MAGIX Speed burnR
Malwarebytes' Anti-Malware
maxdome - Online Videothek Version 3.1.0
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (German) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (German) 2007
Microsoft Office PowerPoint MUI (German) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proof (Italian) 2007
Microsoft Office Proofing (German) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (German) 2007
Microsoft Office Word MUI (German) 2007
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MSI Afterburner 1.5.1
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
NVIDIA Display Control Panel
NVIDIA Drivers
Opera 10.53
Orbit Downloader
PhotoScape
PlayReady PC Runtime x86
PoiZone
Prüfungsfragen-CD Version 1.6
PunkBuster Services
PVSonyDll
Sakura
Sawer
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
SimpleOCR 3.1
Skype Toolbars
Skype™ 4.2
SpeedFan (remove only)
System Requirements Lab
TerraTec Home Cinema
Text-To-Speech-Runtime
Toxic Biohazard
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Word 2007 (KB974561)
Update für Microsoft Office Excel 2007 Help (KB963678)
Update für Microsoft Office Powerpoint 2007 Help (KB963669)
Update für Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.4053
Virtual DJ - Atomix Productions
VLC media player 1.0.5
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Fotogalerie
Windows Live ID-Anmelde-Assistent
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
Windows Live Toolbar
Windows Live Writer
Windows Live-Uploadtool
WinRAR



Habe schon vor einer kompletten Systemwiederherstellung gehört.?
Weis jemand davon was.?

** Warnung :
popcorn.ma/img431.imageshack.us.php?image=ICH0737830249202010.JPG ist Infiziert !!
Seitenanfang Seitenende
01.06.2010, 15:42
Member

Beiträge: 3716
#4 ootl:
Systemscan mit OTL
download otl:
http://oldtimer.geekstogo.com/OTL.exe
Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "run Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
poste beide, evtl müssen sie aufgeteilt werden.
Seitenanfang Seitenende
01.06.2010, 17:14
Member

Themenstarter

Beiträge: 32
#5 OTL:

OTL logfile created on: 01.06.2010 16:43:20 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,66 Gb Total Space | 21,40 Gb Free Space | 14,01% Space Free | Partition Type: NTFS
Drive D: | 303,35 Gb Total Space | 76,81 Gb Free Space | 25,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 76,69 Gb Total Space | 55,23 Gb Free Space | 72,01% Space Free | Partition Type: NTFS
Drive G: | 150,69 Gb Total Space | 39,33 Gb Free Space | 26,10% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 3,77 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 960,70 Mb Total Space | 5,70 Mb Free Space | 0,59% Space Free | Partition Type: FAT

Computer Name: HOME-PC
Current User Name: Marius
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe ()
PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe ()
PRC - C:\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Public\winnsvc.exe ()
PRC - C:\Program Files\Hardcopy\hardcopy.exe (sw4you, Siegfried Weckmann)
PRC - C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
PRC - D:\Program Files (x86)\Opera\opera.exe (Opera Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Orbitdownloader\orbitnet.exe (Orbitdownloader.com)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\IELowutil.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (HerculesDJControlMP3) -- C:\Program Files\Hercules\Audio\DJ Console Series\HerculesDJControlMP3.EXE ()


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (HDJAsioK) -- C:\Windows\System32\drivers\HDJAsioK.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (HDJMidi) -- C:\Windows\System32\drivers\HDJMidi.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (Bulk) -- C:\Windows\System32\drivers\HDJBulk.sys (© Guillemot R&D, 2009. All rights reserved.)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (KMWDFILTERx86) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation )
DRV - (ElRawDisk) -- C:\Windows\System32\drivers\dddsk.sys (EldoS Corporation)
DRV - (AF9035BDA) -- C:\Windows\System32\drivers\AF9035BDA.sys (AfaTech )
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A0 A0 74 16 BA E0 CA 01 [binary data]
IE - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5


[2010.04.03 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\mozilla\Extensions
[2010.05.31 21:12:20 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\gqubi56j.default\extensions
[2010.04.30 17:01:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marius\AppData\Roaming\mozilla\Firefox\Profiles\gqubi56j.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

O1 HOSTS File: ([2010.05.31 21:58:32 | 000,397,022 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13701 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL (TerraTec Electronic GmbH)
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [ICQ] C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe ()
O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = [binary data]
O7 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 1
O7 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - G:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.12.18 13:40:50 | 000,000,040 | R--- | M] () - I:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{a0783e38-3f3a-11df-85a5-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a0783e38-3f3a-11df-85a5-806e6f6e6963}\Shell\AutoRun\command - "" = I:\menue.exe -- [2010.02.15 17:34:28 | 004,486,040 | R--- | M] (Computec Media AG )
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias [2009.07.14 04:37:08 | 000,000,000 | ---D | M]
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
MsConfig - StartUpReg: File Shredder - hkey= - key= - C:\Program Files\Disk Doctors File Shredder\File Shredder.exe (Disk Doctor Labs Inc.)
MsConfig - StartUpReg: Halo2 - hkey= - key= - C:\Users\Marius\AppData\Local\Temp\sshnas21.DLL File not found
MsConfig - StartUpReg: Hercules DJ Series - hkey= - key= - C:\Program Files\Hercules\Audio\DJ Console Series\HDJSeriesCPL.exe (Hercules®)
MsConfig - StartUpReg: M5T8QL3YW3 - hkey= - key= - C:\Users\Marius\AppData\Local\Temp\It1.exe ()
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NeroFilterCheck - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG)
MsConfig - StartUpReg: RGSC - hkey= - key= - C:\Programme\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV\Rockstar Games Social Club\RGSCLauncher.exe File not found
MsConfig - State: "bootini" - 2
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.05.31 21:49:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.05.31 21:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2010.05.31 20:57:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010.05.31 20:31:49 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Malwarebytes
[2010.05.31 20:31:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.31 20:31:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.31 20:31:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.05.31 20:31:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.29 15:46:32 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_3.dll
[2010.05.29 15:46:32 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_2.dll
[2010.05.29 15:46:29 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_2.dll
[2010.05.29 15:46:29 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_1.dll
[2010.05.29 15:46:27 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_1.dll
[2010.05.29 15:45:58 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_0.dll
[2010.05.29 15:45:57 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_29.dll
[2010.05.29 15:45:57 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_0.dll
[2010.05.29 15:45:55 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_27.dll
[2010.05.29 15:45:54 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_25.dll
[2010.05.29 15:45:54 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_26.dll
[2010.05.29 15:45:54 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_24.dll
[2010.05.29 15:34:04 | 000,067,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sysinfo.ocx
[2010.05.29 15:34:03 | 000,609,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\comctl32.ocx
[2010.05.29 15:34:03 | 000,000,000 | ---D | C] -- C:\Program Files\Loadstreet
[2010.05.29 14:28:07 | 000,000,000 | ---D | C] -- C:\Program Files\MSI Afterburner
[2010.05.29 14:22:27 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\IrfanView
[2010.05.29 14:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\IrfanView
[2010.05.29 14:16:06 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2010.05.26 15:36:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.05.16 16:56:22 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Local\http___www.julien-manici
[2010.05.12 18:49:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2010.05.12 18:49:14 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Canon
[2010.05.12 18:47:26 | 000,000,000 | ---D | C] -- C:\Program Files\SimpleOCR
[2010.05.11 13:23:52 | 000,000,000 | ---D | C] -- C:\Program Files\Hardcopy
[2010.05.11 13:23:29 | 000,501,760 | ---- | C] (www.sw4you.de Siegfried Weckmann) -- C:\Windows\SwSetupu.exe
[2010.05.08 12:41:42 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2010.05.08 12:08:53 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_35.dll
[2010.05.08 12:08:53 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_35.dll
[2010.05.08 12:08:52 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_35.dll
[2010.05.08 12:08:49 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2010.05.08 12:08:49 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2010.05.08 12:08:49 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2010.05.07 20:21:17 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\skypePM
[2010.05.07 20:19:23 | 000,000,000 | ---D | C] -- C:\Users\Marius\AppData\Roaming\Skype
[2010.05.07 20:18:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.05.07 20:18:30 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.05.07 20:18:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.05.06 14:53:21 | 000,000,000 | ---D | C] -- C:\Program Files\GameSpy
[2010.05.03 21:05:59 | 000,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2
[2010.05.03 21:03:48 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\rewire.dll
[2010.05.03 21:03:46 | 000,000,000 | ---D | C] -- C:\Users\Marius\Documents\Image-Line
[2010.05.03 21:03:35 | 001,554,944 | ---- | C] (HMS http://hp.vector.co.jp/authors/VA012897/) -- C:\Windows\System32\vorbis.acm
[2010.05.03 21:03:14 | 000,000,000 | ---D | C] -- C:\Program Files\VstPlugins
[2010.05.03 21:03:09 | 000,000,000 | ---D | C] -- C:\Program Files\Outsim
[2010.05.03 21:00:24 | 000,000,000 | ---D | C] -- C:\Program Files\Image-Line

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.06.01 16:45:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.01 16:45:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.01 16:39:33 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.01 16:39:29 | 000,000,290 | -H-- | M] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.01 16:37:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.01 16:37:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.01 16:37:33 | 1609,424,896 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.01 15:46:10 | 006,553,600 | -HS- | M] () -- C:\Users\Marius\NTUSER.DAT
[2010.05.31 23:06:06 | 006,457,858 | -H-- | M] () -- C:\Users\Marius\AppData\Local\IconCache.db
[2010.05.31 21:58:32 | 000,397,022 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.31 21:49:53 | 000,001,222 | ---- | M] () -- C:\Users\Marius\Desktop\Spybot - Search & Destroy.lnk
[2010.05.31 20:57:08 | 000,002,969 | ---- | M] () -- C:\Users\Marius\Desktop\HiJackThis.lnk
[2010.05.31 20:31:41 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.30 20:19:47 | 000,026,624 | ---- | M] () -- C:\Users\Marius\Documents\WAITING FOR ANYA CHAPTER 8 VOCABULARY LIST.doc
[2010.05.30 20:19:25 | 000,024,064 | ---- | M] () -- C:\Users\Marius\Documents\WAITING FOR ANYA CHAPTER 7 VOCABULARY LIST.doc
[2010.05.29 16:02:44 | 000,000,049 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.05.29 15:59:36 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Nitro spielen.lnk
[2010.05.29 15:34:04 | 000,001,107 | ---- | M] () -- C:\Users\Public\Desktop\Loadstreet Fresh RAM.lnk
[2010.05.29 15:08:14 | 000,050,136 | ---- | M] () -- C:\Windows\System32\energy-report.html
[2010.05.29 14:59:53 | 000,000,486 | RHS- | M] () -- C:\Users\Marius\ntuser.pol
[2010.05.29 14:28:13 | 000,001,050 | ---- | M] () -- C:\Users\Marius\Desktop\MSI Afterburner.lnk
[2010.05.29 14:22:27 | 000,001,854 | ---- | M] () -- C:\Users\Marius\Desktop\IrfanView Thumbnails.lnk
[2010.05.29 14:22:27 | 000,000,974 | ---- | M] () -- C:\Users\Marius\Desktop\IrfanView.lnk
[2010.05.29 14:16:07 | 000,000,971 | ---- | M] () -- C:\Users\Marius\Desktop\SpeedFan.lnk
[2010.05.29 14:16:06 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2010.05.26 17:49:20 | 000,000,886 | ---- | M] () -- C:\Users\Marius\Desktop\gta_sa - Verknüpfung.lnk
[2010.05.26 15:35:42 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010.05.23 14:44:04 | 001,472,002 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.23 14:44:04 | 000,643,628 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.23 14:44:04 | 000,606,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.23 14:44:04 | 000,126,188 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.23 14:44:04 | 000,103,370 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.16 20:04:25 | 000,024,319 | ---- | M] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung 2.docx
[2010.05.16 20:00:33 | 000,098,776 | ---- | M] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung 1.rtf
[2010.05.16 19:54:18 | 000,098,739 | ---- | M] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung.doc
[2010.05.16 16:55:11 | 000,001,015 | ---- | M] () -- C:\Users\Marius\Desktop\Orbit.lnk
[2010.05.14 20:49:57 | 000,000,666 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.13 00:05:56 | 005,277,532 | ---- | M] () -- C:\Users\Marius\langeweile alltaahh xD.avi
[2010.05.13 00:02:13 | 000,001,203 | ---- | M] () -- C:\Users\Marius\Desktop\DVDVideoSoft Free Studio.lnk
[2010.05.12 22:03:31 | 000,000,342 | ---- | M] () -- C:\Windows\SoftWriting.ini
[2010.05.12 13:28:03 | 000,013,227 | ---- | M] () -- C:\Users\Marius\Documents\Mein Film.wlmp
[2010.05.12 11:21:16 | 000,221,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.05.11 19:19:47 | 000,001,917 | ---- | M] () -- C:\Users\Marius\Desktop\LaunchGTAIV - Verknüpfung (2).lnk
[2010.05.11 19:18:52 | 000,002,057 | ---- | M] () -- C:\Users\Marius\Desktop\Grand Theft Auto IV + 5 trainer - Verknüpfung.lnk
[2010.05.11 13:23:54 | 000,002,319 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
[2010.05.10 20:22:47 | 000,013,312 | ---- | M] () -- C:\Users\Marius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.08 13:23:17 | 000,000,789 | ---- | M] () -- C:\Users\Marius\Desktop\CoD2SP_s - Verknüpfung.lnk
[2010.05.08 13:06:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2010.05.08 13:06:37 | 000,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2010.05.08 12:09:45 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.08 12:09:45 | 000,022,328 | ---- | M] () -- C:\Users\Marius\AppData\Roaming\PnkBstrK.sys
[2010.05.08 12:09:05 | 000,669,184 | ---- | M] () -- C:\Windows\System32\pbsvc.exe
[2010.05.08 10:54:31 | 000,331,632 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.07 21:54:16 | 000,045,286 | ---- | M] () -- C:\Users\Marius\Documents\LG Köln (Waldorf Anwälte).docx
[2010.05.07 20:58:36 | 000,084,632 | ---- | M] () -- C:\Users\Marius\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.07 20:21:18 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.05.07 20:18:31 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.05.05 15:53:23 | 000,014,081 | ---- | M] () -- C:\Users\Marius\Documents\Kanzlei Waldorf.docx
[2010.05.05 15:53:16 | 000,012,299 | ---- | M] () -- C:\Users\Marius\Documents\Torrent Abmahung.docx
[2010.05.03 21:03:48 | 000,001,103 | ---- | M] () -- C:\Users\Marius\Desktop\FL Studio 9.lnk

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.06.01 16:39:21 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010.06.01 16:39:20 | 000,000,290 | -H-- | C] () -- C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.05.31 21:49:53 | 000,001,222 | ---- | C] () -- C:\Users\Marius\Desktop\Spybot - Search & Destroy.lnk
[2010.05.31 20:57:08 | 000,002,969 | ---- | C] () -- C:\Users\Marius\Desktop\HiJackThis.lnk
[2010.05.31 20:31:41 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.30 20:19:47 | 000,026,624 | ---- | C] () -- C:\Users\Marius\Documents\WAITING FOR ANYA CHAPTER 8 VOCABULARY LIST.doc
[2010.05.30 20:19:25 | 000,024,064 | ---- | C] () -- C:\Users\Marius\Documents\WAITING FOR ANYA CHAPTER 7 VOCABULARY LIST.doc
[2010.05.29 16:02:44 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.05.29 15:59:36 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\Alarm für Cobra 11 - Nitro spielen.lnk
[2010.05.29 15:34:04 | 000,001,107 | ---- | C] () -- C:\Users\Public\Desktop\Loadstreet Fresh RAM.lnk
[2010.05.29 15:08:14 | 000,050,136 | ---- | C] () -- C:\Windows\System32\energy-report.html
[2010.05.29 14:59:53 | 000,000,486 | RHS- | C] () -- C:\Users\Marius\ntuser.pol
[2010.05.29 14:28:13 | 000,001,050 | ---- | C] () -- C:\Users\Marius\Desktop\MSI Afterburner.lnk
[2010.05.29 14:22:27 | 000,001,854 | ---- | C] () -- C:\Users\Marius\Desktop\IrfanView Thumbnails.lnk
[2010.05.29 14:22:27 | 000,000,974 | ---- | C] () -- C:\Users\Marius\Desktop\IrfanView.lnk
[2010.05.29 14:16:07 | 000,000,971 | ---- | C] () -- C:\Users\Marius\Desktop\SpeedFan.lnk
[2010.05.29 14:15:58 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2010.05.26 17:49:20 | 000,000,886 | ---- | C] () -- C:\Users\Marius\Desktop\gta_sa - Verknüpfung.lnk
[2010.05.16 20:04:23 | 000,024,319 | ---- | C] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung 2.docx
[2010.05.16 20:00:30 | 000,098,776 | ---- | C] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung 1.rtf
[2010.05.13 00:05:58 | 000,012,800 | -HS- | C] () -- C:\Users\Marius\Thumbs.db
[2010.05.13 00:05:52 | 005,277,532 | ---- | C] () -- C:\Users\Marius\langeweile alltaahh xD.avi
[2010.05.12 21:05:18 | 000,098,739 | ---- | C] () -- C:\Users\Marius\Documents\Abmahnung wegen Urheberrechtsverletzung.doc
[2010.05.12 18:47:28 | 000,000,342 | ---- | C] () -- C:\Windows\SoftWriting.ini
[2010.05.12 13:20:24 | 000,013,227 | ---- | C] () -- C:\Users\Marius\Documents\Mein Film.wlmp
[2010.05.11 19:19:47 | 000,001,917 | ---- | C] () -- C:\Users\Marius\Desktop\LaunchGTAIV - Verknüpfung (2).lnk
[2010.05.11 19:18:52 | 000,002,057 | ---- | C] () -- C:\Users\Marius\Desktop\Grand Theft Auto IV + 5 trainer - Verknüpfung.lnk
[2010.05.11 13:23:54 | 000,002,319 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hardcopy.LNK
[2010.05.08 13:23:17 | 000,000,789 | ---- | C] () -- C:\Users\Marius\Desktop\CoD2SP_s - Verknüpfung.lnk
[2010.05.08 12:09:45 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.08 12:09:45 | 000,022,328 | ---- | C] () -- C:\Users\Marius\AppData\Roaming\PnkBstrK.sys
[2010.05.08 12:09:11 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.05.08 12:09:05 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.05.08 12:09:05 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.05.08 12:08:09 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Crysis.lnk
[2010.05.07 21:54:15 | 000,045,286 | ---- | C] () -- C:\Users\Marius\Documents\LG Köln (Waldorf Anwälte).docx
[2010.05.07 20:21:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.07 20:18:31 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.05.05 15:53:22 | 000,014,081 | ---- | C] () -- C:\Users\Marius\Documents\Kanzlei Waldorf.docx
[2010.05.05 15:53:16 | 000,012,299 | ---- | C] () -- C:\Users\Marius\Documents\Torrent Abmahung.docx
[2010.05.03 21:03:48 | 000,001,103 | ---- | C] () -- C:\Users\Marius\Desktop\FL Studio 9.lnk
[2010.04.19 16:23:45 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2010.04.15 19:31:55 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

[color=#E56717]========== LOP Check ==========[/color]

[2010.05.12 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Canon
[2010.04.15 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DAEMON Tools Lite
[2010.05.13 00:02:18 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.15 14:23:27 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\GrabPro
[2010.06.01 16:39:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\ICQ
[2010.05.29 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\IrfanView
[2010.04.19 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\MAGIX
[2010.04.03 18:34:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Opera
[2010.06.01 16:41:32 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Orbit
[2010.04.08 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\TerraTec
[2009.07.14 06:53:46 | 000,022,552 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.01 16:39:33 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
[2010.06.01 16:39:29 | 000,000,290 | -H-- | M] () -- C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job

[color=#E56717]========== Purity Check ==========[/color]



[color=#E56717]========== Custom Scans ==========[/color]


[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*. >[/color]

[color=#A23BEC]< %ALLUSERSPROFILE%\Application Data\*.exe /s >[/color]

[color=#A23BEC]< %APPDATA%\*. >[/color]
[2010.04.04 14:31:47 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Adobe
[2010.04.07 22:03:11 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Avira
[2010.05.12 18:49:14 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Canon
[2010.04.15 19:30:50 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DAEMON Tools Lite
[2010.04.11 21:33:30 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DivX
[2010.04.10 01:01:25 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\dvdcss
[2010.05.13 00:02:18 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.04.15 14:23:27 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\GrabPro
[2010.06.01 16:39:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\ICQ
[2010.04.03 17:51:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Identities
[2010.04.08 14:36:19 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\InstallShield
[2010.05.29 14:24:18 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\IrfanView
[2010.04.03 18:29:20 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Macromedia
[2010.04.19 16:27:23 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\MAGIX
[2010.05.31 20:31:49 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Malwarebytes
[2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Media Center Programs
[2010.05.31 20:57:07 | 000,000,000 | --SD | M] -- C:\Users\Marius\AppData\Roaming\Microsoft
[2010.04.03 18:13:28 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Mozilla
[2010.04.07 12:00:34 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Nero
[2010.04.03 18:34:35 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Opera
[2010.06.01 16:41:32 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Orbit
[2010.04.16 14:52:06 | 000,000,000 | RH-D | M] -- C:\Users\Marius\AppData\Roaming\SecuROM
[2010.05.15 01:01:29 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\Skype
[2010.05.15 00:05:15 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\skypePM
[2010.04.08 20:43:05 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\TerraTec
[2010.05.16 14:55:14 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\vlc
[2010.04.03 22:00:41 | 000,000,000 | ---D | M] -- C:\Users\Marius\AppData\Roaming\WinRAR

[color=#A23BEC]< %APPDATA%\*.exe /s >[/color]
[2010.05.31 20:57:07 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Users\Marius\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]


[color=#A23BEC]< MD5 for: AGP440.SYS >[/color]
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[color=#A23BEC]< MD5 for: ATAPI.SYS >[/color]
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[color=#A23BEC]< MD5 for: CNGAUDIT.DLL >[/color]
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[color=#A23BEC]< MD5 for: IASTORV.SYS >[/color]
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[color=#A23BEC]< MD5 for: NETLOGON.DLL >[/color]
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

[color=#A23BEC]< MD5 for: NVSTOR.SYS >[/color]
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

[color=#A23BEC]< MD5 for: SCECLI.DLL >[/color]
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[color=#A23BEC]< MD5 for: WS2IFSL.SYS >[/color]
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
[2010.04.15 19:31:55 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\drivers\sptd.sys

[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll

< End of report >


Extras:

OTL Extras logfile created on: 01.06.2010 16:43:20 - Run 1
OTL by OldTimer - Version 3.2.5.2 Folder = C:\Downloads
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 52,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 152,66 Gb Total Space | 21,40 Gb Free Space | 14,01% Space Free | Partition Type: NTFS
Drive D: | 303,35 Gb Total Space | 76,81 Gb Free Space | 25,32% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 76,69 Gb Total Space | 55,23 Gb Free Space | 72,01% Space Free | Partition Type: NTFS
Drive G: | 150,69 Gb Total Space | 39,33 Gb Free Space | 26,10% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 3,77 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 960,70 Mb Total Space | 5,70 Mb Free Space | 0,59% Space Free | Partition Type: FAT

Computer Name: HOME-PC
Current User Name: Marius
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.reg [@ = Regedit.Document] -- c:\Winnt\Regedit.exe File not found

[HKEY_USERS\S-1-5-21-867199820-2383848948-1206279136-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Orbitdownloader\orbitdm.exe" = C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files\Orbitdownloader\orbitnet.exe" = C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{1A0D2EFC-C4FC-446A-8BC3-57A54CE5EADD}" = Opera 10.53
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33999F1F-EA46-4E55-A239-1BA803235396}" = Hercules DJ Products Series drivers
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63B9BAB5-F36A-4A3B-9E5C-68A7F212BFB9}" = TerraTec Home Cinema
"{6803A6E6-48FF-48AB-B558-7B651BBE1031}" = Nero 8 Essentials
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9E1BAB75-EB78-440D-94C0-A3857BE2E733}" = System Requirements Lab
"{A6DD7A9D-198F-4CB2-97DB-4F429E39319A}_is1" = Disk Doctors File Shredder 1.0.0
"{AC2FE961-EC77-43D8-9760-BE992408D1E3}_is1" = Loadstreet Fresh RAM 5.0
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Afterburner" = MSI Afterburner 1.5.1
"ASIO4ALL" = ASIO4ALL
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C11-Nitro" = Alarm für Cobra 11 - Nitro (remove only)
"DivX Setup.divx.com" = DivX-Setup
"FL Studio 9" = FL Studio 9
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube Download_is1" = Free YouTube Download 2.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"Hardcopy(C__Program Files_Hardcopy)" = Hardcopy (C:\Program Files\Hardcopy)
"Hardcore" = Hardcore
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IL Download Manager" = IL Download Manager
"IrfanView" = IrfanView (remove only)
"MAGIX Music Maker 16 Download-Version D" = MAGIX Music Maker 16 Download-Version
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"maxdome - Online Videothek_is1" = maxdome - Online Videothek Version 3.1.0
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Orbit_is1" = Orbit Downloader
"PhotoScape" = PhotoScape
"PoiZone" = PoiZone
"Prüfungsfragen-CD_is1" = Prüfungsfragen-CD Version 1.6
"PunkBusterSvc" = PunkBuster Services
"Sakura" = Sakura
"Sawer" = Sawer
"SimpleOCR 3.1" = SimpleOCR 3.1
"SpeedFan" = SpeedFan (remove only)
"Toxic Biohazard" = Toxic Biohazard
"Uninstall_is1" = Uninstall 1.0.0.1
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 25.05.2010 11:18:37 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wmpnetwk.exe, Version: 12.0.7600.16385,
Zeitstempel: 0x4a5bccb3 Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bdaae Ausnahmecode: 0x0000046b Fehleroffset: 0x00009617 ID des fehlerhaften
Prozesses: 0xa6c Startzeit der fehlerhaften Anwendung: 0x01cafc0e166aa169 Pfad der
fehlerhaften Anwendung: C:\Program Files\Windows Media Player\wmpnetwk.exe Pfad
des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll Berichtskennung: ca08edcc-6810-11df-8fbe-001fd0941148

Error - 29.05.2010 08:40:07 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CINEBENCH Windows 32 Bit.exe, Version:
11.5.2.9, Zeitstempel: 0x4b750c1c Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xc06d007e Fehleroffset:
0x00009617 ID des fehlerhaften Prozesses: 0x104c Startzeit der fehlerhaften Anwendung:
0x01caff2c101bbb03 Pfad der fehlerhaften Anwendung: C:\Programme (x86)\Cinebench
x32\CINEBENCH Windows 32 Bit.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung:
4f244124-6b1f-11df-8949-001fd0941148

Error - 29.05.2010 08:40:26 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CINEBENCH Windows 32 Bit.exe, Version:
11.5.2.9, Zeitstempel: 0x4b750c1c Name des fehlerhaften Moduls: KERNELBASE.dll,
Version: 6.1.7600.16385, Zeitstempel: 0x4a5bdaae Ausnahmecode: 0xc06d007e Fehleroffset:
0x00009617 ID des fehlerhaften Prozesses: 0x177c Startzeit der fehlerhaften Anwendung:
0x01caff2c1d4844b5 Pfad der fehlerhaften Anwendung: C:\Programme (x86)\Cinebench
x32\CINEBENCH Windows 32 Bit.exe Pfad des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll
Berichtskennung:
5af72936-6b1f-11df-8949-001fd0941148

Error - 29.05.2010 09:45:23 | Computer Name = Home-PC | Source = VSS | ID = 8194
Description =

Error - 31.05.2010 13:56:13 | Computer Name = Home-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\asio4all
v2\a4apanel64.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 31.05.2010 13:57:19 | Computer Name = Home-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search box extension\SrchBxEx.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search box extension\SrchBxEx.dll"
in Zeile 2. Ungültige XML-Syntax.

Error - 31.05.2010 13:57:19 | Computer Name = Home-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SearchHelper.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll"
in Zeile 2. Ungültige XML-Syntax.

Error - 31.05.2010 13:57:19 | Computer Name = Home-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\SEPsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.

Error - 31.05.2010 13:57:50 | Computer Name = Home-PC | Source = SideBySide | ID = 16842811
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft\search
enhancement pack\search helper\sepsearchhelperie.dll". Fehler in Manifest- oder
Richtliniendatei "c:\program files\microsoft\search enhancement pack\search helper\sepsearchhelperie.dll"
in Zeile 2. Ungültige XML-Syntax.

Error - 31.05.2010 14:50:59 | Computer Name = Home-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: 9589.exe, Version: 0.0.0.0, Zeitstempel:
0x4c03f619 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses:
0x45c Startzeit der fehlerhaften Anwendung: 0x01cb00f2348fc67a Pfad der fehlerhaften
Anwendung: C:\Users\Marius\AppData\Local\Temp\9589.exe Pfad des fehlerhaften Moduls:
unknown Berichtskennung: 73593043-6ce5-11df-acd3-001fd0941148

[ Media Center Events ]
Error - 24.05.2010 15:31:36 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 21:31:29 - Fehler beim Herstellen der Internetverbindung. 21:31:29
- Serververbindung konnte nicht hergestellt werden..

Error - 24.05.2010 16:31:48 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 22:31:48 - Fehler beim Herstellen der Internetverbindung. 22:31:48
- Serververbindung konnte nicht hergestellt werden..

Error - 24.05.2010 16:32:06 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 22:31:54 - Fehler beim Herstellen der Internetverbindung. 22:31:54
- Serververbindung konnte nicht hergestellt werden..

Error - 26.05.2010 21:23:46 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 03:23:37 - Fehler beim Herstellen der Internetverbindung. 03:23:37
- Serververbindung konnte nicht hergestellt werden..

Error - 26.05.2010 22:23:54 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 04:23:50 - Fehler beim Herstellen der Internetverbindung. 04:23:50
- Serververbindung konnte nicht hergestellt werden..

Error - 26.05.2010 23:24:01 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 05:23:58 - Fehler beim Herstellen der Internetverbindung. 05:23:58
- Serververbindung konnte nicht hergestellt werden..

Error - 29.05.2010 16:11:06 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 22:10:52 - Fehler beim Herstellen der Internetverbindung. 22:10:52
- Serververbindung konnte nicht hergestellt werden..

Error - 29.05.2010 16:11:40 | Computer Name = Home-PC | Source = ehRecvr | ID = 3
Description = Auf dem TV-Tuner ist ein Fehler aufgetreten. (0xc0040524) Cinergy
T-Stick Tuner

Error - 29.05.2010 17:11:23 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 23:11:15 - Fehler beim Herstellen der Internetverbindung. 23:11:15
- Serververbindung konnte nicht hergestellt werden..

Error - 29.05.2010 18:11:37 | Computer Name = Home-PC | Source = MCUpdate | ID = 0
Description = 00:11:30 - Fehler beim Herstellen der Internetverbindung. 00:11:30
- Serververbindung konnte nicht hergestellt werden..

[ System Events ]
Error - 30.05.2010 11:53:04 | Computer Name = Home-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error - 31.05.2010 13:11:47 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "PnkBstrA" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 31.05.2010 13:12:28 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "FABS - Helping agent for MAGIX media database" wurde unerwartet
beendet. Dies ist bereits 1 Mal passiert.

Error - 31.05.2010 14:41:49 | Computer Name = Home-PC | Source = DCOM | ID = 10010
Description =

Error - 01.06.2010 09:20:10 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SBSD Security Center Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 01.06.2010 09:20:14 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "SeaPort" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.

Error - 01.06.2010 09:20:18 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.

Error - 01.06.2010 09:20:37 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Live ID Sign-in Assistant" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
Millisekunden durchgeführt: Neustart des Diensts.

Error - 01.06.2010 09:20:49 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet
beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden
in 30000 Millisekunden durchgeführt: Neustart des Diensts.

Error - 01.06.2010 09:20:49 | Computer Name = Home-PC | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen,
ist fehlgeschlagen. Fehler: %%1056


< End of report >
Seitenanfang Seitenende
01.06.2010, 17:40
Member

Beiträge: 3716
#6 bis wir mit der reinigung fertig sind, deinstaliere spybot, starte den pc neu.

aber ich würd komplett drauf verzichten, mir persönlich gefällts nicht so.

CD-Emulatoren mit DeFogger deaktivieren

Du hast CD-Emulatoren wie Alcohol, DaemonTools oder ähnliche auf diesem Computer installiert. Da
diese Emulatoren mit Rootkit-Technik arbeiten, können sie die Fahndung nach bösartigen Rootkits
verfälschen und erschweren. Aus diesem Grund bitte entweder das folgende Tool zum Deaktivieren
laufen lassen oder die Software über Systemsteuerung => Software/Programme deinstallieren.
Berichte mir, für welche Variante Du Dich entschieden hast. Die Deaktivierung können wir nach der
Bereinigung rückgängig machen.

Lade
http://www.jpshortstuff.247fixes.com/Defogger.exe
herunter und speichere es auf Deinem Desktop.

Doppelklicke DeFogger, um das Tool zu starten.

• Es öffnet sich das Programm-Fenster des Tools.
• Klick auf den Button Disable, um die CD- Emulation-Treiber zu deaktivieren.
• Klicke Ja, um fortzufahren.
• Wenn die Nachricht 'Finished!' erscheint,
• klicke OK.
• DeFogger wird nun einen Reboot erfragen - klicke OK
• Poste mir das defogger_disable.log hier in den Thread. Keinesfalls die Treiber reaktivieren, bevor es angewiesen wird.

Fixen mit OTL

• Starte bitte die OTL.exe.
Vista-User mit Rechtsklick "als Administrator starten"
• Kopiere nun das Folgende in die Textbox.

:OTL
PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe ()
PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe ()
PRC - C:\Users\Public\winnsvc.exe ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe ()
O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()
:files
C:\Users\Public\winnsvc.exe
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[start explorer]
[Reboot]

• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Run Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument dieses posten
Seitenanfang Seitenende
01.06.2010, 20:53
Member

Themenstarter

Beiträge: 32
#7 Als erstes schonmal vielen Dank für die ganze Mühe und so.!!!!

Ich hab alle Emulatoren deaktiviert habe aber keine .log bekommen..

Ich weis nicht, ob es wichtig ist, aber ich habe inzwischen schon viele Rechte verloren, auf meinen Rechner zuzugreifen. Bilder im Anhang.

Seitenanfang Seitenende
01.06.2010, 20:58
Member

Themenstarter

Beiträge: 32
#8 All processes killed
Error: Unable to interpret <PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Users\Public\winnsvc.exe ()> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()> in the current context!
========== FILES ==========
C:\Users\Public\winnsvc.exe moved successfully.
C:\Windows\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Marius
->Flash cache emptied: 20072 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Marius
->Temp folder emptied: 680718 bytes
->Temporary Internet Files folder emptied: 208492374 bytes
->FireFox cache emptied: 82543290 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5402109 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 283,00 mb


OTL by OldTimer - Version 3.2.5.2 log created on 06012010_205505

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Seitenanfang Seitenende
01.06.2010, 21:00
Member

Themenstarter

Beiträge: 32
#9 Oh.. Nach dem Einsatz von OTL sieht meine System-Platte, also die Ordner, wieder normal aus. Aber du wirst ja wissen was wirklich noch ist. ;)

Anhang: Normal.png
Seitenanfang Seitenende
01.06.2010, 21:18
Member

Beiträge: 3716
#10 neues otl script
:OTL
PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe ()
PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe ()
PRC - C:\Users\Public\winnsvc.exe ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe ()
O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()
:files
C:\Users\Marius\AppData\Local\Temp\It2.exe
C:\Users\Marius\AppData\Local\Temp\It1.exe
C:\Users\Public\winnsvc.exe
Seitenanfang Seitenende
01.06.2010, 21:51
Member

Themenstarter

Beiträge: 32
#11 Error: Unable to interpret <PRC - C:\Users\Marius\AppData\Local\Temp\It2.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Users\Marius\AppData\Local\Temp\It1.exe ()> in the current context!
Error: Unable to interpret <PRC - C:\Users\Public\winnsvc.exe ()> in the current context!
Error: Unable to interpret <O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe ()> in the current context!
Error: Unable to interpret <O4 - HKU\S-1-5-21-867199820-2383848948-1206279136-1001..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe ()> in the current context!
========== FILES ==========
File\Folder C:\Users\Marius\AppData\Local\Temp\It2.exe not found.
File\Folder C:\Users\Marius\AppData\Local\Temp\It1.exe not found.
File\Folder C:\Users\Public\winnsvc.exe not found.

OTL by OldTimer - Version 3.2.5.2 log created on 06012010_214956
Seitenanfang Seitenende
02.06.2010, 12:31
Member

Beiträge: 3716
#12 erstelle bitte ein hijackthis log, poste es,.
Seitenanfang Seitenende
02.06.2010, 18:19
Member

Themenstarter

Beiträge: 32
#13 Noch eins.?
Ok..
Seitenanfang Seitenende
02.06.2010, 18:20
Member

Themenstarter

Beiträge: 32
#14 Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:20:07, on 02.06.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hardcopy\hardcopy.exe
D:\Program Files (x86)\Opera\opera.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\PROGRA~2\TerraTec\TERRAT~1\THCDES~1.DLL
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.1\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Windows System Manager] C:\Users\Public\winnsvc.exe
O4 - HKCU\..\Run: [M5T8QL3YW3] C:\Users\Marius\AppData\Local\Temp\It2.exe
O4 - Global Startup: Hardcopy.LNK = C:\Program Files\Hardcopy\hardcopy.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Free YouTube Download - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Marius\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files\ICQ7.1\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} (SysInfo Class) - http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 6866 bytes
Seitenanfang Seitenende
02.06.2010, 18:47
Member

Themenstarter

Beiträge: 32
#15 Ach weiste was?

Ich danke dir für die Mühe und alles.
Aber nun werde ich wohl eher mein System neu aufsetzen..
Ich glaub das bringt alles nichts, so hier herumzudoktorn. ;)

Vielen Dank nochmal.

LG
Seitenanfang Seitenende