Hosts Datei Infiziert - Ist Unsichtbar und nicht Editierbar

#1 Hallo zusammen,

meine Hosts Datei wurde Infiziert. Mein Virenscanner hat mitlerweile auch mal angeschlagen und irgendwas aus meinem AppData Temp Ordner entfernt (siehe Anhang). Allerdings ist meine Hosts Datei infiziert und ich bekomm sie nicht bereinigt. Habs im abgesicherten Modus oder als Administrator versucht und sie lässt sich einfach nicht überschreiben oder löschen.

Ich benutze Windows7 und mein HijackThis gibt folgendes aus:

Zitat

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:03:23, on 07.03.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Steam\Steam.exe
C:\Users\nenti\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\nenti\Downloads\HiJackThis204.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [LicenseValidator] C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
O4 - HKUS\S-1-5-18\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1 (User 'Default user')
O4 - Startup: Dropbox.lnk = nenti\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5088 bytes

Als kleinen Nebeneffekt bekomm ich in unregelmäßigen abständen wenn ich auf einen link klicke statt der Seite die ich besuchen will irgendeine Werbung eingespielt. Denke mal das wird durch die Hosts datei hervorgerufen weil mir jemand irgendwelchen javascript code über die manipulierten ips einschleust die ja in recht vielen Seiten eingebettet sind.

Kann mir jemand helfen?

OTL:

Zitat

OTL logfile created on: 07.03.2012 12:18:34 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\nenti\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,78% Memory free
8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,17 Gb Total Space | 22,54 Gb Free Space | 12,11% Space Free | Partition Type: NTFS

Computer Name: NENTI-PC | User Name: nenti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.03.07 12:16:00 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\nenti\Downloads\OTL.exe
PRC - [2012.03.04 16:18:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.02.18 13:27:26 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2012.02.16 15:55:51 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.02.15 00:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\nenti\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011.12.09 16:16:00 | 000,161,336 | ---- | M] (Google) -- C:\Users\nenti\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.11.20 13:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.11.12 19:08:04 | 000,398,680 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Game Booster\GameBox.exe


[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - [2012.02.23 18:35:20 | 014,415,144 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.02.23 18:35:20 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
MOD - [2012.02.23 18:35:20 | 000,857,896 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.02.23 18:35:20 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
MOD - [2012.02.23 18:35:20 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
MOD - [2012.02.18 09:29:07 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2012.02.16 15:55:51 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.10.15 00:54:26 | 000,265,536 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
MOD - [2010.11.12 19:08:46 | 000,511,384 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster\sqlite3.dll
MOD - [2009.09.15 18:20:50 | 000,177,152 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster\madBasic_.bpl
MOD - [2009.09.15 18:20:50 | 000,044,544 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster\madDisAsm_.bpl
MOD - [2009.09.15 18:20:44 | 000,345,088 | ---- | M] () -- C:\Program Files (x86)\IObit\Game Booster\madExcept_.bpl


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV:64bit: - [2011.04.27 17:21:18 | 000,288,272 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2011.04.27 17:21:18 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.03.04 16:18:23 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.23 18:35:20 | 000,489,256 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.07 13:18:30 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.15 09:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.10.15 00:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.08.17 16:52:05 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2011.08.03 09:58:52 | 000,168,864 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Common Files\WireHelpSvc.exe -- (WireHelpSvc)
SRV - [2011.06.16 12:53:58 | 000,477,696 | ---- | M] (iZ3D Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iZ3D Driver\Win64\S3DCService.exe -- (S3DSvc64) S3D Service (Win64)
SRV - [2011.06.16 12:49:40 | 000,357,888 | ---- | M] (iZ3D Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\iZ3D Driver\Win32\S3DCService.exe -- (S3DSvc32) S3D Service (Win32)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.11.12 10:34:14 | 000,036,352 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2009.07.20 12:36:14 | 000,160,784 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2011.10.15 17:20:11 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.08.03 13:12:34 | 000,161,184 | ---- | M] (<Turtle Entertainment> [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ESLWireACD.sys -- (ESLWireAC)
DRV:64bit: - [2011.08.02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.27 15:25:24 | 000,084,864 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.27 10:24:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.27 10:24:54 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.13 11:20:44 | 000,025,528 | ---- | M] (Turtle Entertainment GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ESLvnic.sys -- (ESLvnic1)
DRV:64bit: - [2010.07.28 23:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.27 03:25:20 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.04.27 03:25:20 | 000,141,384 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdserd.sys -- (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM)
DRV:64bit: - [2010.04.27 03:25:20 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)
DRV:64bit: - [2010.04.27 03:25:20 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2009.11.12 10:34:40 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.17 17:54:30 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2009.06.17 17:54:22 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2009.06.17 17:54:14 | 000,013,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2009.06.17 17:54:06 | 000,074,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2007.04.12 07:10:28 | 000,151,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\COMMONFX.DLL -- (COMMONFX.DLL)
DRV:64bit: - [2007.04.10 05:07:54 | 000,580,904 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2007.04.10 03:41:54 | 000,295,208 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\haP17v2k.sys -- (hap17v2k)
DRV:64bit: - [2007.04.10 03:41:20 | 000,259,880 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\haP16v2k.sys -- (hap16v2k)
DRV:64bit: - [2007.04.10 03:40:24 | 001,359,144 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV:64bit: - [2007.04.10 03:39:48 | 000,147,752 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2007.04.10 03:38:40 | 000,290,600 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2007.04.10 03:38:10 | 000,017,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2007.04.10 03:37:36 | 000,218,408 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2007.04.10 03:35:28 | 000,863,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2007.04.10 03:17:22 | 000,123,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTHWIUT.DLL -- (CTHWIUT.DLL)
DRV:64bit: - [2007.04.10 03:17:00 | 000,252,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CT20XUT.DLL -- (CT20XUT.DLL)
DRV:64bit: - [2007.04.10 03:16:20 | 001,571,112 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEXFIFX.DLL -- (CTEXFIFX.DLL)
DRV:64bit: - [2007.04.10 03:15:44 | 000,363,304 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPSY.DLL -- (CTEDSPSY.DLL)
DRV:64bit: - [2007.04.10 03:15:10 | 000,190,248 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPIO.DLL -- (CTEDSPIO.DLL)
DRV:64bit: - [2007.04.10 03:14:28 | 000,142,120 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTERFXFX.DLL -- (CTERFXFX.DLL)
DRV:64bit: - [2007.04.10 03:13:38 | 000,321,832 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEDSPFX.DLL -- (CTEDSPFX.DLL)
DRV:64bit: - [2007.04.10 03:13:08 | 000,219,432 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\CTEAPSFX.DLL -- (CTEAPSFX.DLL)
DRV:64bit: - [2007.04.10 03:12:22 | 000,681,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTSBLFX.DLL -- (CTSBLFX.DLL)
DRV:64bit: - [2007.04.10 03:11:46 | 000,700,200 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\CTAUDFX.DLL -- (CTAUDFX.DLL)
DRV - [2011.06.16 12:35:30 | 000,043,704 | ---- | M] () [Kernel | System | Running] -- C:\Program Files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys -- (iZ3DInjectionDriver)
DRV - [2010.06.14 09:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 53 FC 2C 96 E2 74 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\nenti\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\nenti\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\nenti\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\nenti\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.28 07:32:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.02.28 07:32:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\nenti\AppData\Roaming\mozilla\Extensions
[2012.02.28 07:32:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.16 15:55:53 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.16 11:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\nenti\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\nenti\AppData\Local\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\nenti\AppData\Local\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\nenti\AppData\Local\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\nenti\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\nenti\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\nenti\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Angry Birds = C:\Users\nenti\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.1.2.1_0\

O1 HOSTS File: ([2012.02.16 21:07:22 | 000,001,398 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O1 - Hosts: 67.215.245.19 www.google-analytics.com.
O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
O1 - Hosts: 67.215.245.19 www.statcounter.com.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [LicenseValidator] C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe (WestByte)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\nenti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\nenti\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D149F6A-A27E-41F0-A2B3-DEC7A923F869}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D7407633-5730-418B-89FB-ACBE54F41AB5}: DhcpNameServer = 131.234.137.24 131.234.137.23
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30ca7957-29f6-11e0-ae4e-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{30ca7957-29f6-11e0-ae4e-00ff01000001}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{7fff360c-f749-11e0-8249-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{7fff360c-f749-11e0-8249-00ff01000001}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\setup.hta
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.03.07 11:40:50 | 000,000,000 | ---D | C] -- C:\Users\nenti\Documents\HostsXpert-1
[2012.03.05 18:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
[2012.03.05 18:23:39 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.03.05 18:23:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.03.05 18:17:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2012.03.05 17:01:49 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.03.05 17:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2012.03.05 17:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012.03.05 17:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2012.03.05 17:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2012.03.05 17:00:46 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Local\Adobe
[2012.03.03 00:05:33 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Local\PokerStars.NET
[2012.03.03 00:05:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2012.03.03 00:04:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2012.03.02 19:12:37 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Local\PunkBuster
[2012.03.02 19:12:30 | 000,000,000 | ---D | C] -- C:\Users\nenti\Documents\Battlefield 3
[2012.03.02 19:10:09 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Local\ESN Sonar
[2012.03.02 19:09:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Battlelog Web Plugins
[2012.03.02 19:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012.03.02 19:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012.03.02 17:51:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2012.03.02 17:51:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2012.03.02 17:12:41 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\Origin
[2012.03.02 17:12:39 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Local\Origin
[2012.03.02 17:08:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012.03.02 17:08:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012.03.02 17:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012.03.02 17:08:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012.03.02 17:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012.03.01 21:32:30 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\Media Player Classic
[2012.03.01 21:32:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter
[2012.03.01 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AC3Filter
[2012.03.01 21:31:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CoreAVC Pro
[2012.03.01 21:31:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CoreAVC Pro
[2012.03.01 21:29:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\media_player_classic
[2012.03.01 21:08:57 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\vlc
[2012.03.01 21:08:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.02.28 07:32:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.02.27 17:40:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.02.27 14:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012.02.27 14:07:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.02.27 13:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft-Maus
[2012.02.27 13:53:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft IntelliPoint
[2012.02.27 07:37:37 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\Help
[2012.02.26 19:41:47 | 000,000,000 | ---D | C] -- C:\Users\nenti\Desktop\HIL_Praktikum
[2012.02.26 19:16:58 | 000,000,000 | ---D | C] -- C:\Users\nenti\Documents\Microsoft_Visual_C_2008_Express_for_MatLab
[2012.02.26 19:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.02.26 19:02:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.02.26 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2012.02.26 19:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.02.26 19:02:31 | 000,000,000 | ---D | C] -- C:\Users\nenti\Documents\Visual Studio 2010
[2012.02.26 19:02:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012.02.26 19:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2012.02.26 19:01:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2012.02.26 19:01:26 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012.02.26 19:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012.02.26 19:01:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SDKs
[2012.02.26 19:01:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.02.26 17:58:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v7.1
[2012.02.26 17:58:31 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SDKs
[2012.02.26 17:39:48 | 000,000,000 | ---D | C] -- C:\Users\nenti\Documents\MATLAB
[2012.02.26 17:39:33 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\MathWorks
[2012.02.26 17:35:36 | 001,077,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSCOMCTL.OCX
[2012.02.26 17:35:36 | 000,407,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSHFLXGD.OCX
[2012.02.26 17:35:36 | 000,203,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RICHTX32.OCX
[2012.02.26 17:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\MATLAB
[2012.02.26 12:23:44 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.02.26 12:23:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenVPN
[2012.02.26 12:23:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenVPN
[2012.02.25 17:55:19 | 000,000,000 | ---D | C] -- C:\Users\nenti\Desktop\ScotlandYardv2.4
[2012.02.19 22:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2012.02.19 19:44:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2012.02.19 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\SoftGrid Client
[2012.02.19 19:39:03 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Local\SoftGrid Client
[2012.02.19 19:38:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Home and Student (Deutsch)
[2012.02.19 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2012.02.19 19:37:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2012.02.19 19:37:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2012.02.19 19:37:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2012.02.19 19:37:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2012.02.19 19:36:28 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\TP
[2012.02.18 13:32:13 | 000,000,000 | ---D | C] -- C:\Users\nenti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.02.18 13:27:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.02.18 13:27:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012.02.16 00:19:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2012.02.15 10:26:57 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.02.15 10:26:57 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.02.15 10:26:56 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.02.15 10:26:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.02.15 10:26:56 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.02.15 10:26:56 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.02.15 10:26:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.02.15 10:26:55 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.02.15 10:26:55 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.02.15 10:26:55 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.02.15 10:26:55 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.02.15 08:52:46 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll
[2012.02.15 08:52:45 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl
[2012.02.15 08:52:45 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl
[2012.02.15 08:52:42 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll
[2012.02.11 14:52:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.02.10 20:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.02.10 20:55:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.03.07 12:09:13 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 12:09:13 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.07 12:01:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.07 12:01:43 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.07 11:51:23 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.07 11:51:23 | 000,034,240 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.07 11:51:23 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.07 11:51:23 | 000,030,528 | ---- | M] () -- C:\Windows\SysNative\BMXBkpCtrlState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.07 11:51:23 | 000,011,564 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000005-00000000-00000002-00001102-00000004-20021102}.rfx
[2012.03.07 11:48:26 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2259594209-2440918616-4243027844-1000UA.job
[2012.03.07 11:48:24 | 000,002,363 | ---- | M] () -- C:\Users\nenti\Desktop\Google Chrome.lnk
[2012.03.06 10:47:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2259594209-2440918616-4243027844-1000Core.job
[2012.03.05 23:49:49 | 004,838,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.05 17:01:47 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012.03.04 16:18:23 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.04 16:18:13 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.03.04 16:18:13 | 000,282,864 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.04 16:14:21 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.03.03 23:14:09 | 001,621,676 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.03 23:14:09 | 000,699,428 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.03 23:14:09 | 000,654,746 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.03 23:14:09 | 000,149,366 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.03 23:14:09 | 000,122,320 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.03 18:32:51 | 000,251,527 | ---- | M] () -- C:\Users\nenti\Documents\test.xps
[2012.03.03 18:21:28 | 000,001,019 | ---- | M] () -- C:\Users\nenti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.03 00:05:27 | 000,001,097 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.03.02 18:05:01 | 000,858,169 | ---- | M] () -- C:\Users\nenti\AppData\Local\census.cache
[2012.03.02 18:04:17 | 000,111,016 | ---- | M] () -- C:\Users\nenti\AppData\Local\ars.cache
[2012.03.02 17:51:28 | 000,000,036 | ---- | M] () -- C:\Users\nenti\AppData\Local\housecall.guid.cache
[2012.03.02 17:08:52 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.03.01 21:08:47 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.02.28 07:32:07 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.27 14:08:14 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.02.27 14:08:02 | 001,643,198 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.27 13:58:58 | 001,567,469 | ---- | M] () -- C:\Users\nenti\Desktop\whaaa.png
[2012.02.27 13:53:55 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012.02.27 13:48:49 | 000,001,092 | ---- | M] () -- C:\Users\nenti\Desktop\ProductionSecurityServices.crt
[2012.02.27 13:17:35 | 725,106,430 | ---- | M] () -- C:\Users\nenti\Desktop\mgp-wbz.avi
[2012.02.27 12:28:44 | 000,003,667 | ---- | M] () -- C:\Users\nenti\Desktop\PID.png
[2012.02.26 19:24:42 | 000,001,695 | ---- | M] () -- C:\Users\nenti\Desktop\MATLAB - Verknüpfung.lnk
[2012.02.26 12:24:51 | 000,001,129 | ---- | M] () -- C:\Users\nenti\Desktop\OpenVPN GUI.lnk
[2012.02.25 00:38:14 | 000,001,017 | ---- | M] () -- C:\Users\nenti\Desktop\Dropbox.lnk
[2012.02.18 13:27:07 | 000,000,917 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.02.17 20:43:13 | 967,864,070 | ---- | M] () -- C:\Users\nenti\Desktop\Hugo (2011).avi
[2012.02.16 21:07:22 | 000,001,398 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.03.05 18:25:36 | 000,001,093 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1 (64 Bit).lnk
[2012.03.05 18:25:03 | 000,001,227 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS5.1.lnk
[2012.03.05 18:23:11 | 000,001,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS5.1.lnk
[2012.03.05 18:22:50 | 000,001,282 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Device Central CS5.5.lnk
[2012.03.05 18:20:55 | 000,001,383 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS5.5.lnk
[2012.03.05 18:20:49 | 000,001,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.5.lnk
[2012.03.05 18:20:19 | 000,000,997 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.03.05 17:01:47 | 000,001,043 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2012.03.05 17:01:47 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Download Assistant.lnk
[2012.03.03 18:32:49 | 000,251,527 | ---- | C] () -- C:\Users\nenti\Documents\test.xps
[2012.03.03 18:21:28 | 000,001,019 | ---- | C] () -- C:\Users\nenti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.03.03 01:14:43 | 1495,501,125 | ---- | C] () -- C:\Users\nenti\Desktop\Cairo.Time.2009.LiMiTED.BDRip.480P.X264.AC3-CHD.mkv
[2012.03.03 00:59:01 | 967,864,070 | ---- | C] () -- C:\Users\nenti\Desktop\Hugo (2011).avi
[2012.03.03 00:05:27 | 000,001,097 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.03.02 19:12:41 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.03.02 18:05:01 | 000,858,169 | ---- | C] () -- C:\Users\nenti\AppData\Local\census.cache
[2012.03.02 18:04:17 | 000,111,016 | ---- | C] () -- C:\Users\nenti\AppData\Local\ars.cache
[2012.03.02 17:51:28 | 000,000,036 | ---- | C] () -- C:\Users\nenti\AppData\Local\housecall.guid.cache
[2012.03.02 17:51:19 | 000,282,864 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.02 17:51:19 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.03.02 17:51:16 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.03.02 17:08:52 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012.03.01 21:08:47 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.02.28 08:43:03 | 725,106,430 | ---- | C] () -- C:\Users\nenti\Desktop\mgp-wbz.avi
[2012.02.28 07:32:07 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.27 14:08:14 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.02.27 14:07:56 | 000,001,897 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.02.27 13:58:58 | 001,567,469 | ---- | C] () -- C:\Users\nenti\Desktop\whaaa.png
[2012.02.27 13:53:55 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_point64_01009.Wdf
[2012.02.27 13:48:49 | 000,001,092 | ---- | C] () -- C:\Users\nenti\Desktop\ProductionSecurityServices.crt
[2012.02.27 12:28:41 | 000,003,667 | ---- | C] () -- C:\Users\nenti\Desktop\PID.png
[2012.02.26 19:24:42 | 000,001,695 | ---- | C] () -- C:\Users\nenti\Desktop\MATLAB - Verknüpfung.lnk
[2012.02.26 12:24:51 | 000,001,129 | ---- | C] () -- C:\Users\nenti\Desktop\OpenVPN GUI.lnk
[2012.02.19 19:37:47 | 001,643,198 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.18 13:27:07 | 000,000,917 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2011.12.30 09:43:05 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2011.12.29 00:54:23 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2011.11.06 03:23:44 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\PCGW32.DLL
[2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.08.30 03:40:23 | 000,168,864 | ---- | C] () -- C:\Program Files\Common Files\WireHelpSvc.exe

[color=#E56717]========== LOP Check ==========[/color]

[2011.12.11 11:52:21 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\.minecraft
[2012.03.07 11:50:39 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\.purple
[2012.03.05 17:01:49 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.01.27 10:30:33 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\DAEMON Tools Lite
[2012.03.07 12:02:26 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\Dropbox
[2011.12.12 20:33:38 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\gtk-2.0
[2011.11.06 03:23:43 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\iZ3D Driver
[2012.03.05 18:30:05 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\KeePass
[2011.12.02 12:53:44 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\Leadertech
[2011.08.29 06:26:39 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\Natural Selection 2
[2011.08.29 10:23:40 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\Notepad++
[2012.03.02 17:15:25 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\Origin
[2011.01.29 07:26:15 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\Samsung
[2012.03.06 12:08:48 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\SoftGrid Client
[2012.02.26 17:12:25 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\TeamViewer
[2012.02.19 19:39:09 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\TP
[2011.12.10 10:30:30 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\TS3Client
[2011.11.16 19:48:28 | 000,000,000 | ---D | M] -- C:\Users\nenti\AppData\Roaming\Ubisoft
[2012.01.18 22:22:21 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[color=#E56717]========== Purity Check ==========[/color]



< End of report >

Extras

Zitat

OTL Extras logfile created on: 07.03.2012 12:18:34 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\nenti\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 63,78% Memory free
8,00 Gb Paging File | 6,28 Gb Available in Paging File | 78,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,17 Gb Total Space | 22,54 Gb Free Space | 12,11% Space Free | Partition Type: NTFS

Computer Name: NENTI-PC | User Name: nenti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoschau] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Fotoschau.exe" -d "%1" ()
Directory [Pixum Fotobuch] -- "C:\Program Files (x86)\Pixum\Pixum Fotobuch\Pixum Fotobuch.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Directory [SCHLECKER Foto Digital Service] -- "C:\Program Files (x86)\SCHLECKER\SCHLECKER Foto Digital Service\SCHLECKER Foto Digital Service.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]


[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{3156336D-8E44-3671-A6FE-AE51D3D6564E}" = Microsoft Windows SDK for Windows 7 (7.1)
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{68570626-1BF6-310B-AF69-6CD686C04AEA}" = Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
"{6C8D7973-31F9-32E1-A820-8DD857910323}" = Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{84452C2C-BDCC-36F3-A189-CE15F02A47FB}" = Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
"{84E30D73-E30F-3A02-BAA0-5353C04DD18A}" = Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{88387B3B-B110-392F-B919-1A15B48F21D4}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0B0F02C-410B-3DE3-9740-EC4C3D902532}" = Microsoft Windows SDK for Windows 7 Common Utilities (30514)
"{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1" = PDF-Viewer
"{A2C55034-8DAF-3755-BA85-CC321707FE99}" = Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA26999-EC22-3007-BB79-638913079C9A}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F1C4B89A-8BF0-3D7C-8095-BAE412FBEA3F}" = Microsoft Windows SDK .NET Framework Tools (30514)
"{F3F18612-7B5D-4C05-86C9-AB50F6F71727}" = KhalInstallWrapper
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"ESL Wire_is1" = ESL Wire 1.10.1
"Matlab R2011b" = MATLAB R2011b
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0513EE35-E0FB-4166-B663-BD1AE3A803DE}" = Anno 1404
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
"{30BEF9F2-CD3F-4B13-9E5C-BFE2F9544572}_is1" = iZ3D Driver Remove
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{370187B9-6964-38D0-851F-6C4898B0C2B1}" = Microsoft Visual C++ Compilers 2010 Standard - enu - x86
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{46F8CF66-AB83-38A7-99B2-A5BE507EE472}" = Microsoft Visual C++ 2010 Express - ENU
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{8795CBED-55E2-4693-9F14-84EC446935BE}" = SpeechRedist
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8D797CA6-C708-4541-B731-779CC9863A07}" = FEAR_Installer_Fix
"{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch
"{9158FF30-78D7-40EF-B83E-451AC5334640}" = Adobe Photoshop CS5.1
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}" = ANNO 1404 - Venedig
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{CCF13D13-A87B-34E8-B689-1896D0C2DBA2}" = Google Talk Plugin
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D179B513-AD43-4013-AC50-C16107A0A02D}" = LogMeIn Hamachi
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{E4197D6B-F046-33E7-ABDE-51FF373FDC76}" = Windows SDK IntellisenseNFX
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"5513-1208-7298-9440" = JDownloader 0.9
"7-Zip" = 7-Zip 9.20
"AC3Filter_is1" = AC3Filter 1.63b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Battlelog Web Plugins" = Battlelog Web Plugins
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"coreavc_is1" = CoreAVC Pro 1.8.5.0
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DesertCombat" = DesertCombat 0.7
"ESN Sonar-0.70.4" = ESN Sonar
"Game Booster_is1" = Game Booster
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.17
"LogMeIn Hamachi" = LogMeIn Hamachi
"Microsoft Visual C++ 2010 Express - ENU" = Microsoft Visual C++ 2010 Express - ENU
"Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de)
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OpenVPN" = OpenVPN 2.1_rc21
"Origin" = Origin
"Pidgin" = Pidgin
"Pixum Fotobuch" = Pixum Fotobuch
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"SCHLECKER Foto Digital Service" = SCHLECKER Foto Digital Service
"Steam App 17700" = Insurgency
"Steam App 4920" = Natural Selection 2
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"VLC media player" = VLC media player 2.0.0
"Voobly_is1" = Voobly

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 05.03.2012 10:54:31 | Computer Name = nenti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LicenseValidator.exe, Version: 5.0.8.1,
Zeitstempel: 0x335e8c27 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x003c023e ID des fehlerhaften
Prozesses: 0xa48 Startzeit der fehlerhaften Anwendung: 0x01ccfadfdd9cf799 Pfad der
fehlerhaften Anwendung: C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1ce31dff-66d3-11e1-a340-001d7dad4f02

Error - 05.03.2012 12:01:14 | Computer Name = nenti-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\nenti\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 05.03.2012 18:50:14 | Computer Name = nenti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LicenseValidator.exe, Version: 5.0.8.1,
Zeitstempel: 0x335e8c27 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002c023e ID des fehlerhaften
Prozesses: 0xb70 Startzeit der fehlerhaften Anwendung: 0x01ccfb2250c2007f Pfad der
fehlerhaften Anwendung: C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 91d1cb5b-6715-11e1-a82e-001d7dad4f02

Error - 06.03.2012 04:19:17 | Computer Name = nenti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LicenseValidator.exe, Version: 5.0.8.1,
Zeitstempel: 0x335e8c27 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0024023e ID des fehlerhaften
Prozesses: 0x40c Startzeit der fehlerhaften Anwendung: 0x01ccfb71d1688002 Pfad der
fehlerhaften Anwendung: C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 10c48033-6765-11e1-94d4-001d7dad4f02

Error - 06.03.2012 08:20:09 | Computer Name = nenti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LicenseValidator.exe, Version: 5.0.8.1,
Zeitstempel: 0x335e8c27 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002c023e ID des fehlerhaften
Prozesses: 0xa10 Startzeit der fehlerhaften Anwendung: 0x01ccfb9372d85dfe Pfad der
fehlerhaften Anwendung: C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: b69a8780-6786-11e1-a203-001d7dad4f02

Error - 06.03.2012 13:38:18 | Computer Name = nenti-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\nenti\Downloads\SoftonicDownloader_fuer_pdf-xchange-viewer.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 06.03.2012 14:25:08 | Computer Name = nenti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LicenseValidator.exe, Version: 5.0.8.1,
Zeitstempel: 0x335e8c27 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x001d023e ID des fehlerhaften
Prozesses: 0x9f4 Startzeit der fehlerhaften Anwendung: 0x01ccfbc66c1f0e0a Pfad der
fehlerhaften Anwendung: C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: b39769ff-67b9-11e1-98ab-001d7dad4f02

Error - 07.03.2012 06:19:59 | Computer Name = nenti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LicenseValidator.exe, Version: 5.0.8.1,
Zeitstempel: 0x335e8c27 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0024023e ID des fehlerhaften
Prozesses: 0x9b0 Startzeit der fehlerhaften Anwendung: 0x01ccfc4bd06ef28f Pfad der
fehlerhaften Anwendung: C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 17aab2dc-683f-11e1-a5b0-001d7dad4f02

Error - 07.03.2012 06:34:26 | Computer Name = nenti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LicenseValidator.exe, Version: 5.0.8.1,
Zeitstempel: 0x335e8c27 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0024023e ID des fehlerhaften
Prozesses: 0x9a8 Startzeit der fehlerhaften Anwendung: 0x01ccfc4dd8701a25 Pfad der
fehlerhaften Anwendung: C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 1c1ce735-6841-11e1-a183-001d7dad4f02

Error - 07.03.2012 07:02:14 | Computer Name = nenti-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LicenseValidator.exe, Version: 5.0.8.1,
Zeitstempel: 0x335e8c27 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0024023e ID des fehlerhaften
Prozesses: 0x9c0 Startzeit der fehlerhaften Anwendung: 0x01ccfc51b999db98 Pfad der
fehlerhaften Anwendung: C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: fec5d648-6844-11e1-96c3-001d7dad4f02

[ System Events ]
Error - 07.03.2012 06:34:35 | Computer Name = nenti-PC | Source = Microsoft Antimalware | ID = 3002
Description = Fehler in %%860-Echtzeitschutzfunktion. Funktion: %%835 Fehlercode:
0x80004005 Fehlerbeschreibung: Unbekannter Fehler Ursache: %%842

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DHCP-Client" ist vom Dienst "Ancillary Function Driver
for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "DNS-Client" ist vom Dienst "NetIO-Legacy-TDI-Supporttreiber"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%31

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "TCP/IP-NetBIOS-Hilfsdienst" ist vom Dienst "Ancillary
Function Driver for Winsock" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
wurde: %%31

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 07.03.2012 06:52:59 | Computer Name = nenti-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068


< End of report >

#2 Die Hostsdatei habe ich jetzt wieder korrigiert bekommen. Hab sie in meinem dual gebooteten Ubuntu bearbeiten können. Könnt ihr sonst noch Probleme in den Logs erkennen?

#3 Hi

1. Installiere Malwarebytes
http://www.malwarebytes.org/
(Download Now)
lasse die Aktualisierung zu, führe einen Quick Scan durch, lasse evtl. Funde von Malwarebytes entfernen und poste anschließend das Log.

2. Lade aswmbr von avast! herunter
http://public.avast.com/~gmerek/aswMBR.exe
Starte das Programm
wähle "Ja" bei der Frage nach avast-Engine.
Klicke auf Scan
Klicke nach dem Scan auf Save Log, speichere es ab und poste es hier (nichts "Fixen")

#4

Zitat

Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.07.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nenti :: NENTI-PC [Administrator]

Schutz: Aktiviert

08.03.2012 00:25:44
mbam-log-2012-03-08 (00-30-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202819
Laufzeit: 4 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\nenti\AppData\Roaming\Identities\{620CAB4B-B54E-4AD3-9111-E2A485E0F18C}\LicenseValidator.exe (Trojan.VUPX.PSG1) -> Keine Aktion durchgeführt.

(Ende)

Zitat

aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-08 00:30:12
-----------------------------
00:30:12.228 OS Version: Windows x64 6.1.7601 Service Pack 1
00:30:12.228 Number of processors: 4 586 0xF0B
00:30:12.229 ComputerName: NENTI-PC UserName: nenti
00:30:13.138 Initialize success
00:30:17.839 AVAST engine defs: 12030701
00:31:12.298 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
00:31:12.300 Disk 0 Vendor: WDC_WD1001FALS-00E8B0 05.00K05 Size: 953868MB BusType: 3
00:31:12.319 Disk 0 MBR read successfully
00:31:12.321 Disk 0 MBR scan
00:31:12.325 Disk 0 unknown MBR code
00:31:12.328 Disk 0 Partition 1 00 83 Linux 715255 MB offset 2048
00:31:12.333 Disk 0 Partition - 00 05 Extended 47877 MB offset 1464846334
00:31:12.358 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 1562898432
00:31:12.367 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 190633 MB offset 1563103232
00:31:12.381 Disk 0 Partition 4 00 82 Linux swap 47877 MB offset 1464846336
00:31:12.407 Disk 0 scanning C:\Windows\system32\drivers
00:31:26.438 Service scanning
00:31:45.714 Modules scanning
00:31:46.064 Disk 0 trace - called modules:
00:31:46.100 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
00:31:46.114 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800475e060]
00:31:46.120 3 CLASSPNP.SYS[fffff8800196043f] -> nt!IofCallDriver -> [0xfffffa800366ae40]
00:31:46.125 5 ACPI.sys[fffff88000ed87a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8004502060]
00:31:46.957 AVAST engine scan C:\Windows
00:31:48.630 AVAST engine scan C:\Windows\system32
00:35:28.484 AVAST engine scan C:\Windows\system32\drivers
00:35:39.482 AVAST engine scan C:\Users\nenti
00:36:36.537 File: C:\Users\nenti\AppData\Roaming\Identities\{620CAB4B-B54E-4AD3-9111-E2A485E0F18C}\LicenseValidator.exe **INFECTED** Win32:Malware-gen
00:36:47.957 File: C:\Users\nenti\AppData\Roaming\Skype\{FB9AF58D-B17C-436A-8F8A-336642FAA600}\renovator.exe **INFECTED** Win32:Malware-gen
00:42:17.623 AVAST engine scan C:\ProgramData
00:43:31.619 Scan finished successfully
00:51:27.593 Disk 0 MBR has been saved successfully to "C:\Users\nenti\Desktop\MBR.dat"
00:51:27.599 The log file has been saved successfully to "C:\Users\nenti\Desktop\aswMBR.txt"

Danke schonmal

#5 1.

Zitat

C:\Users\nenti\AppData\Roaming\Identities\{620CAB4B-B54E-4AD3-9111-E2A485E0F18C}\LicenseValidator.exe (Trojan.VUPX.PSG1) -> Keine Aktion durchgeführt.

Du musst am Ende des Scans das Gefundene von Malwarebytes entfernen lassen ("Entferne Auswahl"). Bitte noch mal scannen und dann entfernen.

2. Starte OTL, kopiere unten in das Skript-Feld rein:

Zitat

:OTL
O33 - MountPoints2\{30ca7957-29f6-11e0-ae4e-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{30ca7957-29f6-11e0-ae4e-00ff01000001}\Shell\AutoRun\command - "" = E:\Autorun.exe
O33 - MountPoints2\{7fff360c-f749-11e0-8249-00ff01000001}\Shell - "" = AutoRun
O33 - MountPoints2\{7fff360c-f749-11e0-8249-00ff01000001}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\setup.hta
O4 - HKCU..\Run: [LicenseValidator] C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe (WestByte)

:Files
C:\Users\nenti\AppData\Roaming\Identities\{620CAB4B-B54E-4AD3-9111-E2A485E0F18C}\LicenseValidator.exe
C:\Users\nenti\AppData\Roaming\Skype\{FB9AF58D-B17C-436A-8F8A-336642FAA600}\renovator.exe

:Commands
[resethosts]
[emptytemp]
[emptyflash]

und klicke auf Fix. Poste bitte das Fix-Log.

3.
Folge bitte dieser Anleitung
http://www.bleepingcomputer.com/combofix/de/wie-combofix-benutzt-wird
und poste das Log.

#6

Zitat

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ca7957-29f6-11e0-ae4e-00ff01000001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ca7957-29f6-11e0-ae4e-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{30ca7957-29f6-11e0-ae4e-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30ca7957-29f6-11e0-ae4e-00ff01000001}\ not found.
File E:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fff360c-f749-11e0-8249-00ff01000001}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fff360c-f749-11e0-8249-00ff01000001}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7fff360c-f749-11e0-8249-00ff01000001}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7fff360c-f749-11e0-8249-00ff01000001}\ not found.
File C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\setup.hta not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\LicenseValidator deleted successfully.
C:\Users\nenti\AppData\Roaming\Identities\{7508F606-35B3-4C42-AACC-3879CBF9C3B6}\LicenseValidator.exe moved successfully.
========== FILES ==========
File\Folder C:\Users\nenti\AppData\Roaming\Identities\{620CAB4B-B54E-4AD3-9111-E2A485E0F18C}\LicenseValidator.exe not found.
C:\Users\nenti\AppData\Roaming\Skype\{FB9AF58D-B17C-436A-8F8A-336642FAA600}\renovator.exe moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: nenti
->Temp folder emptied: 68659118 bytes
->Temporary Internet Files folder emptied: 349990865 bytes
->Java cache emptied: 3845506 bytes
->FireFox cache emptied: 51669267 bytes
->Google Chrome cache emptied: 11295643 bytes
->Flash cache emptied: 57091 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114594433 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 573,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: nenti
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.36.1 log created on 03082012_101035

Files\Folders moved on Reboot...
C:\Users\nenti\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

#7

Zitat

ComboFix 12-03-08.02 - nenti 08.03.2012 16:16:12.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4094.2824 [GMT 1:00]
ausgeführt von:: c:\users\nenti\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\nenti\AppData\Roaming\Help\coredb\storage
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-08 bis 2012-03-08 ))))))))))))))))))))))))))))))
.
.
2012-03-08 15:23 . 2012-03-08 15:23 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-03-08 15:23 . 2012-03-08 15:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-08 09:10 . 2012-03-08 09:10 -------- d-----w- C:\_OTL
2012-03-08 00:46 . 2012-02-07 22:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{560D9502-BFA5-4A05-9EEA-50F3651E26C6}\mpengine.dll
2012-03-07 23:16 . 2012-03-07 23:16 -------- d-----w- c:\users\nenti\AppData\Roaming\Malwarebytes
2012-03-07 23:15 . 2012-03-07 23:15 -------- d-----w- c:\programdata\Malwarebytes
2012-03-07 23:15 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-07 23:15 . 2012-03-07 23:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-05 17:25 . 2012-03-05 17:25 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-05 17:23 . 2012-03-05 17:25 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-05 17:17 . 2012-03-05 17:24 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\users\nenti\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\program files (x86)\Adobe Download Assistant
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-03-05 16:00 . 2012-03-05 22:53 -------- d-----w- c:\users\nenti\AppData\Local\Adobe
2012-03-02 23:05 . 2012-03-05 14:55 -------- d-----w- c:\users\nenti\AppData\Local\PokerStars.NET
2012-03-02 23:04 . 2012-03-02 23:05 -------- d-----w- c:\program files (x86)\PokerStars.NET
2012-03-02 18:12 . 2012-03-08 09:19 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-03-02 18:12 . 2012-03-02 18:12 -------- d-----w- c:\users\nenti\AppData\Local\PunkBuster
2012-03-02 18:10 . 2012-03-02 19:15 -------- d-----w- c:\users\nenti\AppData\Local\ESN Sonar
2012-03-02 18:09 . 2012-03-02 18:09 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-03-02 18:06 . 2012-03-02 18:06 -------- d-----w- c:\programdata\EA Core
2012-03-02 18:06 . 2012-03-04 14:22 -------- d-----w- c:\programdata\EA Logs
2012-03-02 16:51 . 2012-03-02 16:51 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-03-02 16:51 . 2012-03-08 09:19 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-03-02 16:51 . 2012-03-08 09:19 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-02 16:51 . 2012-03-04 15:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-03-02 16:12 . 2012-03-02 16:15 -------- d-----w- c:\users\nenti\AppData\Roaming\Origin
2012-03-02 16:12 . 2012-03-02 16:12 -------- d-----w- c:\users\nenti\AppData\Local\Origin
2012-03-02 16:08 . 2012-03-02 18:06 -------- d-----w- c:\programdata\Electronic Arts
2012-03-02 16:08 . 2012-03-02 18:06 -------- d-----w- c:\programdata\Origin
2012-03-02 16:08 . 2012-03-02 16:21 -------- d-----w- c:\program files (x86)\Origin Games
2012-03-02 16:08 . 2012-03-08 08:43 -------- d-----w- c:\program files (x86)\Origin
2012-03-01 20:32 . 2012-03-01 20:33 -------- d-----w- c:\users\nenti\AppData\Roaming\Media Player Classic
2012-03-01 20:32 . 2012-03-01 20:32 -------- d-----w- c:\program files (x86)\AC3Filter
2012-03-01 20:31 . 2012-03-01 20:31 -------- d-----w- c:\program files (x86)\CoreAVC Pro
2012-03-01 20:29 . 2012-03-01 20:29 -------- d-----w- c:\program files (x86)\media_player_classic
2012-03-01 20:08 . 2012-03-05 16:02 -------- d-----w- c:\users\nenti\AppData\Roaming\vlc
2012-03-01 20:08 . 2012-03-01 20:08 -------- d-----w- c:\program files (x86)\VideoLAN
2012-02-28 16:01 . 2012-02-07 22:14 8643640 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-02-27 13:10 . 2012-02-27 13:10 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BEB1CD31-3893-48A1-95D1-D55781CDE1FC}\gapaengine.dll
2012-02-27 13:08 . 2012-02-27 13:08 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-02-27 13:07 . 2012-02-27 13:08 -------- d-----w- c:\program files\Microsoft Security Client
2012-02-27 12:53 . 2012-02-27 12:53 -------- d-----w- c:\program files\Microsoft IntelliPoint
2012-02-26 18:02 . 2012-02-26 18:02 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-02-26 18:02 . 2012-02-26 18:02 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-02-26 18:02 . 2012-02-26 18:02 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-26 18:02 . 2012-02-26 18:02 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-02-26 18:02 . 2012-02-27 13:02 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-02-26 18:01 . 2012-02-26 18:02 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 10.0
2012-02-26 18:01 . 2012-02-26 18:01 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-02-26 18:01 . 2012-02-26 18:01 -------- d-----w- c:\windows\symbols
2012-02-26 18:01 . 2012-02-26 18:01 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-02-26 18:01 . 2012-02-26 18:01 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-02-26 18:01 . 2012-02-26 18:01 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-02-26 16:58 . 2012-02-26 16:58 -------- d-----w- c:\program files\Microsoft SDKs
2012-02-26 16:39 . 2012-02-26 16:39 -------- d-----w- c:\users\nenti\AppData\Roaming\MathWorks
2012-02-26 16:35 . 2004-07-29 20:35 1077344 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-02-26 16:35 . 2004-03-01 21:05 407104 ----a-w- c:\windows\system32\MSHFLXGD.OCX
2012-02-26 16:35 . 2004-02-11 13:37 203976 ----a-w- c:\windows\system32\RICHTX32.OCX
2012-02-26 16:18 . 2012-02-26 16:18 -------- d-----w- c:\program files\MATLAB
2012-02-26 11:23 . 2012-02-26 11:24 -------- d-----w- c:\program files (x86)\OpenVPN
2012-02-24 14:42 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5CF0CDE-868F-4F94-9893-5C2BA17F5F85}\mpengine.dll
2012-02-19 21:27 . 2012-02-19 21:27 -------- d-----w- c:\programdata\VirtualizedApplications
2012-02-19 18:44 . 2012-02-19 18:44 -------- d-----r- C:\MSOCache
2012-02-19 18:39 . 2012-03-07 14:14 -------- d-----w- c:\users\nenti\AppData\Roaming\SoftGrid Client
2012-02-19 18:39 . 2012-02-19 18:39 -------- d-----w- c:\users\nenti\AppData\Local\SoftGrid Client
2012-02-19 18:37 . 2012-02-19 23:17 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-02-19 18:37 . 2012-02-19 18:37 -------- d-----w- c:\windows\PCHEALTH
2012-02-19 18:36 . 2012-02-19 18:39 -------- d-----w- c:\users\nenti\AppData\Roaming\TP
2012-02-18 12:27 . 2012-03-08 12:01 -------- d-----w- c:\program files (x86)\Steam
2012-02-15 23:19 . 2012-02-15 23:19 -------- d-----w- c:\windows\system32\appmgmt
2012-02-15 07:52 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:52 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:52 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:52 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:52 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:52 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:52 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-10 19:55 . 2012-02-10 19:55 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-18 08:29 . 2011-08-30 02:39 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2010-10-18 18:43 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-28 23:54 . 2011-12-28 23:54 43520 ----a-w- c:\windows\SysWow64\CmdLineExt03.dll
2011-08-03 08:58 . 2011-08-30 02:40 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\nenti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\nenti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\nenti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\nenti\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-02-18 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\READREG" [X]
.
c:\users\nenti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\nenti\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [x]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-07 2343816]
R4 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
R4 S3DSvc32;S3D Service (Win32);c:\program files (x86)\iZ3D Driver\Win32\S3DCService.exe [2011-06-16 357888]
R4 S3DSvc64;S3D Service (Win64);c:\program files (x86)\iZ3D Driver\Win64\S3DCService.exe [2011-06-16 477696]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]
R4 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-17 2358656]
R4 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
R4 WireHelpSvc;WireHelpSvc;c:\program files\Common Files\WireHelpSvc.exe [2011-08-03 168864]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 iZ3DInjectionDriver;Driver inject our D3D and OGL wrappers;c:\program files (x86)\iZ3D Driver\Win64\S3DInjectionDriver.sys [2011-06-16 43704]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ESLWireAC;ESLWireAC;c:\windows\system32\drivers\ESLWireACD.sys [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Ph3xIB64;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB64.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2259594209-2440918616-4243027844-1000Core.job
- c:\users\nenti\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-02 09:11]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2259594209-2440918616-4243027844-1000UA.job
- c:\users\nenti\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-02 09:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\nenti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\nenti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\nenti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\nenti\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\nenti\AppData\Roaming\Mozilla\Firefox\Profiles\rw9f2s37.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-NPSStartup - (no file)
AddRemove-DesertCombat - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\IObit\Game Booster\GameBox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-08 16:30:54 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-08 15:30
.
Vor Suchlauf: 11 Verzeichnis(se), 32.914.436.096 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 33.000.574.976 Bytes frei
.
- - End Of File - - 87EC98072F011ED04DD1021990ADA934

#8 Sieht ganz gut aus. Noch einen zum Schluß:

1. Eset Online Scanner
http://www.eset.de/onlinescanner
(hier sollte der Browser mit Rechtsklick als Administrator gestartet werden)
Poste bitte nach Ende des Scans das Log, normalerweise zu finden unter C:\Programme\Eset\EsetOnlineScanner\log.txt

2. Wie geht es dem Rechner?

#9 Ich kann keine Programme mehr öffnen, es sei denn ich führ sie als Administrator aus. Fehlermeldung ist immer: "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde."

Ansonsten läuft alles knorke. Keine komischen redirects mehr und er schnurrt gemütlich vor sich hin.

#10

Zitat

Ich kann keine Programme mehr öffnen, es sei denn ich führ sie als Administrator aus. Fehlermeldung ist immer: "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde."

Das war Combofix. Einmal neustarten, dann sollte es wieder passen.

Dann warten wir mal den Eset-Scan ab, danach gibts noch ein paar allgemeine Tipps.

#11

Zitat

gangren postete
Das war Combofix. Einmal neustarten, dann sollte es wieder passen.

Dann warten wir mal den Eset-Scan ab, danach gibts noch ein paar allgemeine Tipps.

Hab ich mir fast gedacht... lass aber erstmal den ESET Scanner zu ende rödeln. Bin mal auf deine Tipps gespannt Denke ich hab mir den Rechner mit ner "Lizenz" für Matlab infiziert. Denn ab da ging es los mit dem Horror.

Muss jetzt wahrscheinlich erstmal alle Passwörter ändern und Onlinebanking am besten ins Linux auslagern oder?

#12 Das war doch auch aus Deinem Log ersichtlich.

Sowas ist eben bei Cracks oft als Zugabe dabei.
__________
darknight, die wo anders Heike ist.

#13 Oha es wurde doch noch was gefunden

Zitat

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=4bedba437e3a1c4797ee6c7537ded68b
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-08 04:49:51
# local_time=2012-03-08 05:49:51 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 100 94 879521 82851901 0 0
# compatibility_mode=8192 67108863 100 0 3858 3858 0 0
# scanned=379931
# found=1
# cleaned=1
# scan_time=3340
C:\_OTL\MovedFiles\03082012_101035\C_Users\nenti\AppData\Roaming\Skype\{FB9AF58D-B17C-436A-8F8A-336642FAA600}\renovator.exe Win32/Gataka.A Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert) 00000000000000000000000000000000 C

#14

Zitat

Denke ich hab mir den Rechner mit ner "Lizenz" für Matlab infiziert.

Tja, normalerweise schicke ich bei solchen Sachen zum Neuaufsetzen: als "Erziehungsmaßnahme" und dann will man ja auch nicht unbedingt Beihilfe leisten. Aber Du warst schon der zweite mit den selben Symptomen, also gibt's mal im Interesse "der Wissenschaft" eine Ausnahme. Kann ja sein, dass eine neue Welle kommt.

Ansonsten, wie darknight schon sagte, sind praktisch alle Keygens, Cracks und "Lizenzen" infiziert. Also Tipp Nr. 1 : Finger weg.

Zitat

Oha es wurde doch noch was gefunden

Ne, war bloß das Zeug in der Quarantäne von OTL, das wir zuvor gelöscht haben.

Kommen wir dann zum Schluß:

1. Starte OTL und klicke bitte auf Bereinigung. OTL entfernt sich daraufhin selbst.

2. Jepp, alle Passwörter zu ändern ist eine gute Idee. Auch Online-Banking ist unter Linux besser aufgehoben.

3. Halte Dein System auf dem neuesten Stand. http://secunia.com/vulnerability_scanning/personal/ kann dabei helfen (kostenlos).

4. Lies Dir das hier durch: http://malte-wetz.de/wiki/pmwiki.php/De/KompromittierungUnvermeidbar

Fertig

Gruß,
gangren

#15 Vielen Dank für die super Hilfe. Bin wirklich beeindruckt was es nicht so alles gibt.

Wie kommt man zu eurem Hobby?
Seid ihr auch professionell in der Scene unterwegs?

Danke & Gruß
nenTi