Hallo,
Ich wurde Infiziert ich weis nicht vonw as ich weis nicht von wem und ich weis nicht was es für ein Virus/Trojaner/Botnet ist :)

Ich weis nur das mein Steam Account alle Freunde gelöscht hat und ich weis das mein internet seit 3 Tagen ziemlich langsam ist..

Villeicht ist hier jemand erfahren und kann mir mal helfen :)

Hijackthis laden posten,

netstat -b checken welche verbindungen ausgehen

Junge, lies die Stickies - die sind nicht umsonst da. http://free-hack.com/erkennung-hilfe/26669-tun-wenn-ich-infiziert-bin.html

http://free-hack.com/erkennung-hilfe/60300-regeln-zum-richtigen-posting.html - Eher mal hier nachlesen!

Gruß,
Apex

1.formatiere dein pc dann sollte alles wieder clean sein.
2.beim nächstes mal vlt SUFU nutzen.

Das mit dem formatieren ist immer eine Lösung mit der man eig. nicht leben kann.
Mann muss alles wieder neu aufspielen.
Ich denke mal sie sucht was anderes.

Schau mal hier vll hilft dir das weiter.

http://free-hack.com/erkennung-hilfe/31953-bin-ich-infiziert-hier-die-antwort.html

Wenn dein System startet und fertig geladen hast gehst du auf:

Ausführen -> cmd -> und gibt dort "netstat -n" ein.

Jetzt siehst du einen Host/IP, nun weisst du wer dir den Trojaner gegeben hatt :)

Geh auch im Autostart gucken, mit:

Ausführen -> msconfig -> Spalte Systemstart.
Wenn du was verdächtiges siehst mach einfach den Hacken weg dann sollte das Ding (Wenn es low ist) nichtmehr aufstarten.

Ansonsten Pc Formatieren.

Mfg Chillerz.

1.formatiere dein pc dann sollte alles wieder clean sein.
2.beim nächstes mal vlt SUFU nutzen.

WARUM ?!!!!
Unter jedem Hilfe Thread den ich im Inet finde steht von min 10 Schlümpfen ,wie dir, das man den Pc formatieren soll !!!! Wie wärs wenn man einfach gleich einen neuen Pc kauft? Das einzigste was man formatieren soll sind solch sinfreie Posts wie du ihn geschrieben hast."Nur weil Ameisen im Haus sind, räumst du doch auch nicht alles aus und renovierst dein Haus neu"

Jetzt zur Lösung:
1.Look Vorposter
2. Kannst du Updates durchführen zb AntiVir
3. Schau mal ob in deinem Browser ein Proxy eingestellt ist
!!! Alles muss auf Automatisch sein, nicht manuel.
4. In deinen Win Einstellungen kann man auch einen Proxy einstellen
5. Hijack und dein Avira drüber laufen lassen
6. Anti Spyware drüber laufen lassen
7. Wenn das ales nicht hilft, dann schreib mir eine Pm ich schau mir mal deinen Pc näher an, Sehr viele Möglichkeiten hat man da nicht.

Das einzigste was man formatieren soll sind solch sinfreie Posts wie du.ihn geschrieben hast."Nur weil Ameisen im
Haus sind, räumst du doch.auch nicht alles aus und renovierst d
ein Haus neu"@katerlysator:
schon mal etwas von Sicherheitskonzepten gehört? :rolleyes:
Sowas wie "Ein kompromittiertes System ist nicht vertrauenswürdig (http://de.wikipedia.org/wiki/Technische_Kompromittierung)" ?

Du willst mit Avira & Hijackthis & Anti-Spy-sonstwas (oder einfach durch Remote-draufschauen) auf einem laufenden System Rootkits erkennen?
Aha. Krass. Respekt.
Ich würde mir noch nichtmal die Säuberung von ordentlicher Ring3 Malware zutrauen wollen, da man danach immer noch nicht garantieren kann, alles erwischt zu haben.
Über Ring0 aka Rootkits ganz zu schweigen. Wenn man sich über einen 0-Day Exploit infiziert, bekommt man i.R auch keinen billigen NET Bot drauf ;). Viel Spass, mit TCPView oder netstat irgendwelchen Netzwerkverkehr erkennen zu wollen, der über einen eigenen TCP/IP Stack läuft.

Sehr viele Möglichkeiten hat man da nicht.*hust*. Wie gesagt - die üblichen 0815 VB6/NET Bots sollte man nicht als das Maß aller Dinge ansehen *g*.

Btw:
Dir ist schon klar, dass auch MS ganz offiziell Neuaufsetzen empfielt?
http://technet.microsoft.com/en-us/library/cc512587.aspx (http://technet.microsoft.com/en-us/library/cc716274.aspx)


Cleaning a Compromised System

So, you didn’t patch the system and it got hacked. What to do? Well, let’s see:


You can’t clean a compromised system by patching it. Patching only removes the vulnerability. Upon getting into your system, the attacker probably ensured that there were several other ways to get back in.
You can’t clean a compromised system by removing the back doors. You can never guarantee that you found all the back doors the attacker put in. The fact that you can’t find any more may only mean you don’t know where to look, or that the system is so compromised that what you are seeing is not actually what is there.
You can’t clean a compromised system by using some “vulnerability remover.” Let’s say you had a system hit by Blaster. A number of vendors (including Microsoft) published vulnerability removers for Blaster. Can you trust a system that had Blaster after the tool is run? I wouldn’t. If the system was vulnerable to Blaster, it was also vulnerable to a number of other attacks. Can you guarantee that none of those have been run against it? I didn’t think so.
You can’t clean a compromised system by using a virus scanner. To tell you the truth, a fully compromised system can’t be trusted. Even virus scanners must at some level rely on the system to not lie to them.
You can’t clean a compromised system by reinstalling the operating system over the existing installation.
You can’t trust any data copied from a compromised system. Once an attacker gets into a system, all the data on it may be modified.
The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications). Alternatively, you could of course work on your resume instead, but I don’t want to see you doing that.

(usw, ich habe nur Ausschnitte zitiert)

Denn am Ende ist der Säuberungsaufwand häufig eher größer als der Aufwand zum Neuaufsetzen, wogegen man beim letzteren
viel mehr Sicherheit hat.

PS: es gibt sowas wie Backups - man setzt ein System einmal auf, richtet alles ein und macht davon ein Backup.
Dann kann man mit wenigen Klicks alles wiederherstellen lassen.

da ich mir dachte das es quatsch wäre nen neues thema aufzumachen poste ich mein problem hier mit rein... mein hauptproblem/e sind das zeichen wie ^´ doppelt auf dem bildschirm kommen und meine explorer.exe abstürzt.

was ich bisher getan habe:
spybot
avira
eset onlinescan
ad-ware
und hijackthis (was mich daran bissl verwirrt ist das hier nur ie und kein eintrag vom firefox vorhanden ist)

bei dem letzteren traue ich mich nicht so ran und poste deshalb mal die file



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:48, on 02.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
D:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
D:\Program Files (x86)\CPU-Control\CPU_Control.exe
D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
D:\Program Files (x86)\DSL-Manager\DslMgr.exe
D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
D:\Program Files (x86)\avmwlanstick\WLanGUI.exe
D:\Windows\SysWOW64\Ctxfihlp.exe
D:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
D:\Program Files (x86)\ASUS\SmartDoctor\SmartDoctor.exe
D:\Windows\SysWOW64\CTXFISPI.EXE
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
D:\Program Files (x86)\VirtualDJ\virtualdj.exe
D:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = eBay - eine der größten deutschen Shopping-Websites (http://ebay.de)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing (http://go.microsoft.com/fwlink/?LinkId=54896)
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing (http://go.microsoft.com/fwlink/?LinkId=54896)
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com (http://go.microsoft.com/fwlink/?LinkId=69157)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: Toolbar fuer eBay - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - D:\Users\Stefan\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll
O4 - HKLM\..\Run: [VirtualCloneDrive] "D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AVMWlanClient] D:\Program Files (x86)\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up] "D:\Program Files (x86)\ASUS\AI Suite\CPU Level UPEx\CpuLevelUp.exe" -r
O4 - HKLM\..\Run: [CloneCDTray] "D:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [avgnt] "D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [CPU_Control] D:\Program Files (x86)\CPU-Control\CPU_Control.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ICQ] "D:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: DSL-Manager.lnk = D:\Program Files (x86)\DSL-Manager\DslMgr.exe
O8 - Extra context menu item: add to &BOM - D:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta
O8 - Extra context menu item: An OneNote s&enden - res://D:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 (http://ONBttnIE.dll/105)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://D:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 (http://EXCEL.EXE/3000)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://D:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 (http://EXCEL.EXE/3000)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: AnyDiscHelp.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - D:\Windows\SysWow64\DreamScene.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - D:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - D:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: AVM WLAN Connection Service - AVM Berlin - D:\Program Files (x86)\avmwlanstick\WlanNetService.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - D:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - D:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: Emma Device Management (EmmaDevMgmtSvc) - Sony Ericsson Mobile Communications - D:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe
O23 - Service: Emma Update Management (EmmaUpdMgmtSvc) - Sony Ericsson Mobile Communications - D:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: HDD & SSD access service - BinarySense Ltd. - D:\Program Files (x86)\Common Files\BinarySense\disksvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - D:\Windows\system32\srvany.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Netzmanager Infrastruktur Informationssystem Dienst (Netzmanager Service) - Deutsche Telekom AG - D:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.e xe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - D:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - D:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - D:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12959 bytes
ich hoffe könnt mir helfen:)

O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll


http://www.hijackthis.de/gfx/state/nasty.gif (http://www.hijackthis.de/analyzer.php?line=75)
http://www.hijackthis.de/gfx/state/rating_0.gif
(http://www.hijackthis.de/#)
Prüfen Sie Ihre Festplatte mit Spybot S&D von Kolla.de oder LSPFix von Cexx.org! Diese Einträge sollten nicht manuell gelöscht werden! Beste Möglichkeit zur Reparatur bietet LSPFix von Cexx.org.

Scheint infiziert zu sein.
Alle AV's hast du einzeln getestet? Blos nicht mehrere gleichzeitig, das führt zu Problemen bei Kernel Hooks etc.
Probier mal LSPFix, ansonsten melde dich nochmal

für die zeit, welche ich nicht hier war (krankheitsbedingt), hat sich zum glück kaum etwas hier verändert, schnelle und gute kompetenz der community:).

so nun zur eigentlichen antwort..wurde alles nacheinander gescannt,
lspfix habe ich grad ma runtergeladen und meinte "no problem found".


könnte jedoch noch 2 berichte von OTL anbieten

@EvilKniefel: Könnte daran liegen, das deine Systempartition nicht auf C liegt, bzw %SystemRoot% nicht richtig gesetzt ist.
Ansonsten fällt mir nichts ungewöhnliches auf.
Wie hat sich die Infektion bemerkbar gemacht?

format c: ?
hast du dir die logfile eig ma angeschaut?




beste und bestimmt schnellste lösung^^


is nen zustand, aber keine lösung in meinen augen.
bin auch hier um nochn bissl was zu lernen, den rechner in den urzustand zurückzubomben habe ich bereits gelernt:confused:

EvilKniefel: nach was trat das denn auf? Sprich: Crack o.ä. installiert? Irgendwas runtergeladenes ausgeführt?

Wie hat sich die Infektion bemerkbar gemacht? hm, angefangen hat es vor 2 wochen... wollte ma schaun obs im netz nicht auch bissl stuffseiten mit angehobenere audioqualy gibt.. nunja, als das erste fenster aufging vonwegen spywareprogramm kaufen wusste ich was los war.. paar popupfenster gingen auch auf und systemwiederherstellungskonsole wurde deaktiviert (schlüssel in regedit gesetzt).

der spaß wurde alles behoben.


seit 2 tagen muckt meine explorer.exe rum. einzigstens installs waren fallout new vegas und neue nvidia treiber soweit ich mich erinnern kann



Also wenn ich bei mir 2x die Taste [°^] drücke kommt auch " ^^ " raus und ich denke das ist kein Virus.. genauso wenn ich 2x die Taste [`,] drücke kommt " ´´ " raus ;)und wenn ich 2mal ^^ drücke kommt ^^^^.



EvilKniefel: nach was trat das denn auf? Sprich: Crack o.ä. installiert? Irgendwas runtergeladenes ausgeführt?

am release von fallout wird es nicht liegen, bzw am crack, nen kollege von mir hat das selbe betriebssystem+release und hat keine probleme

Das verhalten der ^-Taste könnte auf KeyboardHooks hinweisen.
Was ist das für ein Programm:
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
?
Scann mal bei Virustotal o.ä.
Wenn du weißt welches Programm das ausgelöst haben könnte, empfehle ich zusätzlich Sandbox analysen.

seit 2 tagen muckt meine explorer.exe rum. einzigstens installs waren fallout new vegas und neue nvidia treiber soweit ich mich erinnern kann

vllt wars ha mit iwas gebindet... -.-* würds nochmal auf prüfen

Wenn die Tastatur schon gehookt wird, möchte jemand auch an diese rankommen.
Behalte doch mal die Verbindungen im Auge. Vielleicht lässt sich so entlarven was (oder gar: wer) dahinter steckt.

Also du könntest das ganze mal auf HijackThis Logfileauswertung (http://www.hijackthis.de/) auswerten lassen und die entsprechenden Ergebnisse anschauen...
Sieht aber nicht allzu schön aus... Du hast 13 Schädliche Einträge und 10 Unbekannte
Solltest du mal fixen oder die Festplatte formatieren ;D

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

Soweit ich das beurteilen kann ist das eine Komponente von Windows 7. Korrekterweise in %SYSTEMROOT%\System32 vorhanden, außerdem eine versteckte Datei. Die Dateigröße sollte 93184 Bytes betragen. Prozessname MCTadmin.

Kann außer als Lokaler Dienst auch als Netzwerkdienst gestartet werden.

greetz
c

@GregorSamsa
datei zum hochladen nicht vorhanden... ist auch nicht hidden, mir grad auchn rätsel

@shoei
habe ich vorhin nochmal online scannen lassen

@clode
werde ich nachher ma schaun, war ja glaube netstat-a oder?


werde ma die kiste rebooten und ma schaun was ovp so für protokolle ausspuckt

1. Sind das Empfehlungen von HijackThis, daher bitte ich doch um genauere Untersuchung der Dateien.
2. Clode, du redest immernoch quatsch, tut mir leid. Fehlerhafte Tastaturhooks zeugen nicht von können, genausowenig kann man groß was anfangen mit einer IP die per netstat -b herausgefunden wird.
Schon Userland Rootkits können ohne Probleme die Verbindungen verstecken.
3. Ist formatieren keine Alternative. Bisher hab ich sämtliche Malware, und das war einiges, ohne formatieren entfernen können.

3. Ist formatieren keine Alternative. Bisher hab ich sämtliche Malware, und das war einiges, ohne formatieren entfernen können.
Glaubst du ;)

Es ist außerdem nicht möglich Verbindungen komplett zu verstecken.

ganz ehrlich? setz deinen pc neu auf safe is safe :P

hm dreht sich mir jetzt schon der magen um, aber wenn niemanden was bei den logs auffällt siehts wohl ganz danach aus

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 76.33 Gb Total Space | 12.95 Gb Free Space | 16.97% Space Free | Partition Type: NTFS
Drive D: | 201.01 Gb Total Space | 127.88 Gb Free Space | 63.62% Space Free | Partition Type: NTFS
Drive E: | 1196.25 Gb Total Space | 393.57 Gb Free Space | 32.90% Space Free | Partition Type: NTFS
Drive G: | 265.75 Gb Total Space | 72.73 Gb Free Space | 27.37% Space Free | Partition Type: NTFS
Drive H: | 100.00 Gb Total Space | 77.71 Gb Free Space | 77.71% Space Free | Partition Type: NTFS

Computer Name: Ü | User Name: Ü | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/02 22:44:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
PRC - [2010/10/29 04:26:15 | 000,912,344 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/10/29 04:26:15 | 000,016,856 | ---- | M] (Mozilla Corporation) -- D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/24 15:59:50 | 000,864,624 | ---- | M] (Lavasoft) -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010/10/24 15:59:47 | 001,357,464 | ---- | M] (Lavasoft) -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/04/01 12:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/04/01 10:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2010/03/02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2009/11/13 14:03:08 | 000,205,976 | ---- | M] (BinarySense Ltd.) -- D:\Program Files (x86)\Common Files\BinarySense\disksvc.exe
PRC - [2009/09/24 14:41:58 | 000,434,176 | ---- | M] (Sony Ericsson Mobile Communications AB) -- D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
PRC - [2009/08/22 19:25:00 | 002,781,184 | ---- | M] () -- D:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner.exe
PRC - [2009/07/01 20:23:52 | 001,435,136 | ---- | M] () -- D:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
PRC - [2009/06/05 17:42:04 | 001,310,720 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
PRC - [2009/06/04 00:55:16 | 000,025,600 | ---- | M] (Creative Technology Ltd) -- D:\Windows\SysWOW64\Ctxfihlp.exe
PRC - [2009/06/04 00:49:56 | 001,213,440 | ---- | M] (Creative Technology Ltd) -- D:\Windows\SysWOW64\CTxfispi.exe
PRC - [2009/05/26 23:31:29 | 000,085,160 | ---- | M] (Elaborate Bytes AG) -- D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
PRC - [2009/05/18 13:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- D:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () -- D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
PRC - [2009/03/20 02:03:00 | 001,904,640 | ---- | M] (AVM Berlin) -- D:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009/03/20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) -- D:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- D:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2009/01/03 23:57:00 | 001,034,240 | ---- | M] () -- D:\Program Files (x86)\CPU-Control\CPU_Control.exe
PRC - [2008/10/23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) -- D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe
PRC - [2007/11/26 14:51:00 | 001,085,440 | ---- | M] (T-Systems Enterprise Services GmbH) -- D:\Program Files (x86)\DSL-Manager\DslMgr.exe


========== Modules (SafeList) ==========

MOD - [2010/11/02 22:44:25 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- D:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420f e3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- D:\Windows\SysNative\srvany.exe -- (KMService)
SRV:64bit: - [2009/11/24 12:59:53 | 000,009,728 | ---- | M] (Deutsche Telekom AG) [Auto | Running] -- D:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.e xe -- (Netzmanager Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- D:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/05 17:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- D:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV:64bit: - [2009/05/06 10:41:52 | 000,062,464 | ---- | M] (ASUSTeK COMPUTER INC.) [Auto | Running] -- D:\Windows\SysNative\ATKFUSService.exe -- (ATKFUSService)
SRV - [2010/10/24 15:59:47 | 001,357,464 | ---- | M] (Lavasoft) [Auto | Running] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010/10/16 11:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/08/24 10:38:18 | 000,092,008 | ---- | M] (TomTom) [Disabled | Stopped] -- D:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/04/01 12:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/02/24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- D:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/18 13:01:06 | 000,462,632 | ---- | M] (Nero AG) [Disabled | Stopped] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2009/12/16 13:36:12 | 000,403,064 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- D:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaDeviceMgmt.exe -- (EmmaDevMgmtSvc)
SRV - [2009/12/16 13:36:12 | 000,193,656 | ---- | M] (Sony Ericsson Mobile Communications) [Auto | Running] -- D:\Program Files (x86)\Common Files\Sony Ericsson\Emma Core\Services64\EmmaUpdateMgmt.exe -- (EmmaUpdMgmtSvc)
SRV - [2009/11/13 14:03:08 | 000,205,976 | ---- | M] (BinarySense Ltd.) [Auto | Running] -- D:\Program Files (x86)\Common Files\BinarySense\disksvc.exe -- (HDD & SSD access service)
SRV - [2009/11/09 05:46:24 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2009/11/07 18:22:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- D:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/10/07 06:04:28 | 000,044,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\Microsoft.NET\Framework64\v4.0.21006\as pnet_state.exe -- (aspnet_state)
SRV - [2009/10/07 03:44:38 | 001,007,448 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Windows\Microsoft.NET\Framework64\v4.0.21006\WP F\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2009/10/07 03:44:38 | 000,138,560 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework64\v4.0.21006\ms corsvw.exe -- (clr_optimization_v4.0.21006_64)
SRV - [2009/10/07 02:44:58 | 000,129,856 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\Windows\Microsoft.NET\Framework\v4.0.21006\msco rsvw.exe -- (clr_optimization_v4.0.21006_32)
SRV - [2009/07/27 11:13:28 | 000,061,440 | ---- | M] () [Disabled | Stopped] -- D:\Windows\SysWOW64\ASDR.exe -- (ASDR)
SRV - [2009/07/26 05:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- G:\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\msco rsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/04/30 12:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009/03/20 02:03:00 | 000,368,640 | ---- | M] (AVM Berlin) [Auto | Running] -- D:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- D:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/09 12:46:26 | 000,548,704 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- D:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe -- (DfSdkS)
SRV - [2008/10/23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Running] -- D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008/09/24 14:32:48 | 000,935,208 | ---- | M] (Nero AG) [Disabled | Stopped] -- D:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2003/04/18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- D:\Windows\SysWOW64\srvany.exe -- (KMService)


========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\nvflash.sys -- (NVFLASH)
DRV:64bit: - [2010/09/30 22:25:10 | 000,040,104 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/09/23 08:46:09 | 000,069,152 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- D:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/09/14 14:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010/03/02 12:35:01 | 000,116,568 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2010/02/16 13:24:00 | 000,081,072 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- D:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/12/06 22:08:17 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2009/12/06 22:08:17 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- D:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2009/12/06 19:50:11 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/11/07 19:16:17 | 000,016,384 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\EIO64.sys -- (EIO64)
DRV:64bit: - [2009/08/13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- D:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 17:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009/06/04 02:49:58 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k)
DRV:64bit: - [2009/06/04 02:49:42 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\emupia2k.sys -- (emupia)
DRV:64bit: - [2009/06/04 02:49:34 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV:64bit: - [2009/06/04 02:49:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV:64bit: - [2009/06/04 02:49:18 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv)
DRV:64bit: - [2009/06/04 02:49:08 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV:64bit: - [2009/06/04 02:49:00 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k)
DRV:64bit: - [2009/06/04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS)
DRV:64bit: - [2009/06/04 02:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV:64bit: - [2009/06/04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS)
DRV:64bit: - [2009/06/04 02:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV:64bit: - [2009/06/04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS)
DRV:64bit: - [2009/06/04 02:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT)
DRV:64bit: - [2009/05/23 00:08:37 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2009/05/14 09:26:24 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009/04/08 13:26:16 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009/04/06 09:13:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2009/04/06 09:13:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2009/03/26 15:44:13 | 000,044,560 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\a4djavs_x64.sys -- (a4djavs_x64)
DRV:64bit: - [2009/03/26 15:44:10 | 000,249,872 | ---- | M] (Native Instruments GmbH) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\a4djusb_x64.sys -- (a4djusb_x64)
DRV:64bit: - [2009/03/20 02:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009/03/20 02:03:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009/02/17 18:22:22 | 000,039,424 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ATKDispLowFilter.sys -- (atkdisplf)
DRV:64bit: - [2009/02/17 18:22:22 | 000,017,792 | ---- | M] (ASUSTeK Computer Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\asusgsb.sys -- (asusgsb)
DRV:64bit: - [2008/10/21 10:22:44 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s0017unic.sys -- (s0017unic) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM)
DRV:64bit: - [2008/10/21 10:22:44 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s0017obex.sys -- (s0017obex)
DRV:64bit: - [2008/10/21 10:22:44 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s0017nd5.sys -- (s0017nd5) Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS)
DRV:64bit: - [2008/10/21 10:22:42 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s0017mdm.sys -- (s0017mdm)
DRV:64bit: - [2008/10/21 10:22:42 | 000,133,160 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s0017mgmt.sys -- (s0017mgmt) Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2008/10/21 10:22:42 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV:64bit: - [2008/10/21 10:22:40 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s0017bus.sys -- (s0017bus) Sony Ericsson Device 0017 driver (WDM)
DRV:64bit: - [2008/01/09 11:28:20 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2007/10/03 22:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
DRV:64bit: - [2007/10/03 22:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
DRV:64bit: - [2007/10/03 22:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- D:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
DRV:64bit: - [2007/08/01 14:49:02 | 000,019,008 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- D:\Windows\SysNative\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV:64bit: - [2007/04/24 08:33:30 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s125obex.sys -- (s125obex)
DRV:64bit: - [2007/04/24 08:33:14 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\s125bus.sys -- (s125bus) Sony Ericsson Device 125 driver (WDM)
DRV:64bit: - [2007/02/16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006/12/28 01:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- D:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV - [2010/11/01 22:51:43 | 000,019,952 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys -- (RivaTuner64)
DRV - [2010/09/23 08:46:10 | 000,016,928 | ---- | M] () [Kernel | On_Demand | Running] -- D:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010/09/14 14:16:15 | 000,125,888 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2007/02/16 01:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- D:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2005/04/08 15:49:30 | 000,003,040 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Windows\SysWOW64\drivers\nvflash.sys -- (NVFLASH)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = 4fuckr.com - everything else is for pussies - DER FHRER HAT SPASSS (http://4fuckr.com/page_1.htm) [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Freewar.de - Browsergames, Onlinegame (http://welt1.freewar.de/)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN (http://de.msn.com/?ocid=iehp)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2C BD 8F AB A4 60 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.8
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: jl@leimbach-it.de:2.5
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.0&q="

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: D:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 04:26:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: D:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 04:26:15 | 000,000,000 | ---D | M]

[2010/10/08 16:59:59 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\mozilla\Extensions
[2010/10/08 16:59:59 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\mozilla\Extensions \home2@tomtom.com
[2010/11/02 15:35:58 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Pr ofiles\eluxhlz3.default\extensions
[2010/03/07 18:07:33 | 000,000,000 | ---D | M] (Linkification) -- D:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Pr ofiles\eluxhlz3.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a}
[2010/07/18 20:40:08 | 000,000,000 | ---D | M] (ReloadEvery) -- D:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Pr ofiles\eluxhlz3.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010/10/14 20:50:48 | 000,000,000 | ---D | M] (DownloadHelper) -- D:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Pr ofiles\eluxhlz3.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/08/20 05:33:38 | 000,000,000 | ---D | M] (Adblock Plus) -- D:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Pr ofiles\eluxhlz3.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/08/09 13:35:58 | 000,000,000 | ---D | M] (DownThemAll!) -- D:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Pr ofiles\eluxhlz3.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/03/25 23:10:48 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\mozilla\Firefox\Pr ofiles\eluxhlz3.default\extensions\jl@leimbach-it.de
[2010/03/13 10:43:38 | 000,000,687 | ---- | M] () -- D:\Users\Stefan\AppData\Roaming\Mozilla\FireFox\Pr ofiles\eluxhlz3.default\searchplugins\icq-search.xml
[2010/04/09 04:24:01 | 000,000,950 | ---- | M] () -- D:\Users\Stefan\AppData\Roaming\Mozilla\FireFox\Pr ofiles\eluxhlz3.default\searchplugins\icqplugin-1.xml
[2010/06/24 04:14:10 | 000,000,950 | ---- | M] () -- D:\Users\Stefan\AppData\Roaming\Mozilla\FireFox\Pr ofiles\eluxhlz3.default\searchplugins\icqplugin-2.xml
[2010/06/28 04:34:20 | 000,000,950 | ---- | M] () -- D:\Users\Stefan\AppData\Roaming\Mozilla\FireFox\Pr ofiles\eluxhlz3.default\searchplugins\icqplugin-3.xml
[2010/03/23 20:50:29 | 000,000,950 | ---- | M] () -- D:\Users\Stefan\AppData\Roaming\Mozilla\FireFox\Pr ofiles\eluxhlz3.default\searchplugins\icqplugin.xm l
[2010/11/02 15:35:58 | 000,000,000 | ---D | M] -- D:\Program Files (x86)\mozilla firefox\extensions
[2010/08/10 21:39:24 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/08/10 21:39:24 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/08/10 21:39:24 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/08/10 21:39:24 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - D:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - D:\Users\Stefan\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - D:\Users\Stefan\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O4:64bit: - HKLM..\Run: [RivaTuner] D:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [RivaTunerStartupDaemon] D:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTunerWrapper.exe ()
O4:64bit: - HKLM..\Run: [SoundMAX] D:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [Ai Nap] D:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe ()
O4 - HKLM..\Run: [avgnt] D:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [CloneCDTray] D:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [Cpu Level Up] D:\Program Files (x86)\ASUS\AI Suite\CPU Level UPEx\CpuLevelUp.exe (ASUSTek)
O4 - HKLM..\Run: [CTxfiHlp] D:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [QFan Help] D:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe ()
O4 - HKLM..\Run: [SoundMAXPnP] D:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive] D:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [CPU_Control] D:\Program Files (x86)\CPU-Control\CPU_Control.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [ICQ] D:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [Sony Ericsson PC Suite] D:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe (Sony Ericsson Mobile Communications AB)
O4 - Startup: D:\Users\Stefan\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\DSL-Manager.lnk = D:\Program Files (x86)\DSL-Manager\DslMgr.exe (T-Systems Enterprise Services GmbH)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: add to &BOM - D:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: add to &BOM - D:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - D:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15109/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (AnyDiscHelp.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\SysNative\SystemPropertiesPerformance.e xe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - D:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - D:\Windows\SysWOW64\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/11/06 11:40:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0d015aa1-0fb2-11df-ae60-00040ec2d49e}\Shell - "" = AutoRun
O33 - MountPoints2\{0d015aa1-0fb2-11df-ae60-00040ec2d49e}\Shell\AutoRun\command - "" = F:\pushinst.exe -- File not found
O33 - MountPoints2\{579798c2-cbb7-11de-922a-001e8c717125}\Shell - "" = AutoRun
O33 - MountPoints2\{579798c2-cbb7-11de-922a-001e8c717125}\Shell\AutoRun\command - "" = K:\Setup.exe -- File not found
O33 - MountPoints2\{a96da4f5-f081-11de-9024-00040ec2d49e}\Shell - "" = AutoRun
O33 - MountPoints2\{a96da4f5-f081-11de-9024-00040ec2d49e}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: diskvaws - (D:\Windows\system32\icartend.dll) - D:\Windows\SysWow64\icartend.dll File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/02 15:36:46 | 000,000,000 | ---D | C] -- D:\MalwarebytesPortable
[2010/10/27 14:58:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/10/23 17:36:04 | 000,051,992 | ---- | C] (AVIRA GmbH) -- D:\Windows\SysWow64\drivers\avgntdd.sys
[2010/10/23 17:36:04 | 000,017,016 | ---- | C] (AVIRA GmbH) -- D:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.11.02 15:55:27 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Spybot - Search & Destroy
[2010.11.02 15:13:17 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\ESET
[2010.11.01 15:29:35 | 000,000,000 | -H-D | C] -- D:\Users\Public\Documents\Server
[2010.10.31 22:19:49 | 000,067,176 | ---- | C] (Khronos Group) -- D:\Windows\SysNative\OpenCL.dll
[2010.10.31 22:19:49 | 000,057,960 | ---- | C] (Khronos Group) -- D:\Windows\SysWow64\OpenCL.dll
[2010.10.30 18:33:37 | 000,000,000 | ---D | C] -- D:\Users\Stefan\AppData\Local\FalloutNV
[2010.10.27 14:58:39 | 000,000,000 | ---D | C] -- D:\Users\Stefan\AppData\Roaming\Malwarebytes
[2010.10.27 14:58:28 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- D:\Windows\SysNative\drivers\mbam.sys
[2010.10.27 14:58:28 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.10.27 14:58:28 | 000,000,000 | ---D | C] -- D:\ProgramData\Malwarebytes
[2010.10.24 16:00:29 | 000,069,152 | ---- | C] (Lavasoft AB) -- D:\Windows\SysNative\drivers\Lbd.sys
[2010.10.24 14:00:14 | 000,000,000 | ---D | C] -- D:\Users\Stefan\AppData\Local\Sunbelt Software
[2010.10.24 13:59:40 | 000,000,000 | -H-D | C] -- D:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.10.24 13:59:36 | 000,000,000 | ---D | C] -- D:\ProgramData\Lavasoft
[2010.10.24 13:59:36 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Lavasoft
[2010.10.23 20:13:59 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Trend Micro
[2010.10.23 20:12:26 | 000,000,000 | ---D | C] -- D:\Users\Stefan\AppData\Roaming\vlc
[2010.10.23 17:47:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Spybot - Search & Destroy
[2010.10.23 17:46:19 | 000,000,000 | ---D | C] -- D:\Users\Stefan\AppData\Roaming\Avira
[2010.10.23 17:36:04 | 000,116,568 | ---- | C] (Avira GmbH) -- D:\Windows\SysNative\drivers\avipbb.sys
[2010.10.23 17:36:04 | 000,081,072 | ---- | C] (Avira GmbH) -- D:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.23 17:36:03 | 000,000,000 | ---D | C] -- D:\ProgramData\Avira
[2010.10.23 17:36:03 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\Avira
[2010.10.23 17:09:32 | 000,000,000 | ---D | C] -- D:\Users\Stefan\AppData\Local\DBControl
[2010.10.20 21:57:49 | 000,000,000 | ---D | C] -- D:\Users\Stefan\Documents\ArcaniA - Gothic 4
[2010.10.10 20:17:50 | 000,000,000 | ---D | C] -- D:\Users\Stefan\Documents\AnyDVDHD
[2010.10.08 17:21:16 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\GPSBabel
[2010.10.08 17:10:41 | 000,000,000 | ---D | C] -- D:\Program Files\7-Zip
[2010.10.08 17:00:11 | 000,000,000 | ---D | C] -- D:\Users\Stefan\Documents\TomTom
[2010.10.08 17:00:08 | 000,000,000 | ---D | C] -- D:\ProgramData\TomTom
[2010.10.08 16:59:59 | 000,000,000 | ---D | C] -- D:\Users\Stefan\AppData\Roaming\TomTom
[2010.10.08 16:59:59 | 000,000,000 | ---D | C] -- D:\Users\Stefan\AppData\Local\TomTom
[2010.10.08 16:59:54 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\TomTom International B.V
[2010.10.08 16:59:45 | 000,000,000 | ---D | C] -- D:\Program Files (x86)\TomTom HOME 2
[2010.01.11 21:24:29 | 000,148,736 | ---- | C] (Avanquest Software) -- D:\ProgramData\hpe671B.dll
[2010.01.01 16:08:48 | 000,148,736 | ---- | C] (Avanquest Software) -- D:\ProgramData\hpe363D.dll
[2009/06/04 00:57:38 | 000,060,928 | ---- | C] ( ) -- D:\Windows\SysWow64\a3d.dll
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.02 22:46:57 | 000,014,224 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.02 22:46:57 | 000,014,224 | -H-- | M] () -- D:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.02 22:44:36 | 001,619,748 | ---- | M] () -- D:\Windows\SysNative\PerfStringBackup.INI
[2010.11.02 22:44:36 | 000,697,474 | ---- | M] () -- D:\Windows\SysNative\perfh007.dat
[2010.11.02 22:44:36 | 000,654,354 | ---- | M] () -- D:\Windows\SysNative\perfh009.dat
[2010.11.02 22:44:36 | 000,148,104 | ---- | M] () -- D:\Windows\SysNative\perfc007.dat
[2010.11.02 22:44:36 | 000,121,224 | ---- | M] () -- D:\Windows\SysNative\perfc009.dat
[2010.11.02 22:40:21 | 000,000,394 | ---- | M] () -- D:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.02 22:39:33 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2010.11.02 22:39:32 | 535,732,223 | -HS- | M] () -- D:\hiberfil.sys
[2010.11.02 22:38:30 | 000,063,460 | ---- | M] () -- D:\Windows\SysNative\BMXStateBkp-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx
[2010.11.02 22:38:30 | 000,063,460 | ---- | M] () -- D:\Windows\SysNative\BMXState-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx
[2010.11.02 22:38:30 | 000,001,080 | ---- | M] () -- D:\Windows\SysNative\settingsbkup.sfm
[2010.11.02 22:38:30 | 000,001,080 | ---- | M] () -- D:\Windows\SysNative\settings.sfm
[2010.11.02 22:38:30 | 000,000,788 | ---- | M] () -- D:\Windows\SysNative\DVCState-{00000002-00000000-00000007-00001102-00000005-00231102}.rfx
[2010.11.02 22:38:09 | 000,000,982 | ---- | M] () -- D:\Users\Stefan\AppData\Roaming\Microsoft\Windows\ Start Menu\Programs\Startup\DSL-Manager.lnk
[2010.10.30 13:10:28 | 002,967,345 | ---- | M] () -- D:\Users\Stefan\Documents\2010-10-30-12-10-MyMDb_Backup.xlg
[2010.10.24 13:59:39 | 000,001,174 | ---- | M] () -- D:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010.10.24 13:59:39 | 000,001,150 | ---- | M] () -- D:\Users\Public\Desktop\Ad-Aware.lnk
[2010.10.24 13:09:32 | 028,541,623 | ---- | M] () -- D:\Program Files (x86)\Spybot - Search & Destroy.rar
[2010.10.23 20:13:59 | 000,002,981 | ---- | M] () -- D:\Users\Stefan\Desktop\HiJackThis.lnk
[2010.10.23 18:11:56 | 000,000,103 | ---- | M] () -- D:\Windows\wininit.ini
[2010.10.23 18:02:35 | 000,001,066 | ---- | M] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2010.10.23 18:01:13 | 019,657,194 | ---- | M] () -- D:\Users\Stefan\Documents\vlc-1.1.4-win32.exe
[2010.10.23 17:36:13 | 000,002,066 | ---- | M] () -- D:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.23 17:09:24 | 000,000,179 | ---- | M] () -- D:\Users\Stefan\AppData\Roaming\42693.bat
[2010.10.23 17:09:06 | 000,000,016 | ---- | M] () -- D:\Users\Stefan\AppData\Roaming\dxqkew.dat
[2010.10.22 07:23:18 | 000,067,176 | ---- | M] (Khronos Group) -- D:\Windows\SysNative\OpenCL.dll
[2010.10.22 07:23:18 | 000,057,960 | ---- | M] (Khronos Group) -- D:\Windows\SysWow64\OpenCL.dll
[2010.10.22 07:23:15 | 000,007,877 | ---- | M] () -- D:\Windows\SysNative\nvinfo.pb
[2010.10.20 21:48:37 | 000,000,690 | ---- | M] () -- D:\Users\Public\Desktop\ArcaniA - Gothic 4 starten.lnk
[2010.10.14 13:25:02 | 000,418,392 | ---- | M] () -- D:\Windows\SysNative\FNTCACHE.DAT
[2010.10.12 13:44:28 | 000,000,083 | -HS- | M] () -- D:\ProgramData\.zreglib
[2010.10.10 20:17:30 | 000,001,199 | ---- | M] () -- D:\Users\Public\Desktop\CloneDVD2.lnk
[2010.10.10 20:17:10 | 000,001,101 | ---- | M] () -- D:\Users\Public\Desktop\AnyDVD.lnk
[2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.01 05:20:42 | 000,000,394 | ---- | C] () -- D:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.10.30 13:10:22 | 002,967,345 | ---- | C] () -- D:\Users\Stefan\Documents\2010-10-30-12-10-MyMDb_Backup.xlg
[2010.10.24 15:57:20 | 000,015,880 | ---- | C] () -- D:\Windows\SysNative\lsdelete.exe
[2010.10.24 13:59:39 | 000,001,174 | ---- | C] () -- D:\Users\Stefan\Application Data\Microsoft\Internet Explorer\Quick Launch\Ad-Aware.lnk
[2010.10.24 13:59:39 | 000,001,150 | ---- | C] () -- D:\Users\Public\Desktop\Ad-Aware.lnk
[2010.10.24 13:09:19 | 028,541,623 | ---- | C] () -- D:\Program Files (x86)\Spybot - Search & Destroy.rar
[2010.10.23 20:13:59 | 000,002,981 | ---- | C] () -- D:\Users\Stefan\Desktop\HiJackThis.lnk
[2010.10.23 18:11:56 | 000,000,103 | ---- | C] () -- D:\Windows\wininit.ini
[2010.10.23 18:02:35 | 000,001,066 | ---- | C] () -- D:\Users\Public\Desktop\VLC media player.lnk
[2010.10.23 17:57:08 | 019,657,194 | ---- | C] () -- D:\Users\Stefan\Documents\vlc-1.1.4-win32.exe
[2010.10.23 17:36:13 | 000,002,066 | ---- | C] () -- D:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.23 17:09:32 | 000,000,000 | ---- | C] () -- D:\Users\Stefan\AppData\Local\googleupdate.log
[2010.10.23 17:09:24 | 000,000,179 | ---- | C] () -- D:\Users\Stefan\AppData\Roaming\42693.bat
[2010.10.23 17:09:06 | 000,000,016 | ---- | C] () -- D:\Users\Stefan\AppData\Roaming\dxqkew.dat
[2010.10.20 21:48:37 | 000,000,690 | ---- | C] () -- D:\Users\Public\Desktop\ArcaniA - Gothic 4 starten.lnk
[2010.10.10 20:17:30 | 000,001,199 | ---- | C] () -- D:\Users\Public\Desktop\CloneDVD2.lnk
[2010.10.10 20:17:10 | 000,001,101 | ---- | C] () -- D:\Users\Public\Desktop\AnyDVD.lnk
[2010.04.02 16:17:34 | 000,179,091 | ---- | C] () -- D:\Windows\SysWow64\xlive.dll.cat
[2010.02.07 13:21:18 | 000,000,193 | ---- | C] () -- D:\Windows\WORDPAD.INI
[2010.01.23 13:13:08 | 053,992,860 | ---- | C] () -- D:\Program Files (x86)\MyMDb.rar
[2009/11/28 14:39:19 | 000,015,873 | ---- | C] () -- D:\Windows\SysWow64\Inetde.dll
[2009/11/09 19:47:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\asrussian.dll
[2009/11/09 19:47:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\askorean.dll
[2009/11/09 19:47:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\asjapan.dll
[2009/11/09 19:47:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\asgerman.dll
[2009/11/09 19:47:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\asfrench.dll
[2009/11/09 19:47:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\aseng.dll
[2009/11/09 19:47:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\ASCHT.dll
[2009/11/09 19:47:16 | 000,053,248 | ---- | C] () -- D:\Windows\SysWow64\aschs.dll
[2009/11/07 19:04:33 | 000,003,040 | ---- | C] () -- D:\Windows\SysWow64\drivers\nvflash.sys
[2009/11/07 18:39:06 | 000,024,576 | R--- | C] () -- D:\Windows\SysWow64\AsIO.dll
[2009/11/07 18:39:06 | 000,013,368 | R--- | C] () -- D:\Windows\SysWow64\drivers\AsIO.sys
[2009/11/07 18:21:22 | 000,148,480 | ---- | C] () -- D:\Windows\SysWow64\APOMngr.DLL
[2009/11/07 18:21:22 | 000,073,728 | ---- | C] () -- D:\Windows\SysWow64\CmdRtr.DLL
[2009/11/07 18:20:49 | 000,003,072 | ---- | C] () -- D:\Windows\SysWow64\CTXFIGER.DLL
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/06/04 01:37:08 | 000,021,093 | ---- | C] () -- D:\Windows\SysWow64\instwdm.ini
[2009/06/04 01:37:06 | 000,000,054 | ---- | C] () -- D:\Windows\SysWow64\ctzapxx.ini
[2009/06/04 00:55:20 | 000,002,560 | ---- | C] () -- D:\Windows\SysWow64\CtxfiRes.dll
[2009/05/27 09:49:00 | 000,000,285 | ---- | C] () -- D:\Windows\SysWow64\kill.ini
[2009.12.31 15:31:52 | 000,000,083 | -HS- | C] () -- D:\ProgramData\.zreglib
[2009.12.19 15:50:42 | 000,000,034 | ---- | C] () -- D:\Windows\cdplayer.ini
[2009.12.03 19:33:24 | 000,000,156 | ---- | C] () -- D:\Users\Stefan\AppData\Roaming\default.rss
[2009.12.03 19:33:07 | 000,000,069 | ---- | C] () -- D:\Windows\NeroDigital.ini
[2009.11.09 19:47:15 | 000,761,856 | ---- | C] () -- D:\Windows\SysWow64\xvidcore.dll
[2009.11.09 19:47:15 | 000,180,224 | ---- | C] () -- D:\Windows\SysWow64\xvidvfw.dll
[2009.11.09 15:39:36 | 000,000,038 | ---- | C] () -- D:\Windows\AviSplitter.INI
[2009.11.07 18:38:45 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2009.11.07 18:35:19 | 001,594,390 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2009.12.11 17:02:25 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Any DVD Converter Professional
[2010.09.16 16:45:11 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\AquaSoft
[2010.05.29 21:21:23 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\bizarre creations
[2009.11.07 18:16:23 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Blitware
[2010.05.30 19:05:25 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\BOM
[2010.04.25 14:00:51 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\CPUControl
[2010.05.29 21:18:11 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\DAEMON Tools Lite
[2010.10.24 15:57:20 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Desktopicon
[2010.11.02 15:26:38 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\ICQ
[2010.02.04 22:18:43 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\MixVibes
[2010.09.10 22:44:26 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Movie Label
[2010.09.16 17:07:03 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\PixelPlanet
[2009.12.25 09:26:01 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Propellerhead Software
[2010.09.26 18:46:29 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Smart Recorder
[2009.12.06 21:10:57 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Thinstall
[2010.10.08 16:59:59 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\TomTom
[2009.12.19 15:48:41 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Toolbars
[2010.01.24 14:45:49 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\TS3Client
[2010.09.08 17:00:17 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\TuneUp Software
[2009.11.09 15:39:36 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\Win7codecs
[2009.11.08 16:27:12 | 000,000,000 | ---D | M] -- D:\Users\Stefan\AppData\Roaming\XRay Engine
[2010.11.02 22:40:21 | 000,000,394 | ---- | M] () -- D:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.01.10 15:33:08 | 000,000,468 | ---- | M] () -- D:\Windows\Tasks\Driver Robot.job
[2010.08.31 14:34:38 | 000,032,620 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
[/quote]

OTL Extras logfile created on: 11/2/2010 10:45:22 PM - Run 1
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

6.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 71.00% Memory free
12.00 Gb Paging File | 10.00 Gb Available in Paging File | 83.00% Paging File free
Paging file location(s): ?:\pagefile.sys

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 76.33 Gb Total Space | 12.95 Gb Free Space | 16.97% Space Free | Partition Type: NTFS
Drive D: | 201.01 Gb Total Space | 127.88 Gb Free Space | 63.62% Space Free | Partition Type: NTFS
Drive E: | 1196.25 Gb Total Space | 393.57 Gb Free Space | 32.90% Space Free | Partition Type: NTFS
Drive G: | 265.75 Gb Total Space | 72.73 Gb Free Space | 27.37% Space Free | Partition Type: NTFS
Drive H: | 100.00 Gb Total Space | 77.71 Gb Free Space | 77.71% Space Free | Partition Type: NTFS

Computer Name: STEFAN-PC | User Name: Stefan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[B]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- D:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- D:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- D:\Windows\System32\ieframe.DLL (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "D:\Windows\System32\rundll32.exe" "D:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows NT\SystemRestore]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\PublicPr ofile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{013CCA52-DA56-4133-AC2B-1988A9568C30}" = Native Instruments Audio 4 DJ Driver
"{0B8565BA-BAD5-4732-B122-5FD78EFC50A9}" = Native Instruments Service Center
"{0F2D7186-EF54-37FA-AA61-ED6F88E771CE}" = Microsoft .NET Framework 4 Extended Beta 2
"{23170F69-40C1-2702-0915-000001000000}" = 7-Zip 9.15 (x64 edition)
"{267B3E82-C941-47D8-BCD3-1BBBB56FCBC6}" = Native Instruments Maschine Controller Driver
"{2AAC4085-DCBF-417B-AEBD-182197839240}" = Native Instruments Traktor
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{7930FB47-6452-4476-BF16-D77F748646DB}" = Native Instruments Session IO Driver
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0012-0000-1000-0000000FF1CE}" = Microsoft Office Standard 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0000-1000-0000000FF1CE}" = Microsoft Office Excel 2010
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0000-1000-0000000FF1CE}" = Microsoft Office PowerPoint 2010
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0000-1000-0000000FF1CE}" = Microsoft Office Outlook 2010
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0000-1000-0000000FF1CE}" = Microsoft Office Word 2010
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-008B-0000-1000-0000000FF1CE}" = Microsoft Office Small Business Basics 2010
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{A35001F0-F1E4-11DD-A38B-005056C00008}" = Paragon Partition Manager™ 10.0 Professional
"{B0EFB716-085B-4564-8060-212E41F5CE50}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 260.99
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B962AD08-335F-46f7-A182-257D37672E5C}" = Native Instruments Rig Kontrol 3 Driver
"{E856E900-52DE-3F06-B493-B39442A717F6}" = Microsoft .NET Framework 4 Client Profile Beta 2
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"Microsoft .NET Framework 4 Client Profile Beta 2" = Microsoft .NET Framework 4 Client Profile Beta 2
"Microsoft .NET Framework 4 Extended Beta 2" = Microsoft .NET Framework 4 Extended Beta 2
"Office14.EXCEL" = Microsoft Excel 2010
"Office14.OUTLOOK" = Microsoft Outlook 2010
"Office14.POWERPOINT" = Microsoft PowerPoint 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Office14.SMALLBUSBASICS" = Microsoft Office Small Business Basics 2010
"Office14.STANDARD" = Microsoft Office Standard 2010
"Office14.WORD" = Microsoft Word 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Win7x64 Components_is1" = Win7x64 Components v1.2.1
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0711500B-9912-4D60-9A49-C577B4503D42}" = Nero Recode Help
"{07FF7593-9DEA-40B5-9F87-F557E65BBF60}" = Nero Recode
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{11A84FCA-C3C7-4AFD-A797-111DB8569DBC}" = Nero BurningROM
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{1B040683-C390-4711-ABC7-DA8D85E470E7}" = NeroBurningROM
"{1B8FE958-A304-4902-BF7A-4E2F0F5B7017}_is1" = GPSBabel 1.4.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback 10
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{28526951-55EF-4901-A0CA-B9AC966D1DD1}" = Split/Second
"{2D3455A8-3B15-41A8-99F8-0D4215746463}" = Nero StartSmart
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{3097B151-1F61-4211-A4CC-D70127B226AE}" = SoundTrax
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34BDF3BF-AA61-42E7-8818-C16A304910FC}" = Emma Core
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3F30CC51-0788-487B-AA83-7214A239C0C0}" = Nero Disc Copy Gadget Help
"{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1" = S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01]
"{42C8B7DF-FEB0-4D51-B169-506B6BEC5797}" = Nero 10 Menu TemplatePack 1
"{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4D42353B-533F-4306-AD0B-7FEF292ADE04}" = Nero CoverDesigner Help
"{4E8C27C2-D727-4C00-A90E-C3F6376EEE70}" = Nero ControlCenter
"{5454083B-1308-4485-BF17-111000028701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028702}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000028703}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{56BE5CC9-95E6-4128-ABEA-968414CA9C80}" = DolbyFiles
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Activision(R)
"{5AE12194-3EAA-40DF-B2BF-FE1D6B78BBF4}" = Nero Vision
"{5C2E8A0F-80E2-4C68-8CC0-D8D16E7196BF}" = Nero RescueAgent Help
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{70F19404-B96C-4EBB-AD2B-3574F8736197}" = Nero 10 Movie ThemePack 2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{775DC704-AAE3-4A79-981F-EA1CBAF96EB7}" = Gothic III - Götterdämmerung
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}" = ASUS Gamer OSD
"{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90A455A7-0FC8-4508-B7FA-8F135B8F041A}" = DSL-Manager
"{92146419-AE44-4C8B-A48B-0ABB1B5EC026}" = Nero 10 Menu TemplatePack 3
"{92A10E9D-EA00-4A46-8F22-EEA660992D61}" = Nero 10 Sample Videos
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{93A10228-4F64-4A31-B7B9-BC6AA7753BB8}" = Scratch LIVE 1.8.2 (18221)
"{943CC0C0-2253-4FE0-9493-DD386F7857FD}" = Nero Express
"{961D53EA-40DC-4156-AD74-25684CE05F81}" = Nero Installer
"{96ED4B78-300E-4033-AE6C-C115CEB4DF07}" = Nero 10 ClipartPack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9A875B56-A35C-46BA-A3AA-DF8D03EE9F2F}" = Nero ControlCenter
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{9E78C42C-4FF9-4F41-BBC4-BF872606E79D}_is1" = Driver Robot 1.1.0.14
"{9F3523F8-DAD7-AE52-6DA7-45CDDDF33726}" = Advertising Center
"{A3A61264-B075-46BE-9C97-376EA4CEEEF5}" = PdfGrabber 6.0
"{A73BEC3C-40A0-480E-87EF-EFCD33629088}" = NeroExpress
"{A8399F58-234A-48C6-BA55-30C15738BF3C}" = Nero CoverDesigner
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{ACD15FDF-FC42-4175-B477-576F92FF2256}" = Nero 10 Sample ImagePack
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B2C12C8D-65DC-40BD-B309-5ADB0C6C8D8F}" = Nero WaveEditor
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8777FFC-165B-4DDE-B60B-AD5533D9EAD3}" = AquaSoft PhotoKalender 3
"{B96C2601-52F5-4D5D-816A-63469EA311EF}" = "Nero SoundTrax Help
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BCD82AB5-670D-4242-90FA-1F97103C16CD}" = Movie Templates - Starter Kit
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{C99C89A3-119A-45E6-B26E-DD5643CAA0C5}" = Menu Templates - Starter Kit
"{CD1826A5-CFCC-4C6E-9F9D-E181876162EA}" = Nero Rescue Agent
"{d0894778-7254-401e-8a82-f9c05ae100bb}" = Nero 9
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D7C206B6-1A63-4389-A8B1-8F607D0BFF1F}" = Nero StartSmart Help
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4A8DD87-A746-4443-BF25-CAF99CED6767}" = Nero Disc Copy Gadget
"{E712C273-7564-4C8E-AA59-0FA19BC35117}" = Nero 10 Menu TemplatePack 2
"{E86156E5-9859-440D-8876-26CED1349802}" = Nero WaveEditor Help
"{ED3D71CC-9F3B-4AC5-9E55-AB915EBC0BEB}" = HDD Temperature v.4
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EFE1AB94-5466-4B6E-BE31-FF4C115FD25D}" = Max Payne 2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F53F6769-AC46-49E3-ABE3-2C8AFD39D0DD}" = Nero Vision
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ALchemy" = Creative ALchemy
"Any DVD Converter Professional_is1" = Any DVD Converter Professional 3.5.8
"AnyDVD" = AnyDVD
"AoA Video Joiner_is1" = AoA Video Joiner
"AquaSoft PhotoKalender 3" = AquaSoft PhotoKalender 3
"ArcaniA" = ArcaniA - Gothic 4
"Ashampoo WinOptimizer 6_is1" = Ashampoo WinOptimizer 6.30
"ASIO4ALL" = ASIO4ALL
"AudioCS" = Creative Audio-Systemsteuerung
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Avi2Dvd" = Avi2Dvd 0.4.5 beta
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"AVMWLANCLI" = AVM FRITZ!WLAN
"Biet-O-Matic v2.12.0" = Biet-O-Matic v2.12.0
"ca_movielabel_is1" = Movie Label 2011 v6.1
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"Console Launcher" = Creative Konsole Starter
"CPU-Control_is1" = CPU-Control
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1" = EFCL SecuLauncher Error Fix v1.1 by TokZic 1.1
"EFLC Errors Fix v1.3 TokZic 4 myGully" = EFLC Errors Fix v1.3 TokZic 4 myGully
"ESET Online Scanner" = ESET Online Scanner v3
"Fallout New Vegas_is1" = Fallout New Vegas
"Festo Fluidsim_is1" = Festo FluidSim 3.6
"FormatFactory" = FormatFactory 2.20
"Future Wars" = Future Wars
"G3QP231012008_is1" = Questpaket 4 Update 1 Deinstallation
"GFWL_{4343080E-91B7-4388-AB4D-FB1000008200}" = Dead Rising 2
"Gordon's Gate Flash Driver" = Gordon's Gate Flash Driver 1.1.0.12
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}" = Blur(TM)
"InstallShield_{809D7E6D-915D-4EAD-821F-E13D93F37161}" = ASUS Smart Doctor
"LOGO!Soft Comfort V6.0" = LOGO!Soft Comfort V6.0
"Mafia II Update 1_is1" = Mafia II Update 1
"Mafia II_is1" = Mafia II
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Manhunt 2" = Manhunt 2
"MKV To AVI With Subtitle_is1" = MKV To AVI With Subtitle version 2.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MyMDb_0" = MyMDb 3.5.3
"MyMDb_1" = MyMDb 3.6
"MyMDb_2" = MyMDb 3.6
"MyMDb_3" = MyMDb 3.6
"MyMDb_4" = MyMDb 3.6
"MyMDb_5" = MyMDb 3.6
"Native Instruments Audio 4 DJ Driver" = Native Instruments Audio 4 DJ Driver
"Native Instruments Finale GPO" = Native Instruments Finale GPO
"Native Instruments Maschine Controller Driver" = Native Instruments Maschine Controller Driver
"Native Instruments Rig Kontrol 3 Driver" = Native Instruments Rig Kontrol 3 Driver
"Native Instruments Service Center" = Native Instruments Service Center
"Native Instruments Session IO Driver" = Native Instruments Session IO Driver
"Native Instruments Traktor" = Native Instruments Traktor
"Native Instruments Traktor DJ Studio 3" = Native Instruments Traktor DJ Studio 3
"Netzmanager" = Netzmanager
"No-IP.com DUC" = No-IP.com DUC (remove only)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Reason4_is1" = Reason 4.0
"RivaTuner" = RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
"SEMC OMSI Module" = SEMC OMSI Module
"SFBM" = SoundFont-Bank-Manager
"Smart Recorder" = Creative Smart Recorder
"TBSB03968.TBSB03968Toolbar" = Toolbar fuer eBay
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TomTom HOME" = TomTom HOME 2.7.6.2056
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.4
"xvid" = XviD MPEG-4 Video Codec
"YouTubeGet_is1" = YouTubeGet 5.3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Uninstall]
"Freewar Karten Editor" = Freewar Karten Editor

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 22.09.2010 13:04:04 | Computer Name = Stefan-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: A required certificate is not within its validity period when verifying
against the current system clock or the timestamp in the signed file. .

Error - 23.09.2010 16:06:06 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xd88 Startzeit der fehlerhaften Anwendung: 0x01cb5b51b099ff00 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
ff4465b0-c74d-11df-82a3-028037060300

Error - 23.09.2010 17:05:32 | Computer Name = Stefan-PC | Source = MsiInstaller | ID = 10005
Description =

Error - 23.09.2010 17:37:45 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xbf8 Startzeit der fehlerhaften Anwendung: 0x01cb5b5e350c3120 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
cceb8780-c75a-11df-82a3-028037060300

Error - 24.09.2010 04:52:17 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xd40 Startzeit der fehlerhaften Anwendung: 0x01cb5bc3e90471a0 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
0826bd70-c7b9-11df-aab3-001f3f028e95

Error - 28.09.2010 00:36:52 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xe84 Startzeit der fehlerhaften Anwendung: 0x01cb5ec647019260 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
036f0720-caba-11df-acd3-028037060300

Error - 28.09.2010 09:33:32 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xea8 Startzeit der fehlerhaften Anwendung: 0x01cb5f1186a86a10 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
fc288590-cb04-11df-8664-028037060300

Error - 30.09.2010 00:39:53 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: IPHLPAPI.DLL, Version: 6.1.7600.16385,
Zeitstempel: 0x4a5bda1b Ausnahmecode: 0xc0000409 Fehleroffset: 0x0000d9e6 ID des fehlerhaften
Prozesses: 0xe30 Startzeit der fehlerhaften Anwendung: 0x01cb60591cea8b00 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: D:\Windows\system32\IPHLPAPI.DLL Berichtskennung: c45ed3f0-cc4c-11df-82e8-028037060300

Error - 30.09.2010 12:49:50 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xc98 Startzeit der fehlerhaften Anwendung: 0x01cb60a5a3c5aaf0 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
bd684340-ccb2-11df-8b29-001f3f028e95

Error - 01.10.2010 01:04:17 | Computer Name = Stefan-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Name des fehlerhaften Moduls: DslMgrSvc.exe, Version: 6.91.8434.1,
Zeitstempel: 0x4900aa18 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c41a ID des fehlerhaften
Prozesses: 0xe0c Startzeit der fehlerhaften Anwendung: 0x01cb612226419670 Pfad der
fehlerhaften Anwendung: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Pfad des
fehlerhaften Moduls: D:\Program Files (x86)\DSL-Manager\DslMgrSvc.exe Berichtskennung:
57005400-cd19-11df-8db2-028037060300

[ System Events ]
Error - 29.10.2010 16:29:40 | Computer Name = Stefan-PC | Source = DCOM | ID = 10010
Description =

Error - 29.10.2010 22:24:45 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 2
Mal passiert.

Error - 30.10.2010 07:19:24 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.

Error - 30.10.2010 09:07:01 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 2
Mal passiert.

Error - 30.10.2010 13:37:15 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.

Error - 31.10.2010 09:57:11 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.

Error - 31.10.2010 17:19:29 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 2
Mal passiert.

Error - 31.10.2010 17:48:52 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 3
Mal passiert.

Error - 02.11.2010 10:23:48 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.

Error - 02.11.2010 17:38:09 | Computer Name = Stefan-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "DSL-Manager" wurde unerwartet beendet. Dies ist bereits 1
Mal passiert.


< End of report >

Wieso so kompliziert???
Autoruns - Download - CHIP Online (http://www.chip.de/downloads/Autoruns_20358751.html)
zeigt sogar den pfad an ...

Bitte das nächste mal in unseren NoPast-Service reinstecken, das boomt den Inhalt komplett.

Und wenn ich hier noch einmal lesen muss, dass der User einfach formatieren soll, der kriegt nen Lebensban, versprochen!

thema für mich beendet, habe die kiste um paar tage zurückgestellt und läuft.

bedanke mich für die hilfe, auch wenns mit dem normalen entfernen nicht geklapt hat.
mfg

naja wenns nen dicker fetter trojaner war dann hilft nichts paar tage zurückstellen...

Achja fürs nächste mal .: es gibt eine neue version der security/fw lösung "comodo" die ziemlich gut abschneidet. Ich bin echt überrascht. :) Es wurden einige fehler behoben und schon damals konnte sich die SOftware sehen lassen. Nun ist sie wesentlich besser. Unbekannte daten werden vorab in einer gesicherten sandbox umgebung gestartet. Man kann dann im nachhinein entscheiden ob man die datei normal ausführen will. Man muss aber nicht ,im sandbox mode lässt es sich ,resourcen schonend ,gut arbeiten. Es gibt noch weitere ,zahlreiceh features. Ich kann comodo nur jedem empfehlen.
Aber vorweg, wenn das System natürlich schon kompromitiert wurde ,ist selbst eine gute Security lösung problematisch. Von dem her, haben einige schon recht mit der aussage, dass ein format die obligatorisch beste Lösung ist. ;)

LG
vince