Keylogger verdacht Hilfe!!!!

damnstyle · 26.07.11, 19:56

Wäre nett wenn einer der ahnung hat sich dieses logfile mal angucken könnte pls

danke im voraus

Zitat:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:55:10, on 26.07.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MT\MT.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Verbindungsassistent\Verbindungsassistent.ex e
C:\Program Files\Opera\opera.exe
C:\Users\riechel\AppData\Local\Opera\Opera\tempora ry_downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\Ba bylonToolbar.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers\YontooIEClient.dll
O3 - Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - (no file)
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\Babyl onToolbarTlbr.dll
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Meine Traffic] C:\PROGRA~2\MT\MT.EXE
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger .exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\riechel\AppData\Roaming\DVDVideoSoftIEHel pers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (file missing)
O17 - HKLM\System\CCS\Services\Tcpip\..\{95748466-A90E-4CB7-A2E7-A093B17EF55A}: NameServer = 212.23.97.3 212.23.97.2
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LibUsb-Win32 - Daemon, Version 0.1.10.1 (libusbd) - [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ] - C:\Windows\system32\libusbd-nt.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Performance Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: Update Center Service (UpdateCenterService) - NVIDIA - C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe
O23 - Service: WTGService - Unknown owner - C:\Program Files\Verbindungsassistent\wtgservice.exe

--
End of file - 7837 bytes

ckjthedogmaster · 26.07.11, 20:26

O4 - HKLM\..\Run: [SearchSettings] "C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

Spigot = Backdoor. (aber jetzt noch nicht fixen) Bei dem log können noch andere Sachen weg, dazu gleich mehr.

Lade dir zuerst Malwarebytes runter und aktualisiere es. Danach machst du ein Scan und postest den Bericht.

Lade dir auch mal bitte [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ] runter und mach damit einScan, Achte darauf das bei Ausgabe (Standard) bei Extra Registrierung ( Benutze Safe-List) und die Lop und Purity - Prüfung markiert ist.

Und kopiere dies

in das Feld "BenutzerdefinierteScans/fixed

Vista und Win7 muss das Programm "als Admin " gestartet werden.
Hier bekommst du zwei Log Files, auch mal bitte posten.

Mfg

damnstyle · 30.07.11, 13:11

So danek für die schnelle antwort hier iet einmal der log von malwarebytes

Zitat:

Malwarebytes' Anti-Malware 1.51.1.1800
[ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]

Datenbank Version: 7312

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.07.2011 21:24:27
mbam-log-2011-07-29 (21-24-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 371847
Laufzeit: 3 Stunde(n), 7 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B922D405-6D13-4A2B-AE89-08A030DA4402} (PUP.Dealio.TB) -> Value: {B922D405-6D13-4A2B-AE89-08A030DA4402} -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files\pdfforge toolbar\IE\4.1\pdfforgetoolbarie.dll (PUP.Dealio.TB) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-107660503-801348126-3386690023-1000\$RA489U2.exe (Worm.VBNA) -> No action taken.
c:\$Recycle.Bin\s-1-5-21-107660503-801348126-3386690023-1000\$RLXUASB.exe (Worm.VBNA) -> No action taken.
c:\program files\reality pump\two worlds ii\rld-tw2k.exe (RiskWare.Tool.CK) -> No action taken.
c:\program files\image-line\fl studio 9\Plugins\VST\xhun.audio.littleone.vsti.v2.0.incl. keygen-assign\keygen.exe (RiskWare.Tool.CK) -> No action taken.
c:\program files\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\program files\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.
c:\Users\riechel\AppData\Local\Temp\HBCD\wirelessk eyview.exe (PUP.WirelessKeyView) -> No action taken.
e:\games\assasines creed 2\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> No action taken.

damnstyle · 30.07.11, 13:20

Hier das OTL logfile und danke nochmal

Code:

OTL logfile created on: 30.07.2011 14:12:12 - Run 1
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Users\riechel\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 60,11% Memory free
6,50 Gb Paging File | 5,13 Gb Available in Paging File | 78,99% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 29,15 Gb Free Space | 9,78% Space Free | Partition Type: NTFS
Drive D: | 17,34 Gb Total Space | 2,27 Gb Free Space | 13,12% Space Free | Partition Type: NTFS
Drive E: | 57,19 Gb Total Space | 6,65 Gb Free Space | 11,63% Space Free | Partition Type: NTFS
Drive F: | 6,35 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive H: | 6,34 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: RIECHEL-PC | User Name: riechel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.07.28 22:06:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\riechel\Desktop\OTL.exe
PRC - [2011.07.02 15:38:56 | 000,947,056 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011.05.10 14:10:58 | 003,459,712 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.03.28 15:41:14 | 001,910,152 | ---- | M] (LogMeIn Inc.) -- C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011.03.17 20:55:21 | 007,261,128 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Program Files\Verbindungsassistent\Verbindungsassistent.exe
PRC - [2010.10.22 17:47:26 | 000,524,288 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2010.06.01 15:30:00 | 001,412,096 | ---- | M] (Mirko Böer Softwareentwicklungen) -- C:\Program Files\MT\MT.exe
PRC - [2009.11.23 15:53:38 | 000,067,128 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
PRC - [2009.11.06 14:13:16 | 000,133,736 | ---- | M] (NVIDIA) -- C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe
PRC - [2009.07.14 03:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.02.22 16:13:14 | 002,506,752 | ---- | M] () -- C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
PRC - [2007.04.23 05:00:00 | 000,692,224 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2007.04.11 16:32:22 | 000,056,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.07.28 22:06:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\riechel\Desktop\OTL.exe
MOD - [2011.05.10 14:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2009.06.10 23:23:11 | 000,554,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcp80.dll
MOD - [2007.04.23 05:00:00 | 000,045,568 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.07.06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.06.29 21:59:08 | 003,435,096 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\netsession_win_e477fed.dll -- (Akamai)
SRV - [2011.05.10 14:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2011.03.28 15:41:12 | 001,242,504 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011.03.17 20:55:21 | 000,330,696 | ---- | M] () [Auto | Running] -- C:\Program Files\Verbindungsassistent\WTGService.exe -- (WTGService)
SRV - [2011.02.28 17:13:56 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.12.08 14:31:06 | 000,628,736 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010.10.22 17:38:46 | 000,386,560 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2010.10.16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.08 21:46:00 | 003,852,792 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.11.06 14:24:52 | 000,195,176 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)
SRV - [2009.11.06 14:13:20 | 000,191,080 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 03:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 03:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2005.03.09 20:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\Windows\System32\libusbd-nt.exe -- (libusbd)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.05.10 14:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011.05.10 14:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011.05.10 14:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011.05.10 13:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011.05.10 13:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011.05.10 13:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010.10.22 08:23:05 | 010,084,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.07.30 14:16:46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.07.30 14:16:44 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.07.30 14:16:42 | 000,023,040 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.07.30 14:16:38 | 000,018,048 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.06.16 14:28:21 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.06.16 14:28:21 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.04.19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.04.19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.04.19 15:42:26 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.04.19 15:42:24 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV - [2010.04.19 15:42:24 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.03.25 18:09:44 | 000,114,688 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV - [2010.03.25 18:09:36 | 000,103,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.11.18 19:09:52 | 000,376,832 | ---- | M] (NETGEAR Inc.                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wg111v3.sys -- (RTL8187B)
DRV - [2009.11.13 15:06:22 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.11.10 21:37:58 | 000,016,608 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.09.15 14:59:28 | 000,038,248 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvoclock.sys -- (nvoclock)
DRV - [2009.07.14 03:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 03:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 03:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:11:04 | 000,141,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mqac.sys -- (MQAC)
DRV - [2009.07.14 01:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009.07.14 01:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 01:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.01 20:43:06 | 000,762,112 | ---- | M] (none) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\adatadrv.sys -- (adatadrv)
DRV - [2009.03.30 03:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2009.03.18 17:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009.02.10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | On_Demand | Stopped] -- C:\Users\riechel\Desktop\desktop\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.08.26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.07.24 00:29:16 | 000,047,744 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vserial.sys -- (vserial)
DRV - [2008.07.24 00:29:16 | 000,015,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vsb.sys -- (vsbus)
DRV - [2008.07.11 07:05:00 | 000,037,088 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2008.04.03 20:07:34 | 000,010,240 | ---- | M] (Atola) [Kernel | On_Demand | Stopped] -- C:\Users\riechel\AppData\Local\Temp\HBCD\FindAndMount\slicedisk.sys -- (SliceDisk5)
DRV - [2007.04.11 16:32:58 | 000,036,112 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2007.04.11 16:32:52 | 000,034,832 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2005.11.03 16:40:07 | 000,063,488 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfvfs02.sys -- (sfvfs02) StarForce Protection VFS Driver (version 2.x)
DRV - [2005.08.10 16:06:28 | 000,019,968 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfsync02.sys -- (sfsync02) StarForce Protection Synchronization Driver (version 2.x)
DRV - [2005.08.10 14:44:04 | 000,050,688 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\sfdrv01.sys -- (sfdrv01) StarForce Protection Environment Driver (version 1.x)
DRV - [2005.05.16 15:20:39 | 000,006,656 | ---- | M] (Protection Technology) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\sfhlp02.sys -- (sfhlp02) StarForce Protection Helper Driver (version 2.x)
DRV - [2005.03.09 20:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2004.08.09 14:48:02 | 000,009,216 | ---- | M] (Bo Brantén) [Kernel | On_Demand | Stopped] -- C:\Users\riechel\AppData\Local\Temp\HBCD\filedisk.sys -- (FileDisk)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toggle.com/en/index.php?rvs=google
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.toggle.com/en/index.php?rvs=google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home?AF=18826
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/sk27211/"
FF - prefs.js..extensions.enabledItems: [ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]:4.0
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=toolbar2&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: \NGM\npNxGameUS.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.2: C:\Programme\VideoLAN\VLC\npvlc.dll File not found
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.26 21:46:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.09.06 18:45:57 | 000,000,000 | ---D | M]
 
[2010.08.30 14:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\riechel\AppData\Roaming\mozilla\Extensions
[2011.07.27 19:20:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\riechel\AppData\Roaming\mozilla\Firefox\Profiles\kq0unf8x.default\extensions
[2011.07.27 19:20:11 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\riechel\AppData\Roaming\mozilla\Firefox\Profiles\kq0unf8x.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.07.09 16:28:12 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\riechel\AppData\Roaming\mozilla\Firefox\Profiles\kq0unf8x.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.07.08 22:41:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\riechel\AppData\Roaming\mozilla\Firefox\Profiles\kq0unf8x.default\extensions\[ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]
[2010.08.30 15:34:21 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\riechel\AppData\Roaming\mozilla\Firefox\Profiles\kq0unf8x.default\extensions\[ Link nur für registrierte Mitglieder sichtbar. Bitte einloggen oder neu registrieren ]
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\riechel\AppData\Roaming\Mozilla\Firefox\Profiles\kq0unf8x.default\searchplugins\icqplugin.xml
[2011.07.27 20:26:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2011.07.08 09:31:38 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009.10.26 16:45:36 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.31.2\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [Meine Traffic] C:\Program Files\MT\MT.exe (Mirko Böer Softwareentwicklungen)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\time.exe
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: Policies = C:\Windows\system32\time.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\riechel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} -  File not found
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.01.23 22:05:12 | 000,000,000 | ---D | M] - C:\Autorun -- [ NTFS ]
O32 - AutoRun File - [2009.06.28 12:57:13 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.06.12 04:27:33 | 000,000,140 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - H:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008.06.02 18:16:48 | 000,000,045 | R--- | M] () - H:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{00331cc5-d056-11de-83cd-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{00331cc5-d056-11de-83cd-001fd0991c51}\Shell\AutoRun\command - "" = I:\Installer.exe
O33 - MountPoints2\{00331cc7-d056-11de-83cd-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{00331cc7-d056-11de-83cd-001fd0991c51}\Shell\AutoRun\command - "" = L:\setup_ejaydance6reloaded_de.exe
O33 - MountPoints2\{03af0bd7-f9f0-11de-aee9-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{03af0bd7-f9f0-11de-aee9-001fd0991c51}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{8e64b244-72f2-11df-8a44-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{8e64b244-72f2-11df-8a44-001fd0991c51}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{aa3a438b-96ff-11df-947c-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{aa3a438b-96ff-11df-947c-001fd0991c51}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\{d3d0e31a-8606-11df-9f83-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{d3d0e31a-8606-11df-9f83-001fd0991c51}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O33 - MountPoints2\{e12f3d01-f976-11de-b2f6-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{e12f3d01-f976-11de-b2f6-001fd0991c51}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{e12f3d1c-f976-11de-b2f6-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{e12f3d1c-f976-11de-b2f6-001fd0991c51}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{e12f3d7d-f976-11de-b2f6-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{e12f3d7d-f976-11de-b2f6-001fd0991c51}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{e12f3db0-f976-11de-b2f6-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{e12f3db0-f976-11de-b2f6-001fd0991c51}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ed0c255a-cd60-11de-a714-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{ed0c255a-cd60-11de-a714-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup\rsrc\AUTORUN.EXE -- [2007.03.23 01:57:09 | 000,051,336 | R--- | M] ()
O33 - MountPoints2\{ed0c255a-cd60-11de-a714-806e6f6e6963}\Shell\dinstall\command - "" = F:\DirectX\DXSETUP.exe -- [2007.06.01 05:23:56 | 000,503,144 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{f7d19ff3-6da0-11e0-8541-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{f7d19ff3-6da0-11e0-8541-001fd0991c51}\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{ffe5808a-957f-11df-8aa9-001fd0991c51}\Shell - "" = AutoRun
O33 - MountPoints2\{ffe5808a-957f-11df-8aa9-001fd0991c51}\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\AutoRun.exe -- [2008.04.24 01:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\AutoRun.exe
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\AutoRun.exe
O33 - MountPoints2\M\Shell - "" = AutoRun
O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\AutoRun.exe
O33 - MountPoints2\N\Shell - "" = AutoRun
O33 - MountPoints2\N\Shell\AutoRun\command - "" = N:\AutoRun.exe
O33 - MountPoints2\O\Shell - "" = AutoRun
O33 - MountPoints2\O\Shell\AutoRun\command - "" = O:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.29 20:05:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2011.07.29 20:04:23 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2011.07.28 22:08:14 | 000,000,000 | ---D | C] -- C:\Users\riechel\AppData\Roaming\Malwarebytes
[2011.07.28 22:08:10 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.28 22:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.28 22:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.28 22:08:07 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.28 22:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.28 22:06:19 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\riechel\Desktop\OTL.exe
[2011.07.28 17:11:24 | 000,000,000 | ---D | C] -- C:\Users\riechel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ElcomSoft
[2011.07.28 17:11:24 | 000,000,000 | ---D | C] -- C:\Program Files\ElcomSoft
[2011.07.28 00:53:25 | 000,000,000 | ---D | C] -- C:\Users\riechel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011.07.28 00:53:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RAR Password Recovery
[2011.07.28 00:53:25 | 000,000,000 | ---D | C] -- C:\Program Files\Intelore
[2011.07.27 23:50:40 | 000,000,000 | ---D | C] -- C:\Users\riechel\Documents\My Cheat Tables
[2011.07.27 23:50:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.0
[2011.07.27 23:50:16 | 000,000,000 | ---D | C] -- C:\Users\riechel\AppData\Roaming\OpenCandy
[2011.07.27 23:50:15 | 000,000,000 | ---D | C] -- C:\Program Files\Cheat Engine 6
[2011.07.27 20:06:44 | 000,000,000 | ---D | C] -- C:\StarCraft II
[2011.07.27 20:06:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2011.07.27 13:03:29 | 000,000,000 | ---D | C] -- C:\Users\riechel\Desktop\Starcraft_II_Wings_Of_Liberty_Crack_Only_Proper-Razor1911
[2011.07.25 23:23:13 | 000,000,000 | ---D | C] -- C:\StarCraft II.temp
[2011.07.25 23:23:13 | 000,000,000 | ---D | C] -- C:\Users\riechel\Documents\StarCraft II
[2011.07.25 23:23:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II.temp
[2011.07.24 22:10:30 | 000,000,000 | ---D | C] -- C:\Users\riechel\Desktop\TempAR
[2011.07.18 16:59:02 | 000,000,000 | ---D | C] -- C:\Users\riechel\Desktop\Club It Your Way Vol .2
[2011.07.16 20:54:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TrackMania
[2011.07.16 20:49:11 | 000,000,000 | ---D | C] -- C:\Users\riechel\Documents\TrackMania
[2011.07.16 20:47:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TmUnitedForever
[2011.07.16 20:43:16 | 000,000,000 | ---D | C] -- C:\Program Files\TmUnitedForever
[2011.07.14 20:36:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011.07.14 18:13:34 | 000,000,000 | ---D | C] -- C:\Users\riechel\AppData\Roaming\GameRanger
[2011.07.13 17:14:35 | 000,000,000 | ---D | C] -- C:\Users\riechel\Desktop\nightLifeMusic - Club It Your Way
[2011.07.13 15:39:58 | 000,000,000 | ---D | C] -- C:\Users\riechel\Desktop\The Art of Sound Vol. 2 - NightLifeMusicTV
[2011.07.13 13:11:35 | 000,000,000 | ---D | C] -- C:\Program Files\League of Legends
[2011.07.09 16:28:10 | 000,000,000 | ---D | C] -- C:\Users\riechel\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.07.09 16:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Plasmoo
[2011.07.09 16:27:41 | 001,967,768 | ---- | C] (Easeware                                                    ) -- C:\Users\riechel\Desktop\DriverEasy35_Setup.exe
[2011.07.08 22:41:41 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011.07.08 22:29:21 | 000,000,000 | ---D | C] -- C:\Users\riechel\Documents\DownVision
[2011.07.06 17:43:22 | 000,000,000 | ---D | C] -- C:\Users\riechel\Desktop\usb
[2011.07.02 15:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2011.07.02 15:49:13 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2011.07.02 14:52:43 | 000,000,000 | ---D | C] -- C:\Users\riechel\Documents\FIFA 11
[2011.07.02 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\EA Sports
[2011.07.01 21:30:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Square Enix
[2011.07.01 21:21:06 | 000,000,000 | ---D | C] -- C:\Program Files\Square Enix
[2011.06.30 16:49:11 | 000,000,000 | ---D | C] -- C:\Users\riechel\Desktop\64
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.30 14:14:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 14:14:10 | 000,016,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.30 14:06:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.30 14:06:02 | 2616,057,856 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.30 13:52:08 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.29 21:25:20 | 000,768,558 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.07.29 21:25:20 | 000,166,164 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.07.29 21:25:19 | 000,838,682 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.07.29 21:25:19 | 000,202,008 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.07.29 21:23:41 | 000,031,636 | -H-- | M] () -- C:\Users\riechel\AppData\Roaming\cglogs.dat
[2011.07.29 21:18:03 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.29 20:05:36 | 000,000,949 | ---- | M] () -- C:\Users\riechel\Desktop\PhotoScape.lnk
[2011.07.28 22:08:10 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.28 22:06:36 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\riechel\Desktop\OTL.exe
[2011.07.28 01:05:42 | 000,000,897 | ---- | M] () -- C:\Users\riechel\Desktop\VideoCacheView.cfg
[2011.07.27 20:39:53 | 000,000,698 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011.07.26 21:41:10 | 000,009,996 | ---- | M] () -- C:\Users\riechel\Desktop\DownloadScan_1.1_de-DE.zip
[2011.07.22 18:14:42 | 012,622,453 | ---- | M] () -- C:\Users\riechel\Desktop\BreakBoy & Ced Tecknoboy - Summer Jam 2011 (Extended Mix).mp3
[2011.07.22 18:14:31 | 008,408,379 | ---- | M] () -- C:\Users\riechel\Desktop\Ced Tecknoboy & DJ THT - Tapion 2011 (Radio Edit).mp3
[2011.07.22 08:25:49 | 000,021,144 | ---- | M] () -- C:\Users\riechel\Desktop\Starcraft.II.Wings.of.Liberty.GERMAN-0x0007_5249_-1ojuwel5x72p.dlc
[2011.07.21 20:42:14 | 000,009,127 | ---- | M] () -- C:\Users\riechel\Desktop\vollmacht-16.pdf
[2011.07.20 22:27:15 | 000,007,359 | ---- | M] () -- C:\Users\riechel\Desktop\SharePodSettings.xml
[2011.07.19 19:01:35 | 060,615,575 | ---- | M] () -- C:\Users\riechel\Desktop\house mix 1.mp3
[2011.07.19 14:33:55 | 000,032,042 | ---- | M] () -- C:\Users\riechel\Desktop\Verkehrsverbund Rhein-Ruhr - Fahrplanauskunft Ergebnisseite.pdf
[2011.07.19 14:18:43 | 000,025,830 | ---- | M] () -- C:\Users\riechel\Desktop\Verkehrsverbund Rhein-Ruhr.pdf
[2011.07.17 21:54:42 | 087,679,895 | ---- | M] () -- C:\Users\riechel\Desktop\hardv.mp3
[2011.07.16 21:02:32 | 000,003,480 | ---- | M] () -- C:\Users\riechel\Desktop\Tackmania.Sunrise.*******.GERMAN-GWAREZ_1267_-x5lal1lgr19.dlc
[2011.07.16 20:57:47 | 000,000,979 | ---- | M] () -- C:\Users\riechel\Desktop\TmForever.exe - Verknüpfung.lnk
[2011.07.16 20:47:52 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\TmUnitedForever.lnk
[2011.07.16 14:12:35 | 000,004,080 | ---- | M] () -- C:\Users\riechel\Desktop\Trackmania_United_Forever_GERMAN-GENESIS_3285_-qn34i9lg5so.dlc
[2011.07.14 22:19:08 | 000,504,038 | ---- | M] () -- C:\Users\riechel\Desktop\sqlite3.dll
[2011.07.14 18:13:49 | 000,001,074 | ---- | M] () -- C:\Users\riechel\Desktop\GameRanger.lnk
[2011.07.13 20:00:12 | 081,387,938 | ---- | M] () -- C:\Users\riechel\Desktop\nightlife tv.mp3
[2011.07.11 22:16:55 | 058,296,111 | ---- | M] () -- C:\Users\riechel\Desktop\DJ Hellfury - Les Soldats Vol.1 - X-clusive Happyhardcore.at-Mix.mp3
[2011.07.11 21:57:02 | 009,879,763 | ---- | M] () -- C:\Users\riechel\Desktop\Nightforces UK-Hardcore Promotion Mini Mix.mp3
[2011.07.11 20:21:06 | 004,702,887 | ---- | M] () -- C:\Users\riechel\Desktop\IMG_0734.JPG
[2011.07.11 19:34:52 | 014,626,567 | ---- | M] () -- C:\Users\riechel\Desktop\Don Omar - Danza Kuduro (Raaban Remix) (www.technorocker.info).mp3
[2011.07.11 19:32:39 | 014,519,079 | ---- | M] () -- C:\Users\riechel\Desktop\Don Omar Ft. Lucenzo - Danza Kuduro (Ramon Gz & Miguel Valbuena Bootleg Mix) (www.technorocker.info).mp3
[2011.07.10 23:38:59 | 014,408,820 | ---- | M] () -- C:\Users\riechel\Desktop\09-nightwalker-head_nod--www.technorocker.info.mp3
[2011.07.10 23:37:16 | 010,606,845 | ---- | M] () -- C:\Users\riechel\Desktop\Phenom - Unreal (Drum'n'Bass 2011) - www.technorocker.info.mp3
[2011.07.10 23:29:04 | 040,048,849 | ---- | M] () -- C:\Users\riechel\Desktop\0402011hhcx.mp3
[2011.07.10 23:11:16 | 001,132,672 | ---- | M] () -- C:\Users\riechel\Desktop\Mikk - Forever Shining (Original Mix).mp3
[2011.07.10 22:43:18 | 007,794,816 | ---- | M] () -- C:\Users\riechel\Desktop\No Left Turn & CrackerJack - Listen Up.mp3
[2011.07.10 21:09:44 | 009,605,153 | ---- | M] () -- C:\Users\riechel\Desktop\opr02RJM.mp3
[2011.07.10 13:46:00 | 025,413,007 | ---- | M] () -- C:\Users\riechel\Desktop\B2BCottsRavineTenMinMixtreme.mp3
[2011.07.09 17:13:21 | 033,218,688 | ---- | M] () -- C:\Users\riechel\Desktop\DJ Ravine's will it blend. Electro. Hardstyle. Dubstep. Hardcore mix.mp3
[2011.07.09 16:27:58 | 001,967,768 | ---- | M] (Easeware                                                    ) -- C:\Users\riechel\Desktop\DriverEasy35_Setup.exe
[2011.07.07 22:42:27 | 000,002,662 | ---- | M] () -- C:\Windows\diagwrn.xml
[2011.07.07 22:42:27 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.07.02 11:49:31 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011.07.01 21:30:48 | 000,001,185 | ---- | M] () -- C:\Users\Public\Desktop\Dungeon Siege III.lnk
[6 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[5 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.29 20:05:36 | 000,000,949 | ---- | C] () -- C:\Users\riechel\Desktop\PhotoScape.lnk
[2011.07.29 20:05:19 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.07.29 20:05:14 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.07.28 22:08:10 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.26 21:46:54 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.07.26 21:41:08 | 000,009,996 | ---- | C] () -- C:\Users\riechel\Desktop\DownloadScan_1.1_de-DE.zip
[2011.07.25 23:23:13 | 000,000,698 | ---- | C] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2011.07.22 18:11:18 | 008,408,379 | ---- | C] () -- C:\Users\riechel\Desktop\Ced Tecknoboy & DJ THT - Tapion 2011 (Radio Edit).mp3
[2011.07.22 18:10:24 | 012,622,453 | ---- | C] () -- C:\Users\riechel\Desktop\BreakBoy & Ced Tecknoboy - Summer Jam 2011 (Extended Mix).mp3
[2011.07.22 08:25:49 | 000,021,144 | ---- | C] () -- C:\Users\riechel\Desktop\Starcraft.II.Wings.of.Liberty.GERMAN-0x0007_5249_-1ojuwel5x72p.dlc
[2011.07.21 20:42:13 | 000,009,127 | ---- | C] () -- C:\Users\riechel\Desktop\vollmacht-16.pdf
[2011.07.19 14:33:53 | 000,032,042 | ---- | C] () -- C:\Users\riechel\Desktop\Verkehrsverbund Rhein-Ruhr - Fahrplanauskunft Ergebnisseite.pdf
[2011.07.19 14:18:41 | 000,025,830 | ---- | C] () -- C:\Users\riechel\Desktop\Verkehrsverbund Rhein-Ruhr.pdf
[2011.07.17 21:54:54 | 060,615,575 | ---- | C] () -- C:\Users\riechel\Desktop\house mix 1.mp3
[2011.07.17 20:53:35 | 087,679,895 | ---- | C] () -- C:\Users\riechel\Desktop\hardv.mp3
[2011.07.16 21:02:31 | 000,003,480 | ---- | C] () -- C:\Users\riechel\Desktop\Tackmania.Sunrise.*******.GERMAN-GWAREZ_1267_-x5lal1lgr19.dlc
[2011.07.16 20:57:47 | 000,000,979 | ---- | C] () -- C:\Users\riechel\Desktop\TmForever.exe - Verknüpfung.lnk
[2011.07.16 20:47:52 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\TmUnitedForever.lnk
[2011.07.16 14:12:35 | 000,004,080 | ---- | C] () -- C:\Users\riechel\Desktop\Trackmania_United_Forever_GERMAN-GENESIS_3285_-qn34i9lg5so.dlc
[2011.07.14 22:20:23 | 000,007,359 | ---- | C] () -- C:\Users\riechel\Desktop\SharePodSettings.xml
[2011.07.14 22:19:08 | 000,504,038 | ---- | C] () -- C:\Users\riechel\Desktop\sqlite3.dll
[2011.07.14 20:12:09 | 011,005,996 | ---- | C] () -- C:\Users\riechel\Desktop\Michael_Mind_Project_feat._Sean_Kingston_-_Ready_Or_Not_(De-Grees_Remix).mp3
[2011.07.14 20:08:25 | 005,474,943 | ---- | C] () -- C:\Users\riechel\Desktop\103-cascada_-_san_francisco_(frisco_radio_edit).mp3
[2011.07.14 18:13:49 | 000,001,074 | ---- | C] () -- C:\Users\riechel\Desktop\GameRanger.lnk
[2011.07.14 18:13:49 | 000,001,060 | ---- | C] () -- C:\Users\riechel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk
[2011.07.13 16:03:17 | 081,387,938 | ---- | C] () -- C:\Users\riechel\Desktop\nightlife tv.mp3
[2011.07.11 21:48:48 | 009,879,763 | ---- | C] () -- C:\Users\riechel\Desktop\Nightforces UK-Hardcore Promotion Mini Mix.mp3
[2011.07.11 21:47:37 | 058,296,111 | ---- | C] () -- C:\Users\riechel\Desktop\DJ Hellfury - Les Soldats Vol.1 - X-clusive Happyhardcore.at-Mix.mp3
[2011.07.11 20:21:06 | 004,702,887 | ---- | C] () -- C:\Users\riechel\Desktop\IMG_0734.JPG
[2011.07.11 19:28:24 | 014,626,567 | ---- | C] () -- C:\Users\riechel\Desktop\Don Omar - Danza Kuduro (Raaban Remix) (www.technorocker.info).mp3
[2011.07.11 19:27:02 | 014,519,079 | ---- | C] () -- C:\Users\riechel\Desktop\Don Omar Ft. Lucenzo - Danza Kuduro (Ramon Gz & Miguel Valbuena Bootleg Mix) (www.technorocker.info).mp3
[2011.07.10 23:29:26 | 014,408,820 | ---- | C] () -- C:\Users\riechel\Desktop\09-nightwalker-head_nod--www.technorocker.info.mp3
[2011.07.10 23:29:18 | 010,606,845 | ---- | C] () -- C:\Users\riechel\Desktop\Phenom - Unreal (Drum'n'Bass 2011) - www.technorocker.info.mp3
[2011.07.10 23:11:12 | 001,132,672 | ---- | C] () -- C:\Users\riechel\Desktop\Mikk - Forever Shining (Original Mix).mp3
[2011.07.10 22:43:02 | 007,794,816 | ---- | C] () -- C:\Users\riechel\Desktop\No Left Turn & CrackerJack - Listen Up.mp3
[2011.07.10 21:09:20 | 009,605,153 | ---- | C] () -- C:\Users\riechel\Desktop\opr02RJM.mp3
[2011.07.10 21:08:26 | 000,000,897 | ---- | C] () -- C:\Users\riechel\Desktop\VideoCacheView.cfg
[2011.07.10 13:33:44 | 025,413,007 | ---- | C] () -- C:\Users\riechel\Desktop\B2BCottsRavineTenMinMixtreme.mp3
[2011.07.10 01:55:27 | 040,048,849 | ---- | C] () -- C:\Users\riechel\Desktop\0402011hhcx.mp3
[2011.07.09 17:12:11 | 033,218,688 | ---- | C] () -- C:\Users\riechel\Desktop\DJ Ravine's will it blend. Electro. Hardstyle. Dubstep. Hardcore mix.mp3
[2011.07.04 21:35:25 | 000,002,662 | ---- | C] () -- C:\Windows\diagwrn.xml
[2011.07.04 21:35:25 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml
[2011.07.01 21:30:48 | 000,001,185 | ---- | C] () -- C:\Users\Public\Desktop\Dungeon Siege III.lnk
[2011.06.27 15:00:30 | 000,033,792 | ---- | C] () -- C:\Windows\System32\drivers\libusb0.sys
[2011.06.01 20:07:51 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg
[2011.06.01 20:07:50 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe
[2011.02.22 20:10:55 | 000,008,704 | ---- | C] () -- C:\Users\riechel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.17 16:01:53 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Access.dat
[2010.12.20 15:27:45 | 000,000,122 | ---- | C] () -- C:\Windows\msmmdx9.ini
[2010.12.05 17:53:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.11.26 23:13:54 | 000,000,526 | ---- | C] () -- C:\Windows\eReg.dat
[2010.11.06 23:28:44 | 002,784,606 | ---- | C] () -- C:\Windows\System32\LOCOLauncher.exe
[2010.10.17 17:45:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.09.18 19:55:15 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.09.10 14:00:34 | 000,436,736 | ---- | C] () -- C:\Windows\System32\Autoserv.exe
[2010.08.30 14:45:53 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.06.16 14:28:21 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.06.16 14:28:21 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.06.08 14:48:49 | 000,000,095 | ---- | C] () -- C:\Users\riechel\AppData\Local\fusioncache.dat
[2010.05.16 12:19:27 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010.05.16 12:19:27 | 000,022,328 | ---- | C] () -- C:\Users\riechel\AppData\Roaming\PnkBstrK.sys
[2010.05.16 12:19:12 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010.05.16 12:19:09 | 000,669,184 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2010.05.16 12:19:09 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010.02.23 21:43:50 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2010.02.18 15:00:33 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\D83CF422D7.sys
[2010.02.18 15:00:04 | 000,000,848 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.02.14 13:22:51 | 000,080,384 | ---- | C] () -- C:\Windows\gamedelete.exe
[2009.12.21 22:53:55 | 000,007,601 | ---- | C] () -- C:\Users\riechel\AppData\Local\Resmon.ResmonCfg
[2009.11.29 18:28:46 | 000,000,112 | ---- | C] () -- C:\Windows\ActiveSkin.INI
[2009.11.10 21:33:40 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.09 22:02:10 | 000,000,278 | ---- | C] () -- C:\Windows\SBWIN.INI
[2009.11.09 22:02:06 | 000,024,992 | ---- | C] () -- C:\Windows\CTRES.DLL
[2009.07.14 10:47:43 | 000,838,682 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 10:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 10:47:43 | 000,202,008 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 10:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 06:33:53 | 000,299,056 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,768,558 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,166,164 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 02:19:49 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2008.07.24 00:29:16 | 000,047,744 | ---- | C] () -- C:\Windows\System32\drivers\vserial.sys
[2008.07.24 00:29:16 | 000,015,264 | ---- | C] () -- C:\Windows\System32\drivers\vsb.sys
[2007.06.21 08:34:08 | 000,203,328 | R--- | C] () -- C:\Windows\GSetup.exe
[2005.04.08 04:16:43 | 000,031,636 | -H-- | C] () -- C:\Users\riechel\AppData\Roaming\cglogs.dat
[2002.09.18 00:45:00 | 000,119,808 | ---- | C] () -- C:\Windows\lsb_un20.exe
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:24051EFF

< End of report >

ckjthedogmaster · 30.07.11, 19:55

Starte OLT erneut, als Admin ausführen

Kopiere dies in die Box und drück fixed

Eventuell wird der Rechner ein Neustart verlangen.

Danach gehst du auf Star/AlleProgramme/Zubehör/Systemprogramme/Datenträgerbereinigung

Dort findest du unter weitere Optionen den Punkt "Bereinigen" . Damit löscht du bis auf den letzten Wiederhestellungspunkt. Je nach dem dauert es einen Moment.

Dann machst du nochmal einen Scan mit OLT, wie oben beschrieben. Das Log fügst du dann auch hier wieder ein.

Schaue auch bitte inmal auf dein Malware.-Log. Die Keygens die ganz unten im Log gefunden wurden, nutzt du diese?

Mfg

Edit: Sofern du dich noch melden solltest,, ich stelle erst einmal auf unbegrenzte Zeit den Support ein. Wenn du noch weitere Hilfe benötigst,
poste das Log und lasse dich hier weite rberaten.

Mfg

damnstyle · 02.08.11, 13:16

Jo ich danke dir für deine Hilfe hoffe das wars dann erstmal

....und die keygens hab ich nur auf meinem alten System genutzt also wenn ich die nicht gestartet hab, kann auch nix passiert sein oder ???

und noma danke