Think Point Trouble!

View previous topic View next topic Go down

Think Point Trouble!

Post by nictria on Mon 01 Nov 2010, 2:57 am

Hello!
I got infected with the Think Point virus, I already did the description:

Using Malwarebytes to Remove Malware

Post by Doctor Inferno on Tue 7 Apr - 2:14

I thougth i could delete the think point virus, but still i cannot go into the internet.

What can I do.
Here is my log:

OTL logfile created on: 31.10.2010 16:50:21 - Run 1
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Edwin\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 71,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 148,95 Gb Total Space | 129,98 Gb Free Space | 87,26% Space Free | Partition Type: NTFS
Drive E: | 1,86 Gb Total Space | 0,51 Gb Free Space | 27,45% Space Free | Partition Type: FAT32

Computer Name: GAMING-PC | User Name: Edwin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.10.31 16:36:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Edwin\Desktop\OTL.com
PRC - [2010.04.01 13:33:57 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 11:29:55 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 10:29:19 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 22:12:14 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.08.18 01:36:36 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009.07.14 02:14:47 | 001,121,280 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2009.07.14 02:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


========== Modules (SafeList) ==========

MOD - [2010.10.31 16:36:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Edwin\Desktop\OTL.com
MOD - [2010.08.21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009.07.14 02:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009.07.14 02:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009.07.14 02:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009.07.14 02:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009.07.14 02:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009.07.14 02:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009.07.14 02:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009.07.14 02:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009.07.14 02:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009.07.14 02:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010.10.31 00:34:47 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.04.01 13:41:44 | 000,405,672 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2010.04.01 13:33:57 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.30 12:40:14 | 000,337,064 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2010.03.25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 10:29:19 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.08.18 01:36:08 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 02:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009.07.14 02:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009.07.14 02:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009.07.14 02:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009.07.14 02:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009.07.14 02:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009.07.14 02:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009.07.14 02:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009.07.14 02:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.07.14 02:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009.07.14 02:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.14 02:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009.07.14 02:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009.07.14 02:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009.07.14 02:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX-Installer (AxInstSV)
SRV - [2009.07.14 02:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009.07.14 02:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Edwin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys -- (cpuz134)
DRV - [2010.03.01 10:06:38 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.11 08:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009.08.23 23:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.08.18 02:48:06 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.17 12:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 02:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009.07.14 02:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009.07.14 02:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009.07.14 02:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009.07.14 02:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009.07.14 02:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009.07.14 02:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009.07.14 02:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009.07.14 02:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009.07.14 02:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009.07.14 02:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009.07.14 02:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009.07.14 02:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009.07.14 02:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009.07.14 02:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009.07.14 02:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009.07.14 02:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009.07.14 02:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009.07.14 02:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009.07.14 02:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009.07.14 02:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009.07.14 02:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009.07.14 02:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009.07.14 02:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009.07.14 02:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009.07.14 02:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009.07.14 02:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009.07.14 02:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009.07.14 02:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009.07.14 02:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.14 02:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009.07.14 02:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009.07.14 02:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009.07.14 02:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009.07.14 02:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009.07.14 02:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009.07.14 02:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009.07.14 02:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009.07.14 02:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009.07.14 01:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009.07.14 01:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009.07.14 01:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009.07.14 00:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009.07.14 00:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009.07.14 00:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009.07.14 00:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009.07.14 00:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\1394ohci.sys -- (1394ohci)
DRV - [2009.07.14 00:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009.07.14 00:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009.07.14 00:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009.07.14 00:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009.07.14 00:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009.07.14 00:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009.07.14 00:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009.07.14 00:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009.07.14 00:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009.07.14 00:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009.07.14 00:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009.07.13 23:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.13 23:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009.07.13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009.07.13 23:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009.07.13 23:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009.07.13 23:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009.07.13 23:02:52 | 000,139,776 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009.07.13 23:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009.07.13 23:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009.07.13 23:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009.05.11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5F B0 47 B0 76 78 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.31 01:40:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.31 01:40:10 | 000,000,000 | ---D | M]

[2010.10.31 12:04:12 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\mozilla\Extensions
[2010.10.31 12:04:12 | 000,000,000 | ---D | M] -- C:\Users\Edwin\AppData\Roaming\mozilla\Firefox\Profiles\ybr46db5.default\extensions
[2010.10.31 01:40:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.09.14 22:32:39 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.09.14 22:32:39 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.14 22:32:39 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.14 22:32:39 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.14 22:32:39 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe ([You must be registered and logged in to see this link.]
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll (BitComet)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll File not found
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 62.40.128.2 195.202.128.3 195.202.128.2
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Users\Edwin\AppData\Roaming\ohydy.exe) - C:\Users\Edwin\AppData\Roaming\ohydy.exe ()
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKCU Winlogon: Shell - (C:\Users\Edwin\AppData\Roaming\ohydy.exe) - C:\Users\Edwin\AppData\Roaming\ohydy.exe ()
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.05.27 14:31:18 | 000,000,000 | ---D | M] - E:\Autorun -- [ FAT32 ]
O32 - AutoRun File - [2007.09.13 11:41:04 | 002,672,834 | ---- | M] () - E:\Autorun.apf -- [ FAT32 ]
O32 - Unable to obtain root file information for disk E:\
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootMin: Primary disk - Driver Group
SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation)
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


========== Files/Folders - Created Within 30 Days ==========

[2010.10.31 16:40:01 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Edwin\Desktop\OTL.com
[2010.10.31 15:04:06 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Malwarebytes
[2010.10.31 15:04:01 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.10.31 15:03:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.10.31 15:03:59 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.31 15:03:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.10.31 13:16:33 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Canneverbe Limited
[2010.10.31 13:16:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.10.31 13:16:22 | 000,000,000 | ---D | C] -- C:\Programme\CDBurnerXP
[2010.10.31 13:16:03 | 000,000,000 | ---D | C] -- C:\Users\Edwin\Desktop\CD
[2010.10.31 12:34:19 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Avira
[2010.10.31 12:31:58 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.10.31 12:31:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.10.31 12:31:58 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.10.31 12:31:58 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.10.31 12:31:58 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.10.31 12:04:01 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Mozilla
[2010.10.31 12:04:01 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\Mozilla
[2010.10.31 11:56:44 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.10.31 11:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.31 11:01:14 | 000,000,000 | ---D | C] -- C:\Programme\SIW
[2010.10.31 08:52:15 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\updates
[2010.10.31 02:08:26 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\MigWiz
[2010.10.31 01:40:09 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.10.31 01:20:56 | 000,000,000 | ---D | C] -- C:\Windows\System32\Wat
[2010.10.31 01:19:46 | 000,000,000 | ---D | C] -- C:\RECYCLER
[2010.10.31 01:01:27 | 000,000,000 | ---D | C] -- C:\Downloads
[2010.10.31 01:01:09 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\BitComet
[2010.10.31 01:01:08 | 000,000,000 | ---D | C] -- C:\Programme\BitComet
[2010.10.31 00:40:24 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.10.31 00:40:24 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.10.31 00:40:24 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.10.31 00:36:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.10.31 00:34:52 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys
[2010.10.31 00:33:25 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2010.10.31 00:33:23 | 000,000,000 | ---D | C] -- C:\Programme\WinZip
[2010.10.31 00:02:56 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.10.31 00:02:56 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.10.31 00:02:56 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.10.31 00:02:56 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.10.31 00:02:56 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.10.31 00:02:56 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.10.31 00:02:55 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.10.31 00:02:55 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.10.31 00:02:55 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.10.31 00:02:55 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.10.31 00:02:55 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.10.31 00:02:42 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\Windows\System32\ir32_32.dll
[2010.10.31 00:02:42 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.10.31 00:02:40 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.10.31 00:02:38 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.10.31 00:02:35 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.10.31 00:02:34 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.10.31 00:02:34 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.10.31 00:02:34 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.10.31 00:02:33 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.10.31 00:02:33 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.10.31 00:02:22 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.10.31 00:02:22 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.10.31 00:02:17 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.10.31 00:02:13 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.10.31 00:02:12 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.10.31 00:02:12 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.10.31 00:02:00 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.10.31 00:01:58 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40.dll
[2010.10.31 00:01:57 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc40u.dll
[2010.10.31 00:01:42 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.10.31 00:01:40 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.10.31 00:01:40 | 000,026,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys
[2010.10.31 00:01:36 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.10.31 00:01:36 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.10.31 00:01:36 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.10.31 00:01:35 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.10.31 00:01:35 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.10.31 00:01:29 | 002,327,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.10.31 00:01:17 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpmde.dll
[2010.10.31 00:01:15 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.10.31 00:01:14 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.10.31 00:01:14 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.10.31 00:01:14 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.10.31 00:01:14 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.10.31 00:01:14 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.10.31 00:01:14 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.10.31 00:01:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.10.31 00:01:14 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.10.31 00:01:10 | 000,363,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\StructuredQuery.dll
[2010.10.31 00:01:08 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.10.31 00:01:08 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.10.31 00:01:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.10.30 22:53:22 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Macromedia
[2010.10.30 22:41:09 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Roaming\Adobe
[2010.10.30 22:38:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed
[2010.10.30 22:17:12 | 000,000,000 | ---D | C] -- C:\Programme\daum electronic gmbh
[2010.10.30 22:10:24 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2010.10.30 22:08:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.10.30 22:08:37 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.10.30 22:08:22 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.10.30 22:08:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.10.30 22:08:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.10.30 22:08:22 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.10.30 22:07:30 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2010.10.30 22:06:53 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.10.30 22:06:43 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\Microsoft Help
[2010.10.30 22:06:41 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.10.30 22:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.10.30 22:06:28 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.10.21 00:17:45 | 000,000,000 | ---D | C] -- C:\Users\Edwin\AppData\Local\Microsoft Games

========== Files - Modified Within 30 Days ==========

[2010.10.31 16:48:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.31 16:48:42 | 1609,961,472 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.31 16:42:56 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.10.31 16:42:56 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.10.31 16:42:56 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.10.31 16:42:56 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.10.31 16:36:02 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Edwin\Desktop\OTL.com
[2010.10.31 15:54:25 | 000,018,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.31 15:54:25 | 000,018,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.31 15:04:03 | 000,000,983 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.31 14:55:08 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.10.31 13:16:25 | 000,001,899 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.10.31 12:45:21 | 000,000,000 | -H-- | M] () -- C:\Users\Edwin\Documents\Default.rdp
[2010.10.31 12:32:14 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.31 12:19:21 | 000,348,458 | ---- | M] () -- C:\Users\Edwin\Documents\Sicherung.docx
[2010.10.31 12:10:31 | 000,140,709 | ---- | M] () -- C:\Users\Edwin\Documents\Operating System.xps
[2010.10.31 12:09:57 | 000,131,036 | ---- | M] () -- C:\Users\Edwin\Documents\Serials.xps
[2010.10.31 11:56:06 | 000,013,376 | ---- | M] () -- C:\Users\Edwin\Documents\Daum Links.docx
[2010.10.31 11:01:44 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Benutzerhandbuch ergo_win 2003 light 1.2.lnk
[2010.10.31 11:01:44 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\Trainingspartner Arzt.lnk
[2010.10.31 11:01:44 | 000,001,172 | ---- | M] () -- C:\Users\Public\Desktop\ergo_win 2003 light 1.2.lnk
[2010.10.31 11:01:15 | 000,000,897 | ---- | M] () -- C:\Users\Edwin\Desktop\SIW.lnk
[2010.10.31 01:40:11 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.31 01:27:46 | 000,000,006 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\completescan
[2010.10.31 01:27:02 | 000,000,006 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\start
[2010.10.31 01:22:57 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2010.10.31 01:20:35 | 000,000,010 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\install
[2010.10.31 01:19:39 | 000,090,112 | RHS- | M] () -- C:\Users\Edwin\AppData\Roaming\ohydy.exe
[2010.10.31 01:01:10 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010.10.31 00:38:00 | 000,142,558 | ---- | M] () -- C:\Users\Edwin\Documents\Netzwerk einrichten.xps
[2010.10.31 00:33:38 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010.10.30 23:56:17 | 000,012,593 | ---- | M] () -- C:\Users\Edwin\Documents\Test.docx
[2010.10.30 23:49:40 | 000,293,771 | ---- | M] () -- C:\Users\Edwin\Documents\Ergo Kabel.xps
[2010.10.30 22:17:35 | 000,001,148 | ---- | M] () -- C:\Users\Edwin\Desktop\ergo_win race edition.lnk
[2010.10.30 22:17:16 | 000,001,106 | ---- | M] () -- C:\Users\Public\Desktop\ergo_win premium pro.lnk
[2010.10.24 13:26:49 | 000,000,017 | ---- | M] () -- C:\Users\Edwin\AppData\Local\resmon.resmoncfg
[2010.10.19 10:41:44 | 000,222,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

========== Files Created - No Company Name ==========

[2010.10.31 15:04:03 | 000,000,983 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.10.31 13:16:25 | 000,001,899 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.10.31 12:45:21 | 000,000,000 | -H-- | C] () -- C:\Users\Edwin\Documents\Default.rdp
[2010.10.31 12:32:14 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.10.31 12:19:21 | 000,348,458 | ---- | C] () -- C:\Users\Edwin\Documents\Sicherung.docx
[2010.10.31 12:10:31 | 000,140,709 | ---- | C] () -- C:\Users\Edwin\Documents\Operating System.xps
[2010.10.31 12:09:56 | 000,131,036 | ---- | C] () -- C:\Users\Edwin\Documents\Serials.xps
[2010.10.31 11:01:44 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Benutzerhandbuch ergo_win 2003 light 1.2.lnk
[2010.10.31 11:01:44 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\Trainingspartner Arzt.lnk
[2010.10.31 11:01:44 | 000,001,172 | ---- | C] () -- C:\Users\Public\Desktop\ergo_win 2003 light 1.2.lnk
[2010.10.31 11:01:15 | 000,000,897 | ---- | C] () -- C:\Users\Edwin\Desktop\SIW.lnk
[2010.10.31 10:50:56 | 000,013,376 | ---- | C] () -- C:\Users\Edwin\Documents\Daum Links.docx
[2010.10.31 01:40:11 | 000,001,889 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.10.31 01:27:46 | 000,000,006 | ---- | C] () -- C:\Users\Edwin\AppData\Roaming\completescan
[2010.10.31 01:27:02 | 000,000,006 | ---- | C] () -- C:\Users\Edwin\AppData\Roaming\start
[2010.10.31 01:22:57 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Browserwahl.lnk
[2010.10.31 01:20:35 | 000,000,010 | ---- | C] () -- C:\Users\Edwin\AppData\Roaming\install
[2010.10.31 01:19:43 | 000,090,112 | RHS- | C] () -- C:\Users\Edwin\AppData\Roaming\ohydy.exe
[2010.10.31 01:01:10 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\BitComet.lnk
[2010.10.31 00:37:59 | 000,142,558 | ---- | C] () -- C:\Users\Edwin\Documents\Netzwerk einrichten.xps
[2010.10.31 00:33:38 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2010.10.30 23:56:16 | 000,012,593 | ---- | C] () -- C:\Users\Edwin\Documents\Test.docx
[2010.10.30 23:49:39 | 000,293,771 | ---- | C] () -- C:\Users\Edwin\Documents\Ergo Kabel.xps
[2010.10.30 22:17:35 | 000,001,148 | ---- | C] () -- C:\Users\Edwin\Desktop\ergo_win race edition.lnk
[2010.10.30 22:17:16 | 000,001,106 | ---- | C] () -- C:\Users\Public\Desktop\ergo_win premium pro.lnk
[2010.10.24 13:26:49 | 000,000,017 | ---- | C] () -- C:\Users\Edwin\AppData\Local\resmon.resmoncfg
[2010.09.30 00:47:12 | 000,036,439 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.09.30 00:46:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.09.30 00:46:44 | 000,030,085 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.17 12:36:30 | 000,013,216 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.04.03 21:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS

========== Custom Scans ==========


< %systemroot%*. /mp /s >

< %systemroot%system32*.dll /lockedfiles >

< %systemroot%system32*.exe /lockedfiles >

< %systemroot%Tasks*.job /lockedfiles >

< %systemroot%system32drivers*.sys /lockedfiles >

< %systemroot%System32config*.sav >

< %systemroot%system32*.sys >

< %systemroot%system32drivers*.dll >

< %systemroot%system32drivers*.ini >

< %systemroot%system32drivers*.exe >

< %SYSTEMDRIVE%*.* >
[2009.06.10 22:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.06.10 22:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010.10.31 16:48:42 | 1609,961,472 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.31 16:48:46 | 2146,619,392 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%*. >
[2010.09.30 00:48:01 | 000,000,000 | ---D | M] -- C:\Programme\ATI
[2010.10.31 11:56:44 | 000,000,000 | ---D | M] -- C:\Programme\Avira
[2010.10.31 01:01:10 | 000,000,000 | ---D | M] -- C:\Programme\BitComet
[2010.10.31 13:16:25 | 000,000,000 | ---D | M] -- C:\Programme\CDBurnerXP
[2010.10.30 22:08:37 | 000,000,000 | ---D | M] -- C:\Programme\Common Files
[2010.10.31 11:01:42 | 000,000,000 | ---D | M] -- C:\Programme\daum electronic gmbh
[2009.07.14 09:56:44 | 000,000,000 | ---D | M] -- C:\Programme\DVD Maker
[2010.09.29 23:59:02 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien
[2010.10.31 01:20:59 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer
[2010.10.31 15:04:04 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.10.30 22:06:53 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Analysis Services
[2009.07.14 09:56:43 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games
[2010.10.30 22:08:22 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office
[2010.10.30 22:08:22 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.10.30 22:08:22 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Sync Framework
[2010.10.30 22:08:38 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Synchronization Services
[2010.10.30 22:07:31 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Visual Studio 8
[2010.10.31 01:39:09 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET
[2010.10.31 01:40:10 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox
[2010.10.30 22:08:54 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild
[2009.07.14 05:52:30 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies
[2010.10.31 11:01:15 | 000,000,000 | ---D | M] -- C:\Programme\SIW
[2009.07.14 05:53:23 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information
[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender
[2009.07.14 09:56:44 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal
[2010.10.31 01:20:58 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail
[2010.10.31 01:20:57 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player
[2010.09.29 23:59:02 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT
[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Viewer
[2009.07.14 05:52:32 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices
[2009.07.14 09:47:37 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar
[2010.10.31 00:33:24 | 000,000,000 | ---D | M] -- C:\Programme\WinZip

< %appdata%*.* >
[2010.10.31 01:27:46 | 000,000,006 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\completescan
[2010.10.31 01:20:35 | 000,000,010 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\install
[2010.10.31 01:19:39 | 000,090,112 | RHS- | M] () -- C:\Users\Edwin\AppData\Roaming\ohydy.exe
[2010.10.31 01:27:02 | 000,000,006 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\start


< MD5 for: AGP440.SYS >
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

< MD5 for: DISK.SYS >
[2009.07.14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\drivers\disk.sys
[2009.07.14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\System32\DriverStore\FileRepository\disk.inf_x86_neutral_b431b61a11f8df6c\disk.sys
[2009.07.14 02:20:27 | 000,057,424 | ---- | M] (Microsoft Corporation) MD5=565003F326F99802E68CA78F2A68E9FF -- C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.1.7600.16385_none_f99cd807d58018cb\disk.sys

< MD5 for: IASTORV.SYS >
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 02:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 02:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

< MD5 for: USBSTOR.SYS >
[2009.07.14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\drivers\USBSTOR.SYS
[2009.07.14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\System32\DriverStore\FileRepository\usbstor.inf_x86_neutral_83027f5d5b2468d3\USBSTOR.SYS
[2009.07.14 00:51:19 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=D8889D56E0D27E57ED4591837FE71D27 -- C:\Windows\winsxs\x86_usbstor.inf_31bf3856ad364e35_6.1.7600.16385_none_485ca4d9f926b0b4\USBSTOR.SYS

< HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionWindowsUpdateAuto UpdateResultsInstall|LastSuccessTime /rs >

< End of report >

Thank you very much for help!

nictria

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-11-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: Think Point Trouble!

Post by Sneakyone on Mon 01 Nov 2010, 3:32 am

Hi,

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O20 - HKLM Winlogon: TaskMan - (C:\Users\Edwin\AppData\Roaming\ohydy.exe) - C:\Users\Edwin\AppData\Roaming\ohydy.exe ()
    O20 - HKCU Winlogon: Shell - (C:\Users\Edwin\AppData\Roaming\ohydy.exe) - C:\Users\Edwin\AppData\Roaming\ohydy.exe ()
    [2010.10.31 01:27:46 | 000,000,006 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\completescan
    [2010.10.31 01:27:02 | 000,000,006 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\start
    [2010.10.31 01:22:57 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Browserwahl.lnk
    [2010.10.31 01:20:35 | 000,000,010 | ---- | M] () -- C:\Users\Edwin\AppData\Roaming\install
    [2010.10.31 01:19:39 | 000,090,112 | RHS- | M] () -- C:\Users\Edwin\AppData\Roaming\ohydy.exe

    :commands
    [emptytemp]



  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

=============

Please download ComboFix from BleepingComputer.com

Alternate link: GeeksToGo.com

Alternate link: Forospyware.com


Rename ComboFix.exe to commy.exe before you save it to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
  • Click Start then copy paste the following command into the search box & hit enter: "%userprofile%\desktop\commy.exe" /stepdel
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. This will not install in Vista. Just continue scanning, and skip the console install.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Think Point Trouble!

Post by nictria on Mon 01 Nov 2010, 4:32 am

My OTL log:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\TaskMan:C:\Users\Edwin\AppData\Roaming\ohydy.exe deleted successfully.
C:\Users\Edwin\AppData\Roaming\ohydy.exe moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Edwin\AppData\Roaming\ohydy.exe deleted successfully.
File C:\Users\Edwin\AppData\Roaming\ohydy.exe not found.
C:\Users\Edwin\AppData\Roaming\completescan moved successfully.
C:\Users\Edwin\AppData\Roaming\start moved successfully.
C:\Users\Public\Desktop\Browserwahl.lnk moved successfully.
C:\Users\Edwin\AppData\Roaming\install moved successfully.
File C:\Users\Edwin\AppData\Roaming\ohydy.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Edwin
->Temp folder emptied: 23750994 bytes
->Temporary Internet Files folder emptied: 60538252 bytes
->FireFox cache emptied: 4560988 bytes
->Flash cache emptied: 968 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9281257 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 94,00 mb


OTL by OldTimer - Version 3.2.17.1 log created on 10312010_181028

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


and here the combo fix log:


ComboFix 10-10-30.09 - Edwin 31.10.2010 18:19:00.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.2047.1412 [GMT 1]
ausgeführt von:: c:\users\Edwin\Desktop\commy.exe
.

((((((((((((((((((((((( Dateien erstellt von 2010-09-28 bis 2010-10-31 ))))))))))))))))))))))))))))))
.

2010-10-31 17:23 . 2010-10-31 17:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-31 17:10 . 2010-10-31 17:10 -------- d-----w- C:\_OTL
2010-10-31 16:00 . 2010-10-31 16:00 -------- d-----w- c:\program files\ErgoPlanet
2010-10-31 14:04 . 2010-10-31 14:04 -------- d-----w- c:\users\Edwin\AppData\Roaming\Malwarebytes
2010-10-31 14:04 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-31 14:03 . 2010-10-31 17:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-31 14:03 . 2010-10-31 14:03 -------- d-----w- c:\programdata\Malwarebytes
2010-10-31 14:03 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-31 12:16 . 2010-10-31 12:16 -------- d-----w- c:\users\Edwin\AppData\Roaming\Canneverbe Limited
2010-10-31 12:16 . 2010-10-31 12:16 -------- d-----w- c:\programdata\Canneverbe Limited
2010-10-31 12:16 . 2010-10-31 17:01 -------- d-----w- c:\program files\CDBurnerXP
2010-10-31 11:34 . 2010-10-31 11:34 -------- d-----w- c:\users\Edwin\AppData\Roaming\Avira
2010-10-31 11:31 . 2010-03-01 09:06 124784 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-31 11:31 . 2010-02-16 13:24 60936 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-10-31 11:31 . 2009-05-11 11:49 51992 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2010-10-31 11:31 . 2009-05-11 11:49 17016 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2010-10-31 11:04 . 2010-10-31 11:04 -------- d-----w- c:\users\Edwin\AppData\Local\Mozilla
2010-10-31 10:56 . 2010-10-31 11:31 -------- d-----w- c:\programdata\Avira
2010-10-31 10:56 . 2010-10-31 10:56 -------- d-----w- c:\program files\Avira
2010-10-31 10:01 . 2010-10-31 17:01 -------- d-----w- c:\program files\SIW
2010-10-31 07:52 . 2010-10-31 11:04 -------- d-----w- c:\users\Edwin\AppData\Roaming\updates
2010-10-31 01:08 . 2010-10-31 01:08 -------- dc----w- c:\users\Edwin\AppData\Local\MigWiz
2010-10-31 00:20 . 2010-10-31 17:00 -------- d-----w- c:\windows\system32\Wat
2010-10-31 00:01 . 2010-10-31 17:01 -------- d-----w- C:\Downloads
2010-10-31 00:01 . 2010-10-31 14:17 -------- d-----w- c:\users\Edwin\AppData\Roaming\BitComet
2010-10-31 00:01 . 2010-10-31 17:01 -------- d-----w- c:\program files\BitComet
2010-10-30 23:41 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-30 23:40 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-30 23:40 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-30 23:40 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-30 23:40 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-30 23:40 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-30 23:36 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-10-30 23:34 . 2010-03-04 03:57 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-30 23:33 . 2010-10-30 23:33 -------- d-----w- c:\programdata\WinZip
2010-10-30 23:03 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-30 23:03 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-30 23:03 . 2010-06-14 06:12 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-30 23:03 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-10-30 23:03 . 2010-08-21 05:32 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-10-30 23:01 . 2010-08-21 05:33 530432 ----a-w- c:\windows\system32\comctl32.dll
2010-10-30 22:56 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-10-30 22:55 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2010-10-30 21:38 . 2010-10-31 17:00 -------- d-----w- c:\windows\system32\Macromed
2010-10-30 21:17 . 2010-10-31 10:01 -------- d-----w- c:\program files\daum electronic gmbh
2010-10-30 21:10 . 2010-10-18 07:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C87781AB-2618-438C-AD70-A5F11C209C44}\mpengine.dll
2010-10-30 21:10 . 2010-10-19 09:41 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-30 21:08 . 2010-10-31 17:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-10-30 21:08 . 2010-10-31 17:01 -------- d-----w- c:\program files\Microsoft.NET
2010-10-30 21:08 . 2010-10-30 21:08 -------- d-----w- c:\windows\PCHEALTH
2010-10-30 21:08 . 2010-10-30 21:08 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-10-30 21:08 . 2010-10-30 21:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-30 21:07 . 2010-10-31 17:01 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2010-10-30 21:06 . 2010-10-30 21:06 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-10-30 21:06 . 2010-10-30 21:06 -------- d-----w- c:\users\Edwin\AppData\Local\Microsoft Help
2010-10-30 21:06 . 2010-10-31 17:01 -------- d-----w- c:\programdata\Microsoft Help
2010-10-30 21:06 . 2010-10-30 21:06 -------- d-----r- C:\MSOCache
2010-10-20 23:17 . 2010-10-20 23:17 -------- d-----w- c:\users\Edwin\AppData\Local\Microsoft Games

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

R0 mwkcu;mwkcu; [x]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-03-30 337064]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-04-01 405672]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 cpuz134;cpuz134;c:\users\Edwin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1343400]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ybr46db5.default\
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Avira AntiVir Desktop - c:\program files\Avira\AntiVir Desktop\setup.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-10-31 18:24:48
ComboFix-quarantined-files.txt 2010-10-31 17:24

Vor Suchlauf: 8 Verzeichnis(se), 134.087.622.656 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 134.036.414.464 Bytes frei

- - End Of File - - E9CF7993A07186241CF4CE5A82224FDA



nictria

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-11-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: Think Point Trouble!

Post by Sneakyone on Mon 01 Nov 2010, 10:17 am

Hi,

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    Driver::
    mwkcu

  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


===========

Please download Malwarebytes Anti-Malware from Here.


Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Think Point Trouble!

Post by nictria on Wed 03 Nov 2010, 1:54 am

Sorry for the late reply.
I did not do the last step you wrote, because it worked already.
Shall I still do the step which is explained in post 4

nictria

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-11-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: Think Point Trouble!

Post by Sneakyone on Wed 03 Nov 2010, 8:16 am

Hi,

Yes please do that scan.


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Think Point Trouble!

Post by nictria on Thu 04 Nov 2010, 6:52 am

First Part:

Log from Combofix:

ComboFix 10-11-02.06 - Edwin 03.11.2010 20:38:30.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.2047.1353 [GMT 1:00]
ausgeführt von:: C:\Users\Edwin\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: C:\Users\Edwin\Downloads\CFScript.txt
* Neuer Wiederherstellungspunkt wurde erstellt
.

Second Part - still working, will post as soon as possible

nictria

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-11-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: Think Point Trouble!

Post by nictria on Sat 11 Dec 2010, 10:07 pm

Hello!

Sorry for the late reply, had an accendent with a broken arm and stay in hospital.

So now my logs:

First Part:

Log from Combofix:

ComboFix 10-12-09.08 - Edwin 11.12.2010 11:35:30.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.43.1031.18.2047.1298 [GMT 1:00]
ausgeführt von:: c:\users\Edwin\Downloads\ComboFix.exe
Benutzte Befehlsschalter :: c:\combofix\CFScript.txt.txt
.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Edwin\AppData\Local\Microsoft\Windows\Temporary Internet Files\{48C8C364-343E-4FD0-9EFD-D1F43F71E244}.xps

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MWKCU
-------\Service_mwkcu


((((((((((((((((((((((( Dateien erstellt von 2010-11-11 bis 2010-12-11 ))))))))))))))))))))))))))))))
.

2010-12-11 10:44 . 2010-12-11 10:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-12-11 10:44 . 2010-12-11 10:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-24 07:25 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-22 00:28 . 2010-11-22 00:28 -------- d-----w- c:\windows\pt-PT
2010-11-22 00:28 . 2010-11-22 00:28 -------- d-----w- c:\windows\system32\drivers\pt-PT
2010-11-22 00:28 . 2010-11-22 00:28 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-PT
2010-11-22 00:28 . 2010-11-22 00:28 -------- d-----w- c:\windows\system32\wbem\pt-PT
2010-11-22 00:28 . 2010-11-22 00:28 -------- d-----w- c:\windows\system32\pt
2010-11-22 00:23 . 2009-07-13 17:38 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-PT\LXKPTPRC.DLL.mui
2010-11-21 03:11 . 2010-11-21 03:11 -------- d-----w- c:\windows\lt-LT
2010-11-21 03:11 . 2010-11-21 03:11 -------- d-----w- c:\windows\system32\wbem\lt-LT
2010-11-21 03:11 . 2010-11-21 03:11 -------- d-----w- c:\windows\system32\drivers\lt-LT
2010-11-20 04:00 . 2010-11-20 04:00 -------- d-----w- c:\windows\ja-JP
2010-11-20 04:00 . 2010-11-20 04:00 -------- d-----w- c:\windows\system32\ja
2010-11-20 04:00 . 2010-11-20 04:00 -------- d-----w- c:\windows\system32\drivers\UMDF\ja-JP
2010-11-20 04:00 . 2010-11-20 04:00 -------- d-----w- c:\windows\system32\drivers\ja-JP
2010-11-20 04:00 . 2010-11-20 04:00 -------- d-----w- c:\windows\system32\0411
2010-11-20 04:00 . 2010-11-20 04:00 -------- d-----w- c:\windows\system32\wbem\ja-JP
2010-11-20 03:46 . 2009-07-13 18:43 3072 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ja-JP\LXKPTPRC.DLL.mui
2010-11-20 03:46 . 2009-07-13 17:15 377856 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpn.dll
2010-11-20 03:46 . 2009-07-13 17:15 1179136 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\imjplm.dll
2010-11-20 03:46 . 2009-07-13 17:15 9728 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\dicjp.dll
2010-11-20 03:46 . 2009-07-13 17:07 11507712 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\mshwjpnr.dll
2010-11-20 03:45 . 2009-07-13 17:16 266240 ----a-w- c:\windows\system32\lzhfldr2.dll
2010-11-20 03:41 . 2010-11-20 03:41 -------- d-----w- c:\windows\lv-LV
2010-11-20 03:41 . 2010-11-20 03:41 -------- d-----w- c:\windows\system32\drivers\lv-LV
2010-11-20 03:41 . 2010-11-20 03:41 -------- d-----w- c:\windows\system32\wbem\lv-LV
2010-11-20 03:26 . 2010-11-20 03:26 -------- d-----w- c:\windows\el-GR
2010-11-20 03:26 . 2010-11-20 03:26 -------- d-----w- c:\windows\system32\el
2010-11-20 03:26 . 2010-11-20 03:26 -------- d-----w- c:\windows\system32\drivers\el-GR
2010-11-20 03:26 . 2010-11-20 03:26 -------- d-----w- c:\windows\system32\drivers\UMDF\el-GR
2010-11-20 03:26 . 2010-11-20 03:26 -------- d-----w- c:\windows\system32\wbem\el-GR
2010-11-20 03:13 . 2009-07-13 17:41 4096 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\el-GR\LXKPTPRC.DLL.mui
2010-11-20 03:08 . 2010-11-20 03:08 -------- d-----w- c:\windows\tr-TR
2010-11-20 03:08 . 2010-11-20 03:08 -------- d-----w- c:\windows\system32\tr
2010-11-20 03:08 . 2010-11-20 03:08 -------- d-----w- c:\windows\system32\drivers\UMDF\tr-TR
2010-11-20 03:08 . 2010-11-20 03:08 -------- d-----w- c:\windows\system32\drivers\tr-TR
2010-11-20 03:08 . 2010-11-20 03:08 -------- d-----w- c:\windows\system32\wbem\tr-TR
2010-11-20 02:58 . 2009-07-13 17:47 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\tr-TR\LXKPTPRC.DLL.mui
2010-11-20 02:53 . 2010-11-20 02:53 -------- d-----w- c:\windows\system32\hu
2010-11-20 02:53 . 2010-11-20 02:53 -------- d-----w- c:\windows\system32\drivers\UMDF\hu-HU
2010-11-20 02:53 . 2010-11-20 02:53 -------- d-----w- c:\windows\system32\drivers\hu-HU
2010-11-20 02:53 . 2010-11-20 02:53 -------- d-----w- c:\windows\system32\wbem\hu-HU
2010-11-20 02:53 . 2010-11-20 02:53 -------- d-----w- c:\windows\hu-HU
2010-11-20 02:44 . 2009-07-13 17:38 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hu-HU\LXKPTPRC.DLL.mui
2010-11-20 02:29 . 2010-11-20 02:29 -------- d-----w- c:\windows\nl-NL
2010-11-20 02:29 . 2010-11-20 02:29 -------- d-----w- c:\windows\system32\nl
2010-11-20 02:29 . 2010-11-20 02:29 -------- d-----w- c:\windows\system32\0413
2010-11-20 02:29 . 2010-11-20 02:29 -------- d-----w- c:\windows\system32\drivers\nl-NL
2010-11-20 02:29 . 2010-11-20 02:29 -------- d-----w- c:\windows\system32\drivers\UMDF\nl-NL
2010-11-20 02:29 . 2010-11-20 02:29 -------- d-----w- c:\windows\system32\wbem\nl-NL
2010-11-20 02:18 . 2009-07-13 17:39 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\nl-NL\LXKPTPRC.DLL.mui
2010-11-20 02:13 . 2010-11-20 02:13 -------- d-----w- c:\windows\da-DK
2010-11-20 02:13 . 2010-11-20 02:13 -------- d-----w- c:\windows\system32\drivers\UMDF\da-DK
2010-11-20 02:13 . 2010-11-20 02:13 -------- d-----w- c:\windows\system32\drivers\da-DK
2010-11-20 02:13 . 2010-11-20 02:13 -------- d-----w- c:\windows\system32\da
2010-11-20 02:13 . 2010-11-20 02:13 -------- d-----w- c:\windows\system32\wbem\da-DK
2010-11-20 02:03 . 2009-07-13 17:42 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\da-DK\LXKPTPRC.DLL.mui
2010-11-20 01:59 . 2010-11-20 01:59 -------- d-----w- c:\windows\system32\sv
2010-11-20 01:59 . 2010-11-20 01:59 -------- d-----w- c:\windows\system32\drivers\UMDF\sv-SE
2010-11-20 01:59 . 2010-11-20 01:59 -------- d-----w- c:\windows\system32\drivers\sv-SE
2010-11-20 01:59 . 2010-11-20 01:59 -------- d-----w- c:\windows\system32\wbem\sv-SE
2010-11-20 01:59 . 2010-11-20 01:59 -------- d-----w- c:\windows\sv-SE
2010-11-20 01:50 . 2009-07-13 17:37 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\sv-SE\LXKPTPRC.DLL.mui
2010-11-20 01:46 . 2010-11-20 01:46 -------- d-----w- c:\windows\ro-RO
2010-11-20 01:46 . 2010-11-20 01:46 -------- d-----w- c:\windows\system32\drivers\ro-RO
2010-11-20 01:46 . 2010-11-20 01:46 -------- d-----w- c:\windows\system32\wbem\ro-RO
2010-11-20 01:32 . 2010-11-20 01:32 -------- d-----w- c:\windows\ar-SA
2010-11-20 01:32 . 2010-11-20 01:32 -------- d-----w- c:\windows\system32\drivers\UMDF\ar-SA
2010-11-20 01:32 . 2010-11-20 01:32 -------- d-----w- c:\windows\system32\drivers\ar-SA
2010-11-20 01:32 . 2010-11-20 01:32 -------- d-----w- c:\windows\system32\ar
2010-11-20 01:32 . 2010-11-20 01:32 -------- d-----w- c:\windows\system32\wbem\ar-SA
2010-11-20 01:21 . 2009-07-13 17:42 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ar-SA\LXKPTPRC.DLL.mui
2010-11-20 01:16 . 2010-11-20 01:16 -------- d-----w- c:\windows\system32\drivers\bg-BG
2010-11-20 01:16 . 2010-11-20 01:16 -------- d-----w- c:\windows\bg-BG
2010-11-20 01:16 . 2010-11-20 01:16 -------- d-----w- c:\windows\system32\wbem\bg-BG
2010-11-20 01:06 . 2010-11-20 01:06 -------- d-----w- c:\windows\pl-PL
2010-11-20 01:06 . 2010-11-20 01:06 -------- d-----w- c:\windows\system32\drivers\pl-PL
2010-11-20 01:06 . 2010-11-20 01:06 -------- d-----w- c:\windows\system32\drivers\UMDF\pl-PL
2010-11-20 01:06 . 2010-11-20 01:06 -------- d-----w- c:\windows\system32\wbem\pl-PL
2010-11-20 01:06 . 2010-11-20 01:06 -------- d-----w- c:\windows\system32\pl
2010-11-20 00:59 . 2009-07-13 17:39 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pl-PL\LXKPTPRC.DLL.mui
2010-11-20 00:54 . 2010-11-20 00:54 -------- d-----w- c:\windows\pt-BR
2010-11-20 00:54 . 2010-11-20 00:54 -------- d-----w- c:\windows\system32\drivers\pt-BR
2010-11-20 00:54 . 2010-11-20 00:54 -------- d-----w- c:\windows\system32\drivers\UMDF\pt-BR
2010-11-20 00:54 . 2010-11-20 00:54 -------- d-----w- c:\windows\system32\wbem\pt-BR
2010-11-20 00:47 . 2009-07-13 17:48 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\pt-BR\LXKPTPRC.DLL.mui
2010-11-20 00:43 . 2010-11-20 00:43 -------- d-----w- c:\windows\system32\drivers\UMDF\ru-RU
2010-11-20 00:43 . 2010-11-20 00:43 -------- d-----w- c:\windows\system32\drivers\ru-RU
2010-11-20 00:43 . 2010-11-20 00:43 -------- d-----w- c:\windows\system32\ru
2010-11-20 00:43 . 2010-11-20 00:43 -------- d-----w- c:\windows\system32\wbem\ru-RU
2010-11-20 00:42 . 2010-11-20 00:42 -------- d-----w- c:\windows\ru-RU
2010-11-20 00:34 . 2009-07-13 17:44 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\ru-RU\LXKPTPRC.DLL.mui
2010-11-20 00:29 . 2010-11-20 00:29 -------- d-----w- c:\windows\system32\es
2010-11-20 00:29 . 2010-11-20 00:29 -------- d-----w- c:\windows\system32\drivers\UMDF\es-ES
2010-11-20 00:29 . 2010-11-20 00:29 -------- d-----w- c:\windows\system32\drivers\es-ES
2010-11-20 00:29 . 2010-11-20 00:29 -------- d-----w- c:\windows\system32\0C0A
2010-11-20 00:29 . 2010-11-20 00:29 -------- d-----w- c:\windows\system32\wbem\es-ES
2010-11-20 00:29 . 2010-11-20 00:29 -------- d-----w- c:\windows\es-ES
2010-11-20 00:21 . 2009-07-13 17:37 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\es-ES\LXKPTPRC.DLL.mui
2010-11-20 00:18 . 2010-11-20 00:18 -------- d-----w- c:\windows\system32\drivers\th-TH
2010-11-20 00:18 . 2010-11-20 00:18 -------- d-----w- c:\windows\system32\wbem\th-TH
2010-11-20 00:18 . 2010-11-20 00:18 -------- d-----w- c:\windows\th-TH
2010-11-20 00:08 . 2010-11-20 00:08 -------- d-----w- c:\windows\system32\he
2010-11-20 00:08 . 2010-11-20 00:08 -------- d-----w- c:\windows\system32\drivers\UMDF\he-IL
2010-11-20 00:08 . 2010-11-20 00:08 -------- d-----w- c:\windows\system32\drivers\he-IL
2010-11-20 00:08 . 2010-11-20 00:08 -------- d-----w- c:\windows\system32\wbem\he-IL
2010-11-20 00:07 . 2010-11-20 00:07 -------- d-----w- c:\windows\he-IL
2010-11-20 00:00 . 2009-07-13 17:33 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\he-IL\LXKPTPRC.DLL.mui
2010-11-19 23:57 . 2010-11-19 23:57 -------- d-----w- c:\windows\sr-Latn-CS
2010-11-19 23:57 . 2010-11-19 23:57 -------- d-----w- c:\windows\system32\wbem\sr-Latn-CS
2010-11-19 23:57 . 2010-11-19 23:57 -------- d-----w- c:\windows\system32\drivers\sr-Latn-CS
2010-11-19 23:48 . 2010-11-19 23:48 -------- d-----w- c:\windows\uk-UA
2010-11-19 23:48 . 2010-11-19 23:48 -------- d-----w- c:\windows\system32\drivers\uk-UA
2010-11-19 23:48 . 2010-11-19 23:48 -------- d-----w- c:\windows\system32\wbem\uk-UA
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\windows\it-IT
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\windows\system32\drivers\it-IT
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\windows\system32\drivers\UMDF\it-IT
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\windows\system32\0410
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\windows\system32\wbem\it-IT
2010-11-19 23:39 . 2010-11-19 23:39 -------- d-----w- c:\windows\system32\it
2010-11-19 23:33 . 2009-07-13 17:44 3584 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\it-IT\LXKPTPRC.DLL.mui
2010-11-19 23:30 . 2010-11-19 23:30 -------- d-----w- c:\windows\sk-SK
2010-11-19 23:30 . 2010-11-19 23:30 -------- d-----w- c:\windows\system32\drivers\sk-SK
2010-11-19 23:30 . 2010-11-19 23:30 -------- d-----w- c:\windows\system32\wbem\sk-SK

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-24 07:03 . 2010-10-31 11:31 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-02 20:18 . 2010-10-31 11:31 126856 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-10-31 18:08 . 2010-10-31 18:09 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 09:41 . 2010-10-30 21:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-18 07:41 . 2010-10-30 21:10 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C87781AB-2618-438C-AD70-A5F11C209C44}\mpengine.dll
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-21 13:03 . 2010-09-21 13:03 208768 ----a-w- c:\windows\system32\LIVESSP.DLL
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-10-18 11:26 3908192 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-10-18 3908192]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-11-04 328568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-11-02 403624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 136176]
R3 cpuz134;cpuz134;c:\users\Edwin\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-30 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]

.
Inhalt des "geplante Tasks" Ordners

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 18:52]

2010-12-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-10-31 18:52]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ybr46db5.default\
FF - component: c:\users\Edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ybr46db5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\FFExternalAlert.dll
FF - component: c:\users\Edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ybr46db5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}\components\RadioWMPCore.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\users\Edwin\AppData\Roaming\Mozilla\Firefox\Profiles\ybr46db5.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-12-11 11:51:13
ComboFix-quarantined-files.txt 2010-12-11 10:51
ComboFix2.txt 2010-10-31 17:24

Vor Suchlauf: 11 Verzeichnis(se), 13.317.275.648 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 13.277.765.632 Bytes frei

- - End Of File - - 9E743379B62428AA09D52159865DA557



Second Part:
Malwarebytes Scan:


Malwarebytes' Anti-Malware 1.50
[You must be registered and logged in to see this link.]

Datenbank Version: 5293

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.12.2010 11:59:09
mbam-log-2010-12-11 (11-59-09).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 134743
Laufzeit: 4 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

nictria

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-11-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: Think Point Trouble!

Post by Sneakyone on Mon 13 Dec 2010, 6:22 am

Hi,

Sorry to hear that.

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Think Point Trouble!

Post by nictria on Wed 29 Dec 2010, 7:39 pm

Hello!
I did many scans, it says always following:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK

nictria

Newbie Surfer
Newbie Surfer

Posts : 6
Joined : 2010-11-01
Operating System : Windows 7

View user profile

Back to top Go down

Re: Think Point Trouble!

Post by Sneakyone on Thu 30 Dec 2010, 7:16 pm

Hi,

How is your computer running now?


I'm livin' life in the fast lane.


Sneakyone

Tech Officer
Tech Officer

Posts : 2707
Joined : 2010-01-10
Operating System : Windows 7 Ultimate 64-bit

View user profile http://twitter.com/AVerySneakyone

Back to top Go down

Re: Think Point Trouble!

Post by Sponsored content Today at 8:03 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum