Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 'C:\Users\***\AppData\Roaming\install\svchost.exe'

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.06.2010, 19:57   #1
Sc4v
 
'C:\Users\***\AppData\Roaming\install\svchost.exe' - Standard

'C:\Users\***\AppData\Roaming\install\svchost.exe'



Hallo alle miteinander!

Habe eben meinen PC (Windows 7 64bit) gestartet und mein Avira Antivir Personal hat mir sofort Maleware gemeldet!
Ich habe wirklich keine Ahnung wo ich ihn mir eingefangen haben könnte!

Hier der Bericht von Avira:
Code:
ATTFilter
Die Datei 'C:\Users\***\AppData\Roaming\install\svchost.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.Gen' [trojan].
Durchgeführte Aktion(en):
Der Registrierungseintrag <HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\HKCU> konnte nicht entfernt werden.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4965bd58.qua' verschoben!
         
Habe mich natürlich via Google schlau gemacht um den Virus zu identifizieren, über ihn zu lernen und ihn hoffentlich zu vernichten! Ich fand jedoch lediglich Berichte der selben Datei als ungefährliches Windowsprogramm oder als fieser Virus im Systemordner. Doch dieser Virus befindet sich im Roaming Ordner und deshalb wollte ich lieber fachkundige Meinung einholen bevor ich mein System unnötig neu aufsetze!

Ebenfalls habe ich natürlich auch eine HijackThis Log erstellt:

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:32:59, on 07.06.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\VMware\VMware Player\hqtray.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ICQ7.1\ICQ.exe
C:\Users\XXX\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [0x017] 0x017
O4 - HKCU\..\Run: [systemupdate.exe] C:\windows\systemupdate.exe
O4 - HKCU\..\Run: [updat.exe] C:\windows\updat.exe
O4 - HKCU\..\Run: [HKCU] C:\Users\XXX\AppData\Roaming\install\svchost.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\vmware\vmware player\vsocklib.dll
O13 - Gopher Prefix: 
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Browser Configuration Utility Service (BCUService) - DeviceVM, Inc. - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: JMB36X - Unknown owner - C:\Windows\SysWOW64\XSrvSetup.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9762 bytes
         
--- --- ---


Dabei denke ich, dass gerade dieser Eintrag von nutzen ist:

Code:
ATTFilter
O4 - HKCU\..\Run: [HKCU] C:\Users\XXX\AppData\Roaming\install\svchost.exe
         
Ich bitte um Hilfe und nutze die Gelegenheit nachdem ihr jetzt sowieso mein System kennt, was kann ich was Sicherheit angeht noch verbessern? (Ja ich habe mir die FAQs etc hier auch durchgelesen aber eine Live Beurteilung wäre trotzdem Spitze!)

Liebsten Gruß
Sc4v

//EDIT
Wahrscheinlich sicher erwähnenswert:
Die .exe lässt sich von Hand löschen und auch mit TuneUp shreddern aber 3 Sekunden später taucht sie wieder auf!

Alt 07.06.2010, 23:15   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
'C:\Users\***\AppData\Roaming\install\svchost.exe' - Standard

'C:\Users\***\AppData\Roaming\install\svchost.exe'



Hallo und

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 08.06.2010, 19:45   #3
Sc4v
 
'C:\Users\***\AppData\Roaming\install\svchost.exe' - Standard

'C:\Users\***\AppData\Roaming\install\svchost.exe'



hi,

danke fürs Willkommenheißen.

Ich habe bereits mit Eigeninitiative Malewarebytes Quickscan ausgeführt und somit 6 Viren gekillt (Namen wie zB xXx.XxX, Updat.exe und auch die svchost.exe) --> Neustart und erneuter Scan mit Avira und Malewarebytes brachte keine weiteren Funde oder Warnungen.

Dennoch ich poste gleich die Log von Malewarebytes nachdem sie durch ist und die von OTL.

Lg und vielen dank schonmal
Sc4v

PS: Ich hoffe ich habe eine Chance virenfrei zu sein


//EDIT
hier die alten logs schonmal von malewarebytes (war aber ein schnelldurchlauf)

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.06.2010 20:58:31
mbam-log-2010-06-07 (20-58-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129965
Laufzeit: 3 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hkcu (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Sc4v\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.
C:\Users\Sc4v\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Sc4v\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Sc4v\AppData\Roaming\install\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
         
Dann nach einem neustart erneutes durchlaufen

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.06.2010 21:23:27
mbam-log-2010-06-07 (21-23-27).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129237
Laufzeit: 2 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Die anderen gewünschten folgen!
__________________

Geändert von Sc4v (08.06.2010 um 20:04 Uhr)

Alt 08.06.2010, 20:29   #4
Sc4v
 
'C:\Users\***\AppData\Roaming\install\svchost.exe' - Standard

'C:\Users\***\AppData\Roaming\install\svchost.exe'



Extras.txt

Code:
ATTFilter
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 08.06.2010 20:17:37 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Sc4v\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 57,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 45,56 Gb Free Space | 58,39% Space Free | Partition Type: NTFS
Drive D: | 387,64 Gb Total Space | 109,55 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SC4V-PC
Current User Name: Sc4v
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files (x86)\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- C:\Program Files (x86)\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{11EB1163-5761-4BC6-8F48-98DCF6A46BBF}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53C900F7-0CB1-3EDE-B9F3-76EDE6F0C253}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6741B646-3DBE-AF40-75FA-959847831D9F}" = ATI Catalyst Install Manager
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{956C3A74-CC73-4951-6FB7-1E484B0ABF85}" = ccc-utility64
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C9378F0F-B547-5506-165D-98F235F11514}" = ATI AVIVO64 Codecs
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F75FFCEC-4807-319D-A186-5117EDFE8115}" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU" = Microsoft Visual Studio 2008 Remote Debugger Light (x64) - DEU
"Sandboxie" = Sandboxie 3.442 (64-bit)
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{000E79B7-E725-4F01-870A-C12942B7F8E4}" = Crysis(R)
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02EE0368-37D0-B8D6-CD94-6224C33011BC}" = CCC Help Chinese Standard
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1367FA2F-2B3D-430F-872F-588B93420BFC}" = TimeShift
"{13B792AA-C078-43A4-8A3A-8B12D629940D}" = Counter-Strike 1.6
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{17BADF87-3597-46FE-8D74-69C4FA78883E}" = Gothic 3
"{1F1C068F-4965-4E84-4868-BADCA7E480CE}" = CCC Help Danish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{217254AD-7DC2-8E55-B0AA-DF40293E2568}" = Catalyst Control Center Graphics Full Existing
"{2319A25C-57C8-148A-B89E-963B691F80AB}" = CCC Help Hungarian
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{2AF93414-6137-78ED-FE12-F7B9AF2E8093}" = CCC Help Dutch
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{32C50807-7764-F554-3FFB-E1EFA38A17A4}" = CCC Help Norwegian
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Cinfigurer
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B19CE3D-C4D3-A873-C5DB-11349E0B62DF}" = HydraVision
"{3B8CED8E-3210-499C-CF55-839C77DDA5A8}" = CCC Help Japanese
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{462E2065-E54B-4CFD-87A2-BAE82EEFACD1}" = Catalyst Control Center Core Implementation
"{46D1B803-63C8-B1F7-F803-2CABFF3BADD3}" = CCC Help French
"{47AA42FD-0450-4CB4-ADAF-B6E770AA7B2F}" = Sony Media Manager 2.2
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4BBDC0E5-6457-CDB9-F1C4-C79321D448AA}" = CCC Help Portuguese
"{52D1D62C-FEAB-4580-849E-1DB624BADBBD}" = DiRT2
"{54194F60-988C-4D03-B922-C2B00EFDA39A}" = NVIDIA PhysX
"{54A4CA37-EBF2-0512-C4C7-E432FEDD148B}" = CCC Help Swedish
"{557EDA52-5803-C91F-A0A5-635317063D8D}" = Catalyst Control Center Graphics Full New
"{5656D5EA-34E3-48FD-CA55-601925BF13AF}" = CCC Help Russian
"{57C5D662-5479-4DD1-97F8-F714425DDF0D}_is1" = Power Of Defense Demo: Defend Your World
"{5A9A2B89-58BC-DFB9-CF7F-1127A26A6D1D}" = CCC Help Spanish
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65A7D970-7915-4311-E3CC-08745BDF6A66}" = CCC Help English
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6AC06152-AD39-D387-6D3B-2A4D0556F207}" = Catalyst Control Center Graphics Previews Common
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7222FE15-CEDA-9142-A488-CB4AA559F7F9}" = Catalyst Control Center Graphics Previews Vista
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{771A2007-443E-9A62-06A3-6ADB6BEDA9C4}" = CCC Help Czech
"{78D8028B-D2BA-A3B9-2EA8-D30F25E3F87F}" = ccc-core-static
"{7E06305E-6E2C-EBFA-69E9-782891EF06EF}" = Catalyst Control Center Localization All
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{8055552F-62EB-CA8A-ECA6-E12422199FFA}" = CCC Help Chinese Traditional
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.20
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{934DE9F7-7498-0FC4-FC6A-166097F218F4}" = CCC Help Italian
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{A53A11EA-0095-493F-86FA-A15E8A86A405}" = VMware Player
"{A5ACDF54-6963-B634-2444-6A694B6CF7A3}" = CCC Help Finnish
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ADFE8E88-7288-677A-114B-098547ED85CE}" = CCC Help Thai
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B571B309-5E65-3DCE-8DE7-205DE2D366C3}" = Microsoft Visual C++ 2008 Express Edition - DEU
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B7E797F4-2642-BEF9-055B-13B930C9D665}" = CCC Help German
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{C139A440-9691-AB3C-8AFB-F8FCAC960014}" = CCC Help Polish
"{C2E5BF6B-2DB2-4D18-BB27-75C20CC35A96}" = Die Siedler 7 DEMO
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C3A5A0C9-5DBE-7A06-1285-D00F21E19FCF}" = Catalyst Control Center Graphics Light
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C91B7063-6966-A498-7FBA-BCF0A6EBD0B1}" = CCC Help Korean
"{CC53FB29-E042-1744-2D35-DE2A100B6210}" = CCC Help Greek
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.3.22 Game
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine (SONY_MEDIAMGR)
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{EC6BAAC5-F5E0-48D4-B4B6-7C654DD54086}" = Sony Vegas 7.0
"{EDF3EEF2-F0B9-440B-B8B9-A61F2DA8C78A}" = fortePivot
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F8266E63-44B0-5CD2-B29E-DA522ABFCFD1}" = CCC Help Turkish
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE2188AD-BDFA-AC75-F326-86043F06B48F}" = Catalyst Control Center HydraVision Full
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"Age of Empires 2.0" = Microsoft Age of Empires II
"Audacity_is1" = Audacity 1.2.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blender" = Blender (remove only)
"Blocks 5_is1" = Blocks 5
"Call of Duty Modern Warfare 2_is1" = Call of Duty Modern Warfare 2
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DarthMod Ultimate Commander Edition" = DarthMod Ultimate Commander Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}" = Call of Duty(R) 2
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MatrixEngine 1.0" = MatrixEngine
"Metro 2033_is1" = Metro 2033
"Microsoft Visual C++ 2008 Express Edition - DEU" = Microsoft Visual C++ 2008 Express Edition - DEU
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OpenAL" = OpenAL
"Steam App 10" = Counter-Strike
"Steam App 10500" = Empire: Total War
"TuneUp Utilities" = TuneUp Utilities
"VLC media player" = VLC media player 0.9.8a
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 23.05.2010 19:19:32 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cod2mp_s.exe, Version: 0.0.0.0, Zeitstempel:
 0x442ca485  Name des fehlerhaften Moduls: cod2mp_s.exe, Version: 0.0.0.0, Zeitstempel:
 0x442ca485  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0017fa72  ID des fehlerhaften Prozesses:
 0xdec  Startzeit der fehlerhaften Anwendung: 0x01caface629c5536  Pfad der fehlerhaften
 Anwendung: D:\Spiele\CoD2\cod2mp_s.exe  Pfad des fehlerhaften Moduls: D:\Spiele\CoD2\cod2mp_s.exe
Berichtskennung:
 a4107a89-66c1-11df-9e0f-005056c00008
 
Error - 23.05.2010 19:21:03 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: cod2mp_s.exe, Version: 0.0.0.0, Zeitstempel:
 0x442ca485  Name des fehlerhaften Moduls: cod2mp_s.exe, Version: 0.0.0.0, Zeitstempel:
 0x442ca485  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0017fa72  ID des fehlerhaften Prozesses:
 0xb38  Startzeit der fehlerhaften Anwendung: 0x01caface9a2ef893  Pfad der fehlerhaften
 Anwendung: D:\Spiele\CoD2\cod2mp_s.exe  Pfad des fehlerhaften Moduls: D:\Spiele\CoD2\cod2mp_s.exe
Berichtskennung:
 daa1f974-66c1-11df-9e0f-005056c00008
 
Error - 23.05.2010 19:21:21 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CoD2MP_s.exe, Version: 0.0.0.0, Zeitstempel:
 0x442ca485  Name des fehlerhaften Moduls: CoD2MP_s.exe, Version: 0.0.0.0, Zeitstempel:
 0x442ca485  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0017fa72  ID des fehlerhaften Prozesses:
 0x6e0  Startzeit der fehlerhaften Anwendung: 0x01cafacea547871e  Pfad der fehlerhaften
 Anwendung: D:\Spiele\CoD2\CoD2MP_s.exe  Pfad des fehlerhaften Moduls: D:\Spiele\CoD2\CoD2MP_s.exe
Berichtskennung:
 e570cd00-66c1-11df-9e0f-005056c00008
 
Error - 23.05.2010 19:21:37 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: CoD2MP_s.exe, Version: 0.0.0.0, Zeitstempel:
 0x442ca485  Name des fehlerhaften Moduls: CoD2MP_s.exe, Version: 0.0.0.0, Zeitstempel:
 0x442ca485  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0017fa72  ID des fehlerhaften Prozesses:
 0xed4  Startzeit der fehlerhaften Anwendung: 0x01cafaceae0993d8  Pfad der fehlerhaften
 Anwendung: D:\Spiele\CoD2\CoD2MP_s.exe  Pfad des fehlerhaften Moduls: D:\Spiele\CoD2\CoD2MP_s.exe
Berichtskennung:
 ee7e1b5f-66c1-11df-9e0f-005056c00008
 
Error - 28.05.2010 09:10:17 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16404,
 Zeitstempel: 0x4a765771  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000000000
ID
 des fehlerhaften Prozesses: 0x550  Startzeit der fehlerhaften Anwendung: 0x01cafe6690acff6c
Pfad
 der fehlerhaften Anwendung: C:\Windows\Explorer.EXE  Pfad des fehlerhaften Moduls:
 unknown  Berichtskennung: 5b964798-6a5a-11df-84e7-005056c00008
 
Error - 28.05.2010 09:51:53 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Sculptris.exe, Version: 0.0.0.0, 
Zeitstempel: 0x4bf807fe  Name des fehlerhaften Moduls: Sculptris.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bf807fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001fb78  ID des fehlerhaften
 Prozesses: 0x12c4  Startzeit der fehlerhaften Anwendung: 0x01cafe6ba074b17d  Pfad der
 fehlerhaften Anwendung: D:\Programmierung\sculptris\Sculptris.exe  Pfad des fehlerhaften
 Moduls: D:\Programmierung\sculptris\Sculptris.exe  Berichtskennung: 2b51c567-6a60-11df-84e7-005056c00008
 
Error - 31.05.2010 05:50:15 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Sculptris.exe, Version: 0.0.0.0, 
Zeitstempel: 0x4bf807fe  Name des fehlerhaften Moduls: Sculptris.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4bf807fe  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0001fb78  ID des fehlerhaften
 Prozesses: 0xf64  Startzeit der fehlerhaften Anwendung: 0x01cb00a627e7768e  Pfad der
 fehlerhaften Anwendung: D:\Programmierung\sculptris\Sculptris.exe  Pfad des fehlerhaften
 Moduls: D:\Programmierung\sculptris\Sculptris.exe  Berichtskennung: e913f2f2-6c99-11df-ac32-005056c00008
 
Error - 31.05.2010 10:09:32 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Matrix Engine.exe, Version: 3463.6512.0.5132,
 Zeitstempel: 0x4b770af2  Name des fehlerhaften Moduls: MSVBVM60.DLL, Version: 6.0.98.15,
 Zeitstempel: 0x4a5bda6c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000e6c52  ID des fehlerhaften
 Prozesses: 0x101c  Startzeit der fehlerhaften Anwendung: 0x01cb00cade8fd037  Pfad der
 fehlerhaften Anwendung: D:\Setups\tools\Office 03\word\windows\sf\Matrix Engine.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\MSVBVM60.DLL  Berichtskennung: 21c39919-6cbe-11df-ac32-005056c00008
 
Error - 01.06.2010 09:34:20 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 1.9.2.3743,
 Zeitstempel: 0x4bb4be02  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x24118f55  ID des fehlerhaften
 Prozesses: 0xf20  Startzeit der fehlerhaften Anwendung: 0x01cb016fb003330d  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 6159fd48-6d82-11df-9400-005056c00008
 
Error - 03.06.2010 21:01:45 | Computer Name = Sc4v-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ArcherDefense.exe, Version: 0.0.0.0,
 Zeitstempel: 0x4ad899f4  Name des fehlerhaften Moduls: ArcherDefense.exe, Version:
 0.0.0.0, Zeitstempel: 0x4ad899f4  Ausnahmecode: 0xc0000094  Fehleroffset: 0x00009839
ID
 des fehlerhaften Prozesses: 0x12bc  Startzeit der fehlerhaften Anwendung: 0x01cb03817b2d1512
Pfad
 der fehlerhaften Anwendung: D:\Programmierung\c++\alt\Spiele\ArcherDefense\ArcherDefense.exe
Pfad
 des fehlerhaften Moduls: D:\Programmierung\c++\alt\Spiele\ArcherDefense\ArcherDefense.exe
Berichtskennung:
 be163f4c-6f74-11df-817d-005056c00008
 
[ System Events ]
Error - 31.05.2010 02:09:07 | Computer Name = Sc4v-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{2f4aee29-4a65-11df-95fd-806e6f6e6963}" können nicht gelesen werden.
 
Error - 31.05.2010 02:09:11 | Computer Name = Sc4v-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
Error - 01.06.2010 04:53:01 | Computer Name = Sc4v-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 01.06.2010 04:53:14 | Computer Name = Sc4v-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{2f4aee29-4a65-11df-95fd-806e6f6e6963}" können nicht gelesen werden.
 
Error - 01.06.2010 04:53:20 | Computer Name = Sc4v-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
Error - 01.06.2010 05:47:00 | Computer Name = Sc4v-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 01.06.2010 05:47:11 | Computer Name = Sc4v-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{2f4aee29-4a65-11df-95fd-806e6f6e6963}" können nicht gelesen werden.
 
Error - 01.06.2010 05:47:17 | Computer Name = Sc4v-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
Error - 02.06.2010 11:43:19 | Computer Name = Sc4v-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 02.06.2010 11:43:29 | Computer Name = Sc4v-PC | Source = Microsoft-Windows-BitLocker-Driver | ID = 24620
Description = Überprüfung des verschlüsselten Volumes: Die Volumeinformationen auf
 "\\?\Volume{2f4aee29-4a65-11df-95fd-806e6f6e6963}" können nicht gelesen werden.
 
 
< End of report >
         
--- --- ---

Alt 08.06.2010, 20:31   #5
Sc4v
 
'C:\Users\***\AppData\Roaming\install\svchost.exe' - Standard

'C:\Users\***\AppData\Roaming\install\svchost.exe'



Erstmal sorry für den Tipplepost!!!!
Ich weiß ich weiß ich bin

Mein Problem war einfach, der Post wäre länger als 75000 Zeichen, deswegen musste(!!!) ich ihn spalten.

Gestrige Malewarebytes Log siehe vorletzter Post.

Heutiger vollständiger Malewarebytes Log

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4176

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

08.06.2010 20:15:33
mbam-log-2010-06-08 (20-15-33).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 329511
Laufzeit: 27 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

OTL.txt


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.06.2010 20:17:37 - Run 1
OTL by OldTimer - Version 3.2.5.3     Folder = C:\Users\Sc4v\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 57,00% Memory free
12,00 Gb Paging File | 9,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 78,03 Gb Total Space | 45,56 Gb Free Space | 58,39% Space Free | Partition Type: NTFS
Drive D: | 387,64 Gb Total Space | 109,55 Gb Free Space | 28,26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: SC4V-PC
Current User Name: Sc4v
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Users\Sc4v\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
PRC - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
PRC - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
PRC - C:\Windows\SysWOW64\XSrvSetup.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Sc4v\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (msvsmon90) -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe (Microsoft Corporation)
SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (aspnet_state) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.)
SRV - (JMB36X) -- C:\Windows\SysWOW64\XSrvSetup.exe ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ufad-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vmware-ufad.exe (VMware, Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (MSSQL$SONY_MEDIAMGR) -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (Microsoft Corporation)
SRV - (SQLAgent$SONY_MEDIAMGR) -- C:\Program Files (x86)\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (Microsoft Corporation)
SRV - (MSSQLServerADHelper) -- C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis)
DRV:64bit: - (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251) -- C:\Windows\SysNative\drivers\tdrpm251.sys (Acronis)
DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis)
DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (pwdrvio) -- C:\Windows\SysNative\pwdrvio.sys ()
DRV:64bit: - (pwdspio) -- C:\Windows\SysNative\pwdspio.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (StarOpen) -- C:\Windows\SysNative\drivers\StarOpen.sys ()
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.)
DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.)
DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.)
DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.)
DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.)
DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.)
DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (CSC) -- C:\Windows\CSC [2010.04.17 23:07:32 | 000,000,000 | ---D | M]
DRV - (SbieDrv) -- C:\Programme\Sandboxie\SbieDrv.sys (tzuk)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (StarOpen) -- C:\Windows\SysWOW64\drivers\StarOpen.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (vstor2-ws60) -- C:\Program Files (x86)\VMware\VMware Player\vstor2-ws60.sys (VMware, Inc.)
DRV - (adfs) -- C:\Windows\SysWOW64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (prohlp02) -- C:\Windows\System32\drivers\prohlp02.sys (Protection Technology)
DRV - (prodrv06) -- C:\Windows\System32\drivers\prodrv06.sys (Protection Technology)
DRV - (prosync1) -- C:\Windows\System32\drivers\prosync1.sys (Protection Technology)
DRV - (sfhlp01) -- C:\Windows\System32\drivers\sfhlp01.sys (Protection Technology)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 E2 1D CC 51 DE CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.19 21:16:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.31 16:09:40 | 000,000,000 | ---D | M]
 
[2010.04.19 13:20:44 | 000,000,000 | ---D | M] -- C:\Users\Sc4v\AppData\Roaming\mozilla\Extensions
[2010.06.08 17:55:33 | 000,000,000 | ---D | M] -- C:\Users\Sc4v\AppData\Roaming\mozilla\Firefox\Profiles\pc3ak93u.default\extensions
[2010.05.03 19:02:21 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Sc4v\AppData\Roaming\mozilla\Firefox\Profiles\pc3ak93u.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.05.02 16:38:52 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Sc4v\AppData\Roaming\mozilla\Firefox\Profiles\pc3ak93u.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.31 15:24:09 | 000,002,004 | ---- | M] () -- C:\Users\Sc4v\AppData\Roaming\Mozilla\FireFox\Profiles\pc3ak93u.default\searchplugins\3dlam-suche.xml
[2010.04.19 13:20:12 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2006.06.16 11:16:04 | 000,205,312 | ---- | M] (NETDIMENSION CORPORATION) -- C:\Program Files (x86)\mozilla firefox\plugins\NPMXENG.DLL
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Program Files (x86)\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{7814bd86-4bab-11df-8ea0-6cf049e02be8}\Shell - "" = AutoRun
O33 - MountPoints2\{7814bd86-4bab-11df-8ea0-6cf049e02be8}\Shell\AutoRun\command - "" = J:\AutoRunCD.exe -- File not found
O33 - MountPoints2\{c90f24ed-4bb9-11df-94c6-6cf049e02be8}\Shell - "" = AutoRun
O33 - MountPoints2\{c90f24ed-4bb9-11df-94c6-6cf049e02be8}\Shell\AutoRun\command - "" = H:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (auto_reactivate \\?\Volume{2f4aee2a-4a65-11df-95fd-806e6f6e6963}\bootwiz\asrm.bin) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.08 20:16:43 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\Sc4v\Desktop\OTL.exe
[2010.06.07 22:07:43 | 002,717,096 | ---- | C] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2010.06.07 22:07:35 | 000,000,000 | RHSD | C] -- C:\bootwiz
[2010.06.07 21:46:39 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\AppData\Roaming\Acronis
[2010.06.07 21:46:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010.06.07 21:44:33 | 000,250,400 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010.06.07 21:44:32 | 001,455,648 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm251.sys
[2010.06.07 21:44:31 | 000,929,312 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.06.07 21:44:26 | 000,254,496 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010.06.07 21:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010.06.07 21:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Acronis
[2010.06.07 20:49:00 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\AppData\Roaming\Malwarebytes
[2010.06.07 20:48:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.06.07 20:48:51 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.06.07 20:48:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.06.07 20:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.07 20:00:06 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\Desktop\Neuer Ordner
[2010.05.31 19:57:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Project64 1.6
[2010.05.31 16:14:05 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3drm.dll
[2010.05.31 16:09:41 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\AppData\Roaming\install
[2010.05.31 16:09:40 | 000,000,000 | ---D | C] -- C:\Programme\MatrixEngine 1.0
[2010.05.31 10:30:22 | 000,122,968 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.05.28 15:52:15 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\AppData\Roaming\Blender Foundation
[2010.05.28 15:52:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blender Foundation
[2010.05.24 01:16:38 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010.05.24 00:21:04 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\Documents\Battlefield 2
[2010.05.21 20:44:41 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.05.21 20:43:16 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.05.21 20:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010.05.21 20:41:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2010.05.21 20:41:04 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.05.20 20:46:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010.05.20 19:39:29 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\Documents\Visual Studio 2008
[2010.05.20 19:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 9.0
[2010.05.20 19:38:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Merge Modules
[2010.05.20 19:38:12 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SDKs
[2010.05.20 19:38:07 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 9.0
[2010.05.20 19:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\aliaswavefront shared
[2010.05.20 19:17:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Alias Shared
[2010.05.20 19:07:10 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\Desktop\GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}
[2010.05.20 18:55:26 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.05.16 20:32:41 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.05.16 20:32:41 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.05.16 20:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services
[2010.05.16 20:32:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.05.16 20:32:20 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\Documents\Visual Studio 2010
[2010.05.16 20:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 10.0
[2010.05.16 20:31:38 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2010.05.16 20:31:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 10.0
[2010.05.16 20:31:38 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Help Viewer
[2010.05.16 20:14:55 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.05.16 20:14:55 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.05.16 20:14:55 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.05.16 20:14:55 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.05.16 20:14:55 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.05.16 20:14:55 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.05.16 20:14:55 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.05.16 20:14:55 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.05.14 02:59:42 | 000,005,632 | ---- | C] (EnTech Taiwan) -- C:\Windows\SysNative\drivers\pstrip64.sys
[2010.05.14 02:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PowerStrip
[2010.05.13 17:28:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audacity
[2010.05.13 17:17:02 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\Documents\Sony-Medienbibliotheken
[2010.05.13 17:17:00 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\AppData\Roaming\Publish Providers
[2010.05.13 17:16:57 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\AppData\Local\Sony
[2010.05.13 17:13:03 | 000,033,340 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbmsqlgc.dll
[2010.05.13 17:13:03 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dbmsgnet.dll
[2010.05.13 17:13:03 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cliconfg.728
[2010.05.13 17:13:02 | 000,306,688 | ---- | C] (InstallShield Software Corporation) -- C:\Windows\IsUninst.exe
[2010.05.13 17:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server
[2010.05.13 17:12:46 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\AppData\Roaming\Sony
[2010.05.13 17:12:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vstplugins
[2010.05.13 17:12:10 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010.05.13 17:12:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.05.13 17:12:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010.05.13 17:11:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2010.05.13 15:51:09 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\Documents\Anke
[2010.05.12 16:58:15 | 000,000,000 | ---D | C] -- C:\Users\Sc4v\AppData\Local\Diagnostics
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.08 20:18:44 | 003,407,872 | -HS- | M] () -- C:\Users\Sc4v\ntuser.dat
[2010.06.08 17:50:04 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.08 17:50:04 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.08 17:49:19 | 001,671,622 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.06.08 17:49:19 | 000,716,670 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.06.08 17:49:19 | 000,671,988 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.06.08 17:49:19 | 000,156,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.06.08 17:49:19 | 000,129,300 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.06.08 17:45:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.08 17:44:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.08 17:44:58 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010.06.08 00:27:57 | 004,902,678 | -H-- | M] () -- C:\Users\Sc4v\AppData\Local\IconCache.db
[2010.06.07 22:07:43 | 002,717,096 | ---- | M] (Acronis) -- C:\Windows\SysNative\auto_reactivate.exe
[2010.06.07 21:44:33 | 000,250,400 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\afcdp.sys
[2010.06.07 21:44:32 | 001,455,648 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm251.sys
[2010.06.07 21:44:31 | 000,929,312 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.06.07 21:44:26 | 000,254,496 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snapman.sys
[2010.06.07 21:44:26 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2010.06.07 21:44:26 | 000,001,141 | ---- | M] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2010.06.07 20:48:54 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.07 20:45:35 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\Sc4v\Desktop\OTL.exe
[2010.06.03 19:07:09 | 000,001,456 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2010.05.31 22:54:48 | 000,000,000 | ---- | M] () -- C:\Users\Sc4v\AppData\Roaming\chrtmp
[2010.05.31 11:47:12 | 000,378,606 | ---- | M] () -- C:\Users\Sc4v\Documents\poo.png
[2010.05.31 11:41:42 | 011,223,307 | ---- | M] () -- C:\Users\Sc4v\Documents\poo.sc1
[2010.05.28 15:52:50 | 000,002,106 | ---- | M] () -- C:\Users\Sc4v\Desktop\Blender.lnk
[2010.05.24 01:16:24 | 000,000,509 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2010.05.24 01:16:24 | 000,000,509 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2010.05.24 01:16:12 | 000,000,252 | ---- | M] () -- C:\Windows\game.ini
[2010.05.24 00:19:30 | 003,020,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.24 00:18:01 | 000,000,761 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2010.05.23 22:56:11 | 000,000,649 | ---- | M] () -- C:\Users\Sc4v\Desktop\FlatOut2.lnk
[2010.05.23 18:58:03 | 000,109,224 | ---- | M] () -- C:\Users\Sc4v\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.23 18:49:18 | 000,000,681 | ---- | M] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2010.05.21 20:44:39 | 000,001,139 | ---- | M] () -- C:\Users\Sc4v\Desktop\Adobe Photoshop CS4.lnk
[2010.05.21 16:25:31 | 000,008,230 | ---- | M] () -- C:\Users\Sc4v\Screenshot.jpg
[2010.05.20 21:07:02 | 000,524,288 | -HS- | M] () -- C:\Users\Sc4v\ntuser.dat{24e15357-6439-11df-842a-fbb0a49bb293}.TMContainer00000000000000000002.regtrans-ms
[2010.05.20 21:07:02 | 000,524,288 | -HS- | M] () -- C:\Users\Sc4v\ntuser.dat{24e15357-6439-11df-842a-fbb0a49bb293}.TMContainer00000000000000000001.regtrans-ms
[2010.05.20 21:07:02 | 000,065,536 | -HS- | M] () -- C:\Users\Sc4v\ntuser.dat{24e15357-6439-11df-842a-fbb0a49bb293}.TM.blf
[2010.05.20 20:46:38 | 000,001,174 | ---- | M] () -- C:\Users\Sc4v\Desktop\Microsoft Visual C++ 2008 Express Edition.lnk
[2010.05.16 20:31:36 | 001,648,756 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.16 18:50:13 | 000,001,144 | ---- | M] () -- C:\Users\Sc4v\Desktop\DarthMod Ultimate Commander.lnk
[2010.05.14 01:18:28 | 000,000,205 | ---- | M] () -- C:\Users\Sc4v\Desktop\Counter-Strike.url
[2010.05.13 17:28:58 | 000,000,945 | ---- | M] () -- C:\Users\Sc4v\Desktop\Audacity.lnk
[2010.05.13 17:16:37 | 000,002,588 | ---- | M] () -- C:\Users\Sc4v\Documents\Vegas registrieren.htm
[2010.05.13 17:13:03 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\cliconfg.728
[2010.05.13 17:12:13 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Vegas 7.0.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.06.07 21:44:26 | 000,002,215 | ---- | C] () -- C:\Users\Public\Desktop\Acronis One-Click Backup.lnk
[2010.06.07 21:44:26 | 000,001,141 | ---- | C] () -- C:\Users\Public\Desktop\Acronis True Image Home 2010.lnk
[2010.06.07 20:48:54 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.31 22:54:48 | 000,000,000 | ---- | C] () -- C:\Users\Sc4v\AppData\Roaming\chrtmp
[2010.05.31 11:41:41 | 011,223,307 | ---- | C] () -- C:\Users\Sc4v\Documents\poo.sc1
[2010.05.31 11:41:33 | 000,378,606 | ---- | C] () -- C:\Users\Sc4v\Documents\poo.png
[2010.05.28 15:52:50 | 000,002,106 | ---- | C] () -- C:\Users\Sc4v\Desktop\Blender.lnk
[2010.05.24 01:16:24 | 000,000,509 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Mehrspieler.lnk
[2010.05.24 01:16:24 | 000,000,509 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 2 - Einzelspieler.lnk
[2010.05.24 00:18:01 | 000,000,761 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2010.05.23 22:56:12 | 000,000,649 | ---- | C] () -- C:\Users\Sc4v\Desktop\FlatOut2.lnk
[2010.05.23 18:49:18 | 000,000,681 | ---- | C] () -- C:\Users\Public\Desktop\Age of Empires II.lnk
[2010.05.23 17:35:00 | 000,003,584 | -HS- | C] () -- C:\Users\Sc4v\Thumbs.db
[2010.05.21 20:44:39 | 000,001,139 | ---- | C] () -- C:\Users\Sc4v\Desktop\Adobe Photoshop CS4.lnk
[2010.05.21 16:25:31 | 000,008,230 | ---- | C] () -- C:\Users\Sc4v\Screenshot.jpg
[2010.05.21 16:03:02 | 002,200,064 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics-d.dll
[2010.05.21 16:03:02 | 001,207,296 | ---- | C] () -- C:\Windows\SysWow64\sfml-graphics.dll
[2010.05.21 16:03:02 | 000,325,120 | ---- | C] () -- C:\Windows\SysWow64\libsndfile-1.dll
[2010.05.21 16:03:02 | 000,294,400 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio-d.dll
[2010.05.21 16:03:02 | 000,270,848 | ---- | C] () -- C:\Windows\SysWow64\sfml-network-d.dll
[2010.05.21 16:03:02 | 000,199,168 | ---- | C] () -- C:\Windows\SysWow64\sfml-window-d.dll
[2010.05.21 16:03:02 | 000,153,088 | ---- | C] () -- C:\Windows\SysWow64\sfml-system-d.dll
[2010.05.21 16:03:02 | 000,089,600 | ---- | C] () -- C:\Windows\SysWow64\sfml-audio.dll
[2010.05.21 16:03:02 | 000,081,408 | ---- | C] () -- C:\Windows\SysWow64\sfml-network.dll
[2010.05.21 16:00:38 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\sfml-window.dll
[2010.05.21 16:00:38 | 000,034,816 | ---- | C] () -- C:\Windows\SysWow64\sfml-system.dll
[2010.05.20 21:46:01 | 000,034,816 | ---- | C] () -- C:\Windows\SysNative\sfml-system.dll
[2010.05.20 20:46:38 | 000,001,174 | ---- | C] () -- C:\Users\Sc4v\Desktop\Microsoft Visual C++ 2008 Express Edition.lnk
[2010.05.20 20:15:24 | 000,524,288 | -HS- | C] () -- C:\Users\Sc4v\ntuser.dat{24e15357-6439-11df-842a-fbb0a49bb293}.TMContainer00000000000000000002.regtrans-ms
[2010.05.20 20:15:24 | 000,524,288 | -HS- | C] () -- C:\Users\Sc4v\ntuser.dat{24e15357-6439-11df-842a-fbb0a49bb293}.TMContainer00000000000000000001.regtrans-ms
[2010.05.20 20:15:24 | 000,065,536 | -HS- | C] () -- C:\Users\Sc4v\ntuser.dat{24e15357-6439-11df-842a-fbb0a49bb293}.TM.blf
[2010.05.13 17:28:58 | 000,000,945 | ---- | C] () -- C:\Users\Sc4v\Desktop\Audacity.lnk
[2010.05.13 17:16:37 | 000,002,588 | ---- | C] () -- C:\Users\Sc4v\Documents\Vegas registrieren.htm
[2010.05.13 17:12:13 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Vegas 7.0.lnk
[2010.05.13 15:15:58 | 000,001,144 | ---- | C] () -- C:\Users\Sc4v\Desktop\DarthMod Ultimate Commander.lnk
[2010.05.11 15:22:52 | 000,000,205 | ---- | C] () -- C:\Users\Sc4v\Desktop\Counter-Strike.url
[2010.05.04 12:31:27 | 001,648,756 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.19 23:38:56 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.04.19 21:50:31 | 000,000,252 | ---- | C] () -- C:\Windows\game.ini
[2010.04.19 16:47:36 | 000,001,456 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2010.04.17 17:18:08 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[1997.06.14 10:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll
< End of report >
         
--- --- ---


Alt 08.06.2010, 21:07   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
'C:\Users\***\AppData\Roaming\install\svchost.exe' - Standard

'C:\Users\***\AppData\Roaming\install\svchost.exe'



Logs sind nun unauffällig. Warum hast Du Acronis drauf, nutzt Du das Tool auch? Wer aktuelle Images hat, kann sein System schnell mit diesen Recovern und es wie es vorher einmal war (wenn hoffentlich das Image erstellt wurde, als noch keine Viren drauf waren)

Noch Funde in der Zwischenzeit oder ist der Rechner nun wieder ok?
__________________
--> 'C:\Users\***\AppData\Roaming\install\svchost.exe'

Alt 08.06.2010, 23:57   #7
Sc4v
 
'C:\Users\***\AppData\Roaming\install\svchost.exe' - Standard

'C:\Users\***\AppData\Roaming\install\svchost.exe'



hi
alles normal also keine Funde mehr.

Ich habe wie bereits gesagt ne Menge gegoogelt und habe mir direkt gestern die Testversion von Acronis besorgt und heute auch ein Image erstellt. Ich nehme an ich kann dieses Image nun auch problemlos benutzen.
Habe fest vor Acronis noch diese Woche zu kaufen um mich mit weniger "Angst" bewegen zu können.

Ich danke vielmals für die großartige Hilfe und hoffe hier so schnell keinen Post mehr erstellen zu müssen (nicht böse gemeint :P )

Sc4v

Antwort

Themen zu 'C:\Users\***\AppData\Roaming\install\svchost.exe'
antivir, antivir guard, avg, avira, bho, bitte um hilfe, browser, cdburnerxp, desktop, firefox, google, hijack, hijackthis, hijackthis log, internet, internet explorer, maleware, mozilla, mssql, plug-ins, programm, senden, sicherheit, software, svchost.exe, syswow64, trojan, usb, usb 3.0, virus, windows, windows 7 64bit, windowsprogramm



Ähnliche Themen: 'C:\Users\***\AppData\Roaming\install\svchost.exe'


  1. C:\Users\didi\AppData\Roaming\skype.dat
    Log-Analyse und Auswertung - 30.09.2013 (2)
  2. Bitdefender stoppt C:\Users\S*****\AppData\Roaming\Prapproxy32.exe
    Log-Analyse und Auswertung - 23.08.2013 (21)
  3. 'C:\Users\...\Appdata\Roaming\KBDJPNH.dll' und anderer Virus
    Plagegeister aller Art und deren Bekämpfung - 03.04.2013 (11)
  4. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  5. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  6. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  7. Viren in C:\Users\***\AppData\Roaming\BAcroIEHelpe*.dll
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (5)
  8. TR/Ransom.EB.28 in C:\Users\***\AppData\Roaming\Microsoft\torrent.exe
    Log-Analyse und Auswertung - 30.07.2012 (8)
  9. TR/Dropper.VB.Gen in C:\Users\Julia\AppData\Roaming... gefunden
    Log-Analyse und Auswertung - 07.07.2012 (2)
  10. Sonderbare Ordner in C:\users\.......\appData\Roaming
    Log-Analyse und Auswertung - 05.03.2012 (9)
  11. c:\Users\Name\AppData\Roaming\acroiehelpe050.dll
    Log-Analyse und Auswertung - 05.12.2011 (15)
  12. C:\Users\***\AppData\Roaming\Netwin\busatl.exe entfernen?
    Plagegeister aller Art und deren Bekämpfung - 03.12.2011 (41)
  13. TR/Spy.Banker.iuq.3 in C:\Users\Username\AppData\Roaming\appconf32.exe
    Plagegeister aller Art und deren Bekämpfung - 06.11.2011 (11)
  14. Trojan.Gen in C:\Users\***\AppData\Roaming\default\svchost.exe
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (7)
  15. C:\Users\***\AppData\Roaming\windat\svchost.exe TR/Dropper.Gen
    Plagegeister aller Art und deren Bekämpfung - 23.07.2010 (1)
  16. TR/Spy.Zb.aaw.14997 in C:\Users\ICH\appdata\Roaming\...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (17)
  17. Users/***/Appdata/Roaming/Winlogon.exe
    Log-Analyse und Auswertung - 04.07.2010 (7)

Zum Thema 'C:\Users\***\AppData\Roaming\install\svchost.exe' - Hallo alle miteinander! Habe eben meinen PC (Windows 7 64bit) gestartet und mein Avira Antivir Personal hat mir sofort Maleware gemeldet! Ich habe wirklich keine Ahnung wo ich ihn mir - 'C:\Users\***\AppData\Roaming\install\svchost.exe'...
Archiv
Du betrachtest: 'C:\Users\***\AppData\Roaming\install\svchost.exe' auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.