Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Ist mein System clean ?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 19.08.2010, 15:16   #1
Seeb123
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Hallo erstmal ,
Ich habe seit ungefähr 3 Monaten einen neuen Rechner und wollte mal eben wissen ob sich vielleicht inzwischen irgendwie was eingeschlichen hat.
Meines Wissens nach sollte alles clean sein aber Sicherheit geht eben vor
Hier ist mein HijackThis Log
Vielen dank Leute

HiJackthis Logfile:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:44, on 19.08.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Program Files (x86)\RocketDock 2\RocketDock2.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
D:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
D:\Programme (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
D:\Program Files (x86)\Razer\Lycosa\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Users\*\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\*\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\*\Desktop\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von ARLT Computer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
R3 - URLSearchHook: (no name) -  - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL
O3 - Toolbar: softonic-de3 Toolbar - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avgnt] "D:\Programme (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [Lycosa] "D:\Program Files (x86)\Razer\Lycosa\razerhid.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [RocketDock] "D:\Program Files (x86)\RocketDock 2\RocketDock2.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
O4 - HKLM\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\install\svhost.exe
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Windows\system32\install\svhost.exe
O4 - Startup: Stardock ObjectDock.lnk = D:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - D:\Programme (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - D:\Programme (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Unsigned Themes (UnsignedThemes) - The Within Network, LLC - C:\Windows\UnsignedThemesSvc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10895 bytes
         
--- --- ---

Alt 19.08.2010, 19:38   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 21.08.2010, 01:09   #3
Seeb123
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Okay habe alles nach Anweisung befolgt:
Hier der vollständige Malwarebyte-Log ,
wobei tatsächlich 9 Funde kamen .. wow

Malwarebyte-Log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4453

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.08.2010 01:46:29
mbam-log-2010-08-21 (01-46-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 335509
Laufzeit: 1 Stunde(n), 5 Minute(n), 14 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 9

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{87qsbnig-b06w-8woo-354v-ly5d83gu0tx5} (Generic.Bot.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{m0753dwy-51bp-4awk-1i77-56y85646m5s3} (Generic.Bot.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{147a976f-eee1-4377-8ea7-4716e4cdd239} (Adware.MyWebSearch) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\policies (Backdoor.Agent) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\*\Desktop\phoenix\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> No action taken.
C:\Users\*\Desktop\phoenix\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> No action taken.
C:\Users\*\Downloads\Phx_data\Res\EmuCfg.exe (Trojan.Agent) -> No action taken.
C:\Users\*\Downloads\Phx_data\Res\GCFMgr.exe (Trojan.Agent) -> No action taken.
C:\Users\*\AppData\Roaming\cglogs.dat (Malware.Trace) -> No action taken.
C:\Users\*\AppData\Local\Temp\MSN.abc (Malware.Trace) -> No action taken.
C:\Users\*\AppData\Local\Temp\UuU.uUu (Malware.Trace) -> No action taken.
C:\Users\*\AppData\Local\Temp\XxX.xXx (Malware.Trace) -> No action taken.
C:\Users\*\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken.


_______________
Hier ist der erste OTL-Log (OTL.txt) :OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.08.2010 01:52:27 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\*\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 69,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 368,18 Gb Free Space | 73,64% Space Free | Partition Type: NTFS
Drive D: | 897,26 Gb Total Space | 700,88 Gb Free Space | 78,11% Space Free | Partition Type: NTFS
Drive E: | 6,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *
Current User Name: *
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\*\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - D:\Programme (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - D:\Programme (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Programme (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe (ROCCAT)
PRC - D:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
PRC - D:\Program Files (x86)\RocketDock 2\RocketDock2.exe ()
PRC - D:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\*\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\rsaenh.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\slc.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\RpcRtRemote.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\ntshrui.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\mssprxy.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\linkinfo.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (FLEXnet Licensing Service 64) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV:64bit: - (UmRdpService) -- C:\Windows\SysNative\umrdp.dll (Microsoft Corporation)
SRV:64bit: - (PeerDistSvc) -- C:\Windows\SysNative\PeerDistSvc.dll (Microsoft Corporation)
SRV:64bit: - (CscService) -- C:\Windows\SysNative\cscsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (AntiVirService) -- D:\Programme (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (AntiVirSchedulerService) -- D:\Programme (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (UnsignedThemes) -- C:\Windows\UnsignedThemesSvc.exe (The Within Network, LLC)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (uxpatch) -- C:\Windows\SysNative\drivers\uxpatch.sys File not found
DRV:64bit: - (nmserial) -- C:\Windows\SysNative\DRIVERS\nmserial.sys File not found
DRV:64bit: - (NmPar) -- C:\Windows\SysNative\DRIVERS\NmPar.sys File not found
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (adp3132) -- C:\Windows\SysNative\drivers\adp3132.sys (Adaptec, Inc.)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (nvamacpi) -- C:\Windows\SysNative\drivers\nvamacpi.sys (NVIDIA Corporation)
DRV:64bit: - (MtsHID) -- C:\Windows\SysNative\drivers\MtsHID.sys (TechniSat Provide)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (vmbus) -- C:\Windows\SysNative\drivers\vmbus.sys (Microsoft Corporation)
DRV:64bit: - (storflt) -- C:\Windows\SysNative\drivers\vmstorfl.sys (Microsoft Corporation)
DRV:64bit: - (storvsc) -- C:\Windows\SysNative\drivers\storvsc.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (s3cap) -- C:\Windows\SysNative\drivers\vms3cap.sys (Microsoft Corporation)
DRV:64bit: - (VMBusHID) -- C:\Windows\SysNative\drivers\VMBusHID.sys (Microsoft Corporation)
DRV:64bit: - (CSC) -- C:\Windows\SysNative\drivers\csc.sys (Microsoft Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (ahcix64s) -- C:\Windows\SysNative\drivers\ahcix64s.sys (Advanced Micro Devices, Inc)
DRV:64bit: - (PciIsaSerial) -- C:\Windows\SysNative\drivers\PciIsaSerial.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (PciPPorts) -- C:\Windows\SysNative\drivers\PciPPorts.sys ()
DRV:64bit: - (PciSPorts) -- C:\Windows\SysNative\drivers\PciSPorts.sys ()
DRV:64bit: - (SPorts) -- C:\Windows\SysNative\drivers\SPorts.sys ()
DRV:64bit: - (PPorts) -- C:\Windows\SysNative\drivers\PPorts.sys ()
DRV:64bit: - (ISASerial) -- C:\Windows\SysNative\drivers\ISASerial.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices)
DRV - (uxpatch) -- C:\Windows\SysWOW64\drivers\uxpatch.sys ()
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 C0 F0 89 52 2B CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar BHO) - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {FE063DB9-4EC0-403E-8DD8-394C54984B2C} - C:\Program Files (x86)\AskTBar\bar\1.bin\ASKTBAR.DLL (Ask.com)
O4 - HKLM..\Run: [avgnt] D:\Programme (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [Lycosa] D:\Program Files (x86)\Razer\Lycosa\razerhid.exe (Razer USA Ltd.)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [RocketDock] D:\Program Files (x86)\RocketDock 2\RocketDock2.exe ()
O4 - HKCU..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = D:\Program Files (x86)\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007.03.07 05:31:42 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007.02.25 06:23:24 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.03.02 11:31:43 | 000,162,880 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O33 - MountPoints2\{94176ca7-94ec-11df-94e3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{94176ca7-94ec-11df-94e3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2007.03.02 11:31:43 | 000,162,880 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.21 01:06:55 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\AliensVsPredator
[2010.08.21 00:32:17 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2010.08.21 00:30:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Malwarebytes
[2010.08.21 00:29:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.08.21 00:29:58 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.08.21 00:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.21 00:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.08.19 22:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aliens Vs Predator
[2010.08.19 22:13:22 | 000,000,000 | ---D | C] -- C:\Users\*\Desktop\phoenix
[2010.08.18 03:33:57 | 000,000,000 | ---D | C] -- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
[2010.08.18 03:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Netdevil
[2010.08.17 23:31:52 | 000,000,000 | ---D | C] -- C:\Programme\WMV9_VCM
[2010.08.17 23:26:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\1C Company
[2010.08.17 22:26:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\{0691F710-1ECA-4B5A-9727-25554F1BFDC6}
[2010.08.17 22:11:15 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Aspyr
[2010.08.17 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Bioshock
[2010.08.17 22:08:25 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Bioshock
[2010.08.17 21:01:18 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Red Alert 3
[2010.08.17 20:03:43 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Red Alert 3
[2010.08.16 16:07:18 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Games for Windows - LIVE Demos
[2010.08.16 02:36:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live Safety Center
[2010.08.16 02:24:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer
[2010.08.16 00:56:27 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Adobe Scripts
[2010.08.14 15:21:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Apple Computer
[2010.08.14 15:21:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Apple Computer
[2010.08.14 15:20:45 | 000,126,312 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\GEARAspi64.dll
[2010.08.14 15:20:45 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysWow64\GEARAspi.dll
[2010.08.14 15:20:44 | 000,034,152 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2010.08.14 15:20:44 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.08.14 15:20:35 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.08.14 15:20:34 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.08.14 15:20:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010.08.14 15:20:34 | 000,000,000 | ---D | C] -- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2010.08.14 15:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2010.08.14 15:19:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2010.08.14 15:18:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2010.08.14 15:18:31 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Apple
[2010.08.14 15:18:23 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.08.14 15:18:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010.08.14 15:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2010.08.12 01:47:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\vlc
[2010.08.12 01:46:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.08.11 19:26:37 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.11 19:26:37 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.11 19:26:37 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.11 19:26:33 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.11 19:26:33 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.11 19:26:33 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.11 19:26:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.11 19:26:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.11 19:26:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.11 19:26:25 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.11 19:26:25 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.11 19:26:24 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.11 12:48:27 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Disney Interactive Studios
[2010.08.10 02:06:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\M3 GAME Manager
[2010.08.10 01:38:59 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\skypePM
[2010.08.10 01:38:06 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Skype
[2010.08.10 01:37:53 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.08.10 01:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.08.10 01:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.08.08 22:07:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.08.08 22:07:52 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Mozilla
[2010.08.08 22:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.08.08 22:07:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\ICQ
[2010.08.08 22:07:46 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\AOL
[2010.08.08 22:07:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.2
[2010.08.08 18:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\softonic-de3
[2010.08.08 18:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010.08.07 22:55:58 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\NDS SYSTEM
[2010.08.07 22:23:40 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\PhotoScape
[2010.08.07 22:23:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape
[2010.08.06 16:58:12 | 000,332,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll.backup
[2010.08.06 16:58:11 | 002,851,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll.backup
[2010.08.06 16:58:09 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\themeservice.dll.backup
[2010.08.05 11:52:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\bizarre creations
[2010.08.05 11:21:51 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010.08.05 11:21:51 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010.08.05 11:21:51 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010.08.05 11:21:51 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010.08.05 11:21:51 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010.08.05 11:21:51 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010.08.05 11:21:51 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010.08.05 11:21:51 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010.08.05 11:21:50 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010.08.05 11:21:50 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010.08.05 11:21:49 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010.08.05 11:21:49 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010.08.05 11:21:46 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010.08.05 11:21:46 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010.08.05 11:21:46 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010.08.05 11:21:46 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010.08.05 11:17:51 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.08.05 10:56:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Publish Providers
[2010.08.05 10:55:57 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.08.05 10:55:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Sony
[2010.08.05 10:55:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Sony
[2010.08.05 10:55:57 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\My Videos
[2010.08.05 10:53:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2010.08.05 10:53:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010.08.05 10:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony Setup
[2010.08.04 15:24:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.08.04 00:15:34 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2010.08.04 00:15:21 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Bioshock2
[2010.08.04 00:15:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Bioshock2
[2010.08.04 00:13:31 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2010.08.04 00:13:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2010.08.03 19:39:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Futuremark
[2010.08.03 18:13:06 | 000,000,000 | ---D | C] -- C:\Windows\45235788142C44BE8A4DDDE9A84492E5.TMP
[2010.08.03 09:52:33 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\NeroVision
[2010.08.03 09:51:22 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Ahead
[2010.08.03 09:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Ahead
[2010.08.03 09:50:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Ahead
[2010.08.03 09:49:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AskTBar
[2010.08.03 09:41:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Ahead
[2010.08.03 09:41:10 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Nero
[2010.08.03 09:40:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.08.03 09:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.08.03 09:40:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010.08.02 20:30:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010.08.02 20:19:54 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Apple
[2010.08.02 20:19:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2010.08.02 01:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickPar
[2010.08.02 01:04:11 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.08.02 01:04:06 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\DVDVideoSoft
[2010.08.02 01:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.08.02 01:04:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.08.01 23:56:10 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Vitalwerks
[2010.08.01 23:56:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2010.08.01 20:55:06 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\StarCraft II
[2010.08.01 20:55:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Blizzard Entertainment
[2010.08.01 20:55:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Blizzard Entertainment
[2010.08.01 18:56:34 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\CircleDock
[2010.07.29 23:22:31 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Criterion Games
[2010.07.29 14:28:08 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Singularity
[2010.07.29 14:28:02 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\NVIDIA
[2010.07.29 14:00:53 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2010.07.29 14:00:53 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2010.07.29 14:00:53 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2010.07.29 14:00:53 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2010.07.29 14:00:53 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2010.07.29 14:00:53 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2010.07.29 14:00:52 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2010.07.29 13:59:44 | 000,000,000 | ---D | C] -- C:\Windows\E10DB5DAE57640EAA7FC1CB2A7B283A6.TMP
[2010.07.29 13:59:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2010.07.27 22:11:30 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\My Games
[2010.07.26 23:57:46 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2010.07.26 23:48:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2010.07.26 23:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2010.07.26 23:38:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Metro2033
[2010.07.26 23:16:37 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Meine empfangenen Dateien
[2010.07.26 15:38:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QS
[2010.07.26 15:38:13 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\TeamViewer
[2010.07.26 15:16:45 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2010.07.26 12:46:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.07.26 12:46:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.07.26 12:46:09 | 000,423,656 | ---- | C] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010.07.26 12:46:09 | 000,153,376 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010.07.26 12:46:09 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010.07.26 12:46:09 | 000,145,184 | ---- | C] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010.07.26 12:46:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.07.24 23:48:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2010.07.24 23:44:17 | 000,000,000 | ---D | C] -- C:\Users\B*\Documents\Adobe
[2010.07.24 21:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2010.07.24 21:31:57 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Stardock
[2010.07.24 21:31:57 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Stardock
[2010.07.24 21:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Stardock
[2010.07.24 21:30:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Stardock
[2010.07.24 21:30:00 | 000,000,000 | ---D | C] -- C:\Programme\Adobe
[2010.07.24 21:27:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2010.07.24 21:27:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Media Player
[2010.07.24 21:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010.07.24 21:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2010.07.24 21:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Macrovision Shared
[2010.07.24 21:26:06 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Adobe
[2010.07.24 19:49:23 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\ImgBurn
[2010.07.24 19:43:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ImgBurn
[2010.07.24 19:26:58 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\WBFSManager
[2010.07.24 19:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WBFS Manager 3.0
[2010.07.24 19:25:07 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\WBFS Manager Covers
[2010.07.24 19:25:07 | 000,000,000 | ---D | C] -- C:\Programme\WBFS
[2010.07.24 18:45:07 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Electronic Arts
[2010.07.24 18:45:03 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Electronic Arts
[2010.07.24 17:40:16 | 007,401,472 | ---- | C] (Vivox Inc.) -- C:\Windows\SysNative\vivoxsdk.dll
[2010.07.24 17:12:49 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2010.07.24 17:08:04 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Command and Conquer 4
[2010.07.24 10:57:24 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\wii sd
[2010.07.24 00:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010.07.23 23:59:53 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Criterion Games
[2010.07.23 23:59:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Local\Downloaded Installations
[2010.07.23 23:30:29 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\My Spore Creations
[2010.07.23 23:30:14 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\Spore
[2010.07.23 18:58:13 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2010.07.23 01:33:51 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010.07.23 01:33:51 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010.07.23 01:33:51 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010.07.23 01:33:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010.07.23 01:33:51 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010.07.23 01:33:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010.07.23 01:33:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010.07.23 01:33:51 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010.07.23 01:33:44 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.07.23 00:37:18 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\Prototype
[2010.07.22 21:14:22 | 000,000,000 | ---D | C] -- C:\Users\*\Documents\BFBC2
[2010.07.22 21:12:03 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\WinRAR
[2010.07.22 21:11:39 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.07.22 20:46:22 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\DAEMON Tools Lite
[2010.07.22 20:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2010.07.22 20:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Razer
[2010.07.22 20:19:44 | 000,065,536 | ---- | C] (Razer Inc.) -- C:\Windows\SysWow64\Lycosa.cpl
[2010.07.22 20:19:21 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\InstallShield
[2010.07.22 19:44:48 | 000,000,000 | ---D | C] -- C:\Users\*\AppData\Roaming\uTorrent
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.21 01:53:02 | 002,359,296 | -HS- | M] () -- C:\Users\*\ntuser.dat
[2010.08.21 00:32:16 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\*\Desktop\OTL.exe
[2010.08.20 22:27:37 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.20 22:27:37 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.20 22:25:54 | 003,099,030 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.20 22:25:54 | 000,685,294 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2010.08.20 22:25:54 | 000,684,340 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2010.08.20 22:25:54 | 000,645,502 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.20 22:25:54 | 000,607,530 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.20 22:25:54 | 000,134,044 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2010.08.20 22:25:54 | 000,127,410 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2010.08.20 22:25:54 | 000,126,822 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.20 22:25:54 | 000,103,908 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.20 22:19:33 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.20 22:19:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.20 22:19:27 | 2145,947,647 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.19 22:49:03 | 004,012,321 | -H-- | M] () -- C:\Users\*\AppData\Local\IconCache.db
[2010.08.19 14:15:59 | 000,007,168 | -H-- | M] () -- C:\Users\*\Desktop\photothumb.db
[2010.08.18 05:18:14 | 000,524,288 | -HS- | M] () -- C:\Users\*\ntuser.dat{291babf0-aa02-11df-b125-002618fb9f27}.TMContainer00000000000000000002.regtrans-ms
[2010.08.18 05:18:14 | 000,524,288 | -HS- | M] () -- C:\Users\*\ntuser.dat{291babf0-aa02-11df-b125-002618fb9f27}.TMContainer00000000000000000001.regtrans-ms
[2010.08.18 05:18:14 | 000,065,536 | -HS- | M] () -- C:\Users\*\ntuser.dat{291babf0-aa02-11df-b125-002618fb9f27}.TM.blf
[2010.08.17 22:22:44 | 000,012,230 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010.08.15 14:53:05 | 002,878,064 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.14 19:46:20 | 000,059,120 | ---- | M] () -- C:\Users\*\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.10 01:38:59 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.08.06 16:58:12 | 000,332,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll
[2010.08.06 16:58:11 | 002,851,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\themeui.dll
[2010.08.05 10:55:38 | 000,002,484 | ---- | M] () -- C:\Users\*\Documents\Register Vegas Pro.htm
[2010.08.03 09:45:46 | 000,000,039 | ---- | M] () -- C:\Windows\Irremote.ini
[2010.08.02 01:13:41 | 000,002,879 | -H-- | M] () -- C:\Users\*\AppData\Roaming\Bastilog.dat
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.07.26 15:17:44 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010.07.26 12:46:03 | 000,423,656 | ---- | M] (Oracle) -- C:\Windows\SysWow64\deployJava1.dll
[2010.07.26 12:46:03 | 000,153,376 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaws.exe
[2010.07.26 12:46:03 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\javaw.exe
[2010.07.26 12:46:03 | 000,145,184 | ---- | M] (Oracle) -- C:\Windows\SysWow64\java.exe
[2010.07.24 21:31:57 | 000,000,911 | ---- | M] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010.07.22 20:47:13 | 000,834,544 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.19 14:15:59 | 000,007,168 | -H-- | C] () -- C:\Users\*\Desktop\photothumb.db
[2010.08.17 15:20:24 | 000,524,288 | -HS- | C] () -- C:\Users\*\ntuser.dat{291babf0-aa02-11df-b125-002618fb9f27}.TMContainer00000000000000000002.regtrans-ms
[2010.08.17 15:20:24 | 000,524,288 | -HS- | C] () -- C:\Users\*\ntuser.dat{291babf0-aa02-11df-b125-002618fb9f27}.TMContainer00000000000000000001.regtrans-ms
[2010.08.17 15:20:24 | 000,065,536 | -HS- | C] () -- C:\Users\*\ntuser.dat{291babf0-aa02-11df-b125-002618fb9f27}.TM.blf
[2010.08.10 01:38:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.08.05 10:55:38 | 000,002,484 | ---- | C] () -- C:\Users\*\Documents\Register Vegas Pro.htm
[2010.08.03 09:41:04 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.07.26 15:17:44 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2010.07.24 21:31:57 | 000,000,911 | ---- | C] () -- C:\Users\*\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
[2010.07.23 23:59:28 | 000,012,230 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2010.07.22 20:47:13 | 000,834,544 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.07.21 23:55:39 | 000,021,504 | ---- | C] () -- C:\Windows\jestertb.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.07.13 01:07:46 | 000,025,448 | ---- | C] () -- C:\Windows\SysWow64\drivers\uxpatch.sys
[2005.11.05 07:23:08 | 000,002,879 | -H-- | C] () -- C:\Users\Basti\AppData\Roaming\Bastilog.dat
 
========== Files - Unicode (All) ==========
[2010.08.21 01:20:11 | 000,000,000 | ---D | M](C:\Users\*\Desktop\?) -- C:\Users\*\Desktop\♥
[2010.08.16 02:01:08 | 000,000,000 | ---D | C](C:\Users\*\Desktop\?) -- C:\Users\*\Desktop\♥
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
< End of report >
         
--- --- ---

______________

2OTL-Log : (Extras.txt):OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.08.2010 01:52:28 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\*\Desktop
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 69,00% Memory free
16,00 Gb Paging File | 13,00 Gb Available in Paging File | 84,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 500,00 Gb Total Space | 368,18 Gb Free Space | 73,64% Space Free | Partition Type: NTFS
Drive D: | 897,26 Gb Total Space | 700,88 Gb Free Space | 78,11% Space Free | Partition Type: NTFS
Drive E: | 6,20 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: *
Current User Name: *
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\*\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8F790958-2107-48F2-88E0-B352A0C225AB}" = iTunes
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0DFD3F5C-DE64-442B-B3B7-37745D92AD6A}" = CNC4 Offline Patch
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Activision(R)
"{411F3ABA-2AB5-4799-AA19-6ADF0A8F7424}" = Adobe Setup
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7353BAE6-5E49-46C4-A9B5-8A269A313789}" = Crysis WARHEAD(R)
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82696435-8572-4D8B-A230-D1AA567D0F0F}" = Command & Conquer™ 4 Tiberian Twilight
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Ultra Edition
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout(TM) Paradise The Ultimate Box
"{9B88DD94-1AAE-41C4-BD95-2D8737D5E9E2}" = Watson
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C40C3C3D-97CF-44B5-836C-766E374464B3}" = 3DMark Vantage
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E0FA1DC5-FEBF-4E7B-8FA3-DB94233E952D}" = Razer Lycosa
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe_3dcb365ab9e01871fb8c6f27b0ea079" = Adobe After Effects CS4
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
"AskTBar Uninstall" = Ask Toolbar
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"Crysis WARHEAD(R)" = Crysis WARHEAD(R)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7
"ICQToolbar" = ICQ Toolbar
"ImgBurn" = ImgBurn
"InstallShield_{3FAD68D9-1FA1-4871-9ADF-9151D969E943}" = Singularity(TM)
"M3 GAME Manager" = M3 GAME Manager Uninstall
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"NoIPDUC" = No-IP DUC
"ObjectDock" = ObjectDock
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"QuickPar" = QuickPar 0.9
"RocketDock_is1" = RocketDock 1.3.5
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"StarCraft II" = StarCraft II
"TeamViewer 5" = TeamViewer 5
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.2
"WBFS Manager 3.0" = WBFS Manager 3.0
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.08.2010 11:18:27 | Computer Name = * | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 17.08.2010 14:38:32 | Computer Name = *| Source = RapiMgr | ID = 8
Description = communication (0x80072745)-Fehler beim Verbinden des Windows Mobile-basierten
 Geräts. (Die Daten enthalten den Fehlercode.).
 
Error - 17.08.2010 14:38:58 | Computer Name = * | Source = RapiMgr | ID = 6
Description = Ein Windows Mobile-basiertes USB-Gerät ist angeschlossen, jedoch kann
 keine Netzwerkverbindung mit dem Desktop hergestellt werden.
 
Error - 17.08.2010 16:09:28 | Computer Name = * | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Bioshock.exe, Version: 1.0.0.0, Zeitstempel:
 0x562b0ac9  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000096  Fehleroffset: 0x0058e531  ID des fehlerhaften Prozesses:
 0x1174  Startzeit der fehlerhaften Anwendung: 0x01cb3e47f2b598ab  Pfad der fehlerhaften
 Anwendung: L:\Games\PC\Bioshock\BioShock Programmordner\Builds\Release\Bioshock.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 563a766f-aa3b-11df-b125-002618fb9f27
 
Error - 17.08.2010 16:09:28 | Computer Name = * | Source = Application Error | ID = 1005
Description = Aus einem der folgenden Gründe kann nicht auf die Datei "" zugegriffen
 werden:  Es besteht ein Problem mit der Netzwerkverbindung, dem Datenträger mit der
 gespeicherten Datei bzw. den auf dem Computer installierten  Speichertreibern, oder
 der Datenträger fehlt.  Das Programm Bioshock.exe wurde wegen dieses Fehlers geschlossen.

Programm:
 Bioshock.exe  Datei:     Der Fehlerwert ist im Abschnitt "Zusätzliche Dateien" aufgelistet.
Benutzeraktion
1.
 Öffnen Sie die Datei erneut.  Diese Situation ist eventuell ein temporäres Problem,
 das selbstständig behoben wird, wenn das Programm erneut ausgeführt wird.  2.  Wenn
 Sie weiterhin nicht auf die Datei zugreifen können und   - diese sich im Netzwerk 
befindet,   dann sollte der Netzwerkadministrator überprüfen, dass kein Netzwerkproblem
 besteht und dass eine Verbindung mit dem Server hergestellt werden kann.   - diese
 sich auf einem Wechseldatenträger, wie z. B. einer Diskette oder einer CD, befindet,
 überprüfen Sie, ob der Datenträger richtig in den Computer eingelegt ist.  3. Überprüfen
 und reparieren Sie das Dateisystem, indem Sie CHKDSK ausführen. Klicken Sie dazu
 im Menü "Start" auf "Ausführen", geben Sie CMD ein, und klicken Sie auf "OK". Geben
 Sie an der Eingabeaufforderung CHKDSK /F ein, und drücken Sie die EINGABETASTE.
4.
 Stellen Sie die Datei von einer Sicherungskopie wieder her, wenn das Problem weiterhin
 besteht.  5. Überprüfen Sie, ob andere Dateien auf demselben Datenträger geöffnet
 werden können. Falls dies nicht möglich ist, ist der Datenträger eventuell beschädigt.
   Wenden Sie sich an den Administrator oder den Hersteller der Computerhardware, 
um weitere Unterstützung zu erhalten, wenn es sich um eine Festplatte handelt.    Zusätzliche
 Daten  Fehlerwert: 00000000  Datenträgertyp: 0
 
Error - 17.08.2010 19:21:05 | Computer Name = * | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 17.08.2010 19:27:19 | Computer Name = * | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 17.08.2010 19:27:29 | Computer Name = * | Source = MsiInstaller | ID = 1021
Description = 
 
Error - 17.08.2010 19:27:30 | Computer Name = * | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 17.08.2010 21:33:57 | Computer Name = * | Source = MsiInstaller | ID = 1013
Description = 
 
[ Media Center Events ]
Error - 11.08.2010 05:53:48 | Computer Name = * | Source = MCUpdate | ID = 0
Description = 11:53:48 - Fehler beim Herstellen der Internetverbindung.  11:53:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 11.08.2010 05:53:56 | Computer Name = * | Source = MCUpdate | ID = 0
Description = 11:53:53 - Fehler beim Herstellen der Internetverbindung.  11:53:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 18.08.2010 03:54:53 | Computer Name = * | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\uxpatch.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 18.08.2010 03:54:53 | Computer Name = * | Source = Service Control Manager | ID = 7000
Description = Der Dienst "uxpatch" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 18.08.2010 03:54:53 | Computer Name = * | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Unsigned Themes" wurde mit folgendem Fehler beendet:   %%2
 
Error - 18.08.2010 15:15:42 | Computer Name = * | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 19.08.2010 04:17:48 | Computer Name = * | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\uxpatch.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 19.08.2010 04:17:48 | Computer Name = * | Source = Service Control Manager | ID = 7000
Description = Der Dienst "uxpatch" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 19.08.2010 04:17:48 | Computer Name = * | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Unsigned Themes" wurde mit folgendem Fehler beendet:   %%2
 
Error - 19.08.2010 16:10:13 | Computer Name = * | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\uxpatch.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 19.08.2010 16:10:13 | Computer Name = * | Source = Service Control Manager | ID = 7000
Description = Der Dienst "uxpatch" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%1275
 
Error - 19.08.2010 16:10:14 | Computer Name = * | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Unsigned Themes" wurde mit folgendem Fehler beendet:   %%2
 
 
< End of report >
         
--- --- ---

___________

Habe natürlich alle Funde gleich bereinigen lassen.
Bedanke mich gleich für weitere hilfreiche Vorschläge
__________________

Alt 22.08.2010, 18:07   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
ATTFilter
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKCU..\Run: [AdobeBridge]  File not found
O32 - AutoRun File - [2007.03.07 05:31:42 | 000,000,000 | R--D | M] - E:\Autorun -- [ UDF ]
O32 - AutoRun File - [2007.02.25 06:23:24 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.03.02 11:31:43 | 000,162,880 | R--- | M] () - E:\autorun.exe -- [ UDF ]
O33 - MountPoints2\{94176ca7-94ec-11df-94e3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{94176ca7-94ec-11df-94e3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2007.03.02 11:31:43 | 000,162,880 | R--- | M] ()
[2010.08.18 03:33:57 | 000,000,000 | ---D | C] -- C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.08.2010, 19:02   #5
Seeb123
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Okay alles gemacht , hier der OTL-Log:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge not found.
File not found.
File E:\Autorun.inf not found.
File E:\autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94176ca7-94ec-11df-94e3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94176ca7-94ec-11df-94e3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{94176ca7-94ec-11df-94e3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{94176ca7-94ec-11df-94e3-806e6f6e6963}\ not found.
File E:\autorun.exe not found.
C:\Windows\95FC26FB19FD4A96BBB1B1062E8648F5.TMP folder moved successfully.
ADS C:\ProgramData\TEMP:888AFB86 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: *
->Temp folder emptied: 2510947494 bytes
->Temporary Internet Files folder emptied: 26376169 bytes
->Java cache emptied: 1763646 bytes
->Google Chrome cache emptied: 283149616 bytes
->Flash cache emptied: 3557 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 356352 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 78748 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 2.692,00 mb


OTL by OldTimer - Version 3.2.10.0 log created on 08222010_195444

Files\Folders moved on Reboot...
C:\Users\*\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

____________

Bin echt beeindruckt, normalerweise lässt man ja nur seinen Virenscanner durchlaufen und das war es. Malwarebyte hatte 9 weitere gefunden und in diesem OTL-Log steht cleaned Files = 2,692MB also war da ja auch wieder was.


Blos was mich noch interessieren würde, kannst du mir sagen welche art von Viren ich auf meinem Rechner hatte , und ob jetzt alle entfernt sind.

Falls das nun alle Scans etc. waren die ich durchlaufen lassen sollte , sollte ich dieses Verfahren jetzt ca. jede 2 Wochen durchführen oder brauch ich je nach Art von Fund wieder ein "custom Fix " ?

Danke für die Hilfe


Alt 22.08.2010, 19:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Lass auch alle anderen Platten durchsuchen! Letztes Mal hast Du nur Laufwerk C: gescannt!
__________________
--> Ist mein System clean ?

Alt 22.08.2010, 22:00   #7
Seeb123
 
Ist mein System clean ? - Standard

Ist mein System clean ?



SuperAntiSpyware hat nach über 100 Cookies tatsächlich noch einen Trojaner gefunden

Malwarebyte erbrachte diesmal keinen Fund (Alle Platten gescannt )

SuperAntiSpyware-Log :


SUPERAntiSpyware Scan Log
Code:
ATTFilter
hxxp://www.superantispyware.com

Generated 08/22/2010 at 09:58 PM

Application Version : 4.41.1000

Core Rules Database Version : 5391
Trace Rules Database Version: 3203

Scan type       : Complete Scan
Total Scan Time : 00:26:48

Memory items scanned      : 571
Memory threats detected   : 0
Registry items scanned    : 14004
Registry threats detected : 0
File items scanned        : 40236
File threats detected     : 116

Adware.Tracking Cookie
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@weborama[2].txt
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@adtech[1].txt
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@atdmt[3].txt
	.content.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zedo.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tracking.quisma.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tracking.quisma.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	tracking.quisma.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	tracking.quisma.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tracking.quisma.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	tracking.quisma.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	tracking.quisma.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.unitymedia.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.unitymedia.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	cdn5.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traffictrack.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	cdn5.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.googleadservices.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.doubleclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.nike.112.2o7.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.atdmt.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adviva.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adviva.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.advertising.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.serving-sys.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.fastclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	q.n.j.cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rts.pgmediaserve.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rts.pgmediaserve.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	rts.pgmediaserve.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.partypoker.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.xm.xtendmedia.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.collective-media.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.q.o.j.cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.q.o.j.cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	q.o.j.cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zanox-affiliate.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tradedoubler.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.traffictrack.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad3.adfarm1.adition.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.googleadservices.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.content.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adply.plymedia.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.webmasterplan.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.zanox.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.zanox.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.apmebf.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.apmebf.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediaplex.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.specificclick.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.tribalfusion.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.mediamarkt.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ad.adnet.biz [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ad.adnet.biz [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ad.adnet.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.ad.adnet.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	www.etracker.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\+\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.revsci.net [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	r.m.j.cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adultfriendfinder.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adultfriendfinder.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	cltomedia.info [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	ad.yieldmanager.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	studivz.adfarm1.adition.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	.adfarm1.adition.com [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	adx.chip.de [ C:\Users\*\AppData\Local\Google\Chrome\User Data\Default\Cookies ]
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\*@atdmt[1].txt
	C:\Users\*\AppData\Roaming\Microsoft\Windows\Cookies\Low\*@atdmt[2].txt

Trojan.Vundo-Variant/F
	C:\WINDOWS\JESTERTB.DLL
         
_______

Malwarebyte-Log :


Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4453

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

22.08.2010 22:54:30
mbam-log-2010-08-22 (22-54-30).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 347556
Laufzeit: 40 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
___________

Ich denke nun sollte alles schädliche entfernt sein

Alt 23.08.2010, 12:38   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 23.08.2010, 20:33   #9
Seeb123
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Ich hatte nie Probleme ich wollte nur wissen ob alles clean war,
und ich war geschockt :l
Aber nun ist ja alles gut

Ich werde den Vorgang der ganzen Programme nun jede 2 wochen wiederholen.
Ich danke dir sehr

nur noch eine letzte Frage

Alt 23.08.2010, 20:35   #10
Seeb123
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Ich hatte nie Probleme ich wollte nur wissen ob alles clean war,
und ich war geschockt :l
Aber nun ist ja alles gut

Ich werde den Vorgang der ganzen Programme nun jede 2 wochen wiederholen.
Ich danke dir sehr

nur noch eine letzte Frage

also der Fix Code bei der OTL.exe ist das nach jedem Scan immer der selbe ?

Alt 24.08.2010, 09:57   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ist mein System clean ? - Standard

Ist mein System clean ?



Gut, dann bitte die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu Ist mein System clean ?
adobe, antivir, antivir guard, ask toolbar, avg, avira, bho, bonjour, converter, desktop, explorer, google, hijack, hijackthis, internet, internet explorer, lsass.exe, microsoft, mp3, nvidia, programme, sicherheit, software, system, syswow64, windows, wmp



Ähnliche Themen: Ist mein System clean ?


  1. System clean?
    Plagegeister aller Art und deren Bekämpfung - 06.09.2014 (13)
  2. Windows 8.1: Überprüfung ob mein PC-System clean ist
    Log-Analyse und Auswertung - 25.01.2014 (12)
  3. GVU-Trojaner. System clean?
    Log-Analyse und Auswertung - 10.05.2013 (11)
  4. Ist mein Computer clean?
    Log-Analyse und Auswertung - 30.04.2013 (5)
  5. Ist mein PC clean ?
    Log-Analyse und Auswertung - 04.06.2009 (19)
  6. Nach Trojaner entfernung, ist mein System wieder clean?
    Mülltonne - 20.11.2008 (0)
  7. HJT Log, ist mein PC clean?
    Mülltonne - 09.05.2008 (0)
  8. Ist mein pc clean?
    Plagegeister aller Art und deren Bekämpfung - 23.09.2007 (3)
  9. System noch clean?
    Log-Analyse und Auswertung - 12.09.2007 (1)
  10. Ist mein PC clean?!?
    Log-Analyse und Auswertung - 20.08.2007 (1)
  11. Ist mein System clean? (2 Viren gefixt)
    Log-Analyse und Auswertung - 11.07.2007 (36)
  12. Wer kann mir sagen ob mein Pc clean ist?
    Mülltonne - 10.07.2007 (2)
  13. Ist mein System clean
    Log-Analyse und Auswertung - 10.07.2007 (4)
  14. system wieder clean?
    Log-Analyse und Auswertung - 25.06.2007 (2)
  15. ist mein System clean
    Log-Analyse und Auswertung - 03.08.2006 (3)
  16. System clean?
    Mülltonne - 14.12.2005 (1)
  17. Ist mein System clean?
    Log-Analyse und Auswertung - 23.04.2005 (4)

Zum Thema Ist mein System clean ? - Hallo erstmal , Ich habe seit ungefähr 3 Monaten einen neuen Rechner und wollte mal eben wissen ob sich vielleicht inzwischen irgendwie was eingeschlichen hat. Meines Wissens nach sollte alles - Ist mein System clean ?...
Archiv
Du betrachtest: Ist mein System clean ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.