Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: starker Viren befall in letzter Zeit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 27.10.2010, 15:49   #1
Sven2010
 
starker Viren befall in letzter Zeit - Ausrufezeichen

starker Viren befall in letzter Zeit



Hab starken Virenbefall in letzter Zeit, meist starke Viren und mein System ist anscheinend jetzt sehr Instabil und verlangsamt:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 08:17:56, on 10.08.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Ralink\Common\RaUI.exe
C:\Program Files (x86)\Xfire\Xfire.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Users\Admin\Downloads\mbam_setup_1.46.exe
C:\Users\Admin\AppData\Local\Temp\is-3U18U.tmp\mbam_setup_1.46.tmp
C:\Users\Admin\Downloads\mbam_setup_1.46.exe
C:\Users\Admin\AppData\Local\Temp\is-8J8RL.tmp\mbam_setup_1.46.tmp
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SweetIM Toolbar Helper - {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx
O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_S3803.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [WallpaperCam] C:\Program Files (x86)\Wallpaper Cam\WallPaperCam.exe /d40
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\Users\Admin\AppData\Local\Temp\7889688.txt,W
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: CurseClientStartup.ccip
O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe
O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe
O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12540

Dann habe ich noch folgenden Scan von BitDefender:

QuickScan Beta 32-bit v0.9.9.50
-------------------------------
Scan date: Wed Oct 27 16:41:37 2010
Machine ID: 3E68E262



No infection found.
-------------------



Processes
---------
(verified) Ad-Aware Tray Application 4812 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
(verified) AntiVir Desktop 7152 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(verified) AVG IDS 6492 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
(verified) AVG Internet Security 7084 C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(verified) Betriebssystem Microsoft® Windows® 6432 C:\Windows\SysWOW64\rundll32.exe
(verified) Creative Volume Control 6680 C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
(verified) Firefox 5732 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(verified) Firefox 3016 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 6860 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) RaUI Application 6460 C:\Program Files (x86)\Ralink\Common\RaUI.exe
(verified) Xfire 6888 C:\Program Files (x86)\Xfire\Xfire.exe


Autoruns and critical files
---------------------------
(unsigned) Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(unsigned) PCSpeedScan C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe

(verified) P17Run Endpoints Dynamic Link Library C:\Windows\system32\P17RunE.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
(verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
(verified) Adobe Updater C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe
(verified) Alcohol Soft Development Team C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe
(verified) AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(verified) Autorun Application G:\autorun.exe
(verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG10\avgtray.exe
(verified) Betriebssystem Microsoft® Windows® C:\Program Files\Windows Sidebar\sidebar.exe
(verified) Betriebssystem Microsoft® Windows® C:\Windows\Speech\Common\sapisvr.exe
(verified) Betriebssystem Microsoft® Windows® c:\windows\system32\userinit.exe
(verified) Creative Updreg C:\Windows\UpdReg.EXE
(verified) Creative Volume Control C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
(verified) EPSON Status Monitor 3 C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE
(verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) RaUI Application C:\Program Files (x86)\Ralink\Common\RaUI.exe
(verified) SDNotify(en) C:\Program Files (x86)\SDClock\SDNotify.exe
(verified) start.exe F:\start.exe
(verified) Steam d:\steam\steam.exe
(verified) Uniblue Launcher C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe
(verified) Xfire C:\Program Files (x86)\Xfire\Xfire.exe


Browser plugins
---------------
(unsigned) FireShot C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
(unsigned) FireShot for Internet Explorer C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
(unsigned) fireshot-install.exe C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
(unsigned) frozen.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
(unsigned) googletoolbar-ff2.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
(unsigned) googletoolbar-ff3.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
(unsigned) googletoolbarloader.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
(unsigned) Java(TM) Platform SE 6 U22 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

(verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
(verified) Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll
(verified) AVG Internet Security c:\program files (x86)\avg\avg10\avgssie.dll
(verified) Betriebssystem Microsoft® Windows® C:\Windows\System32\mswsock.dll
(verified) Betriebssystem Microsoft® Windows® C:\Windows\system32\napinsp.dll
(verified) Betriebssystem Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll
(verified) BitDefender QuickScan C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
(verified) BitDefender QuickScan C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) DirectShow c:\windows\syswow64\msdxm6.ocx
(verified) FFExternalAlert.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll
(verified) Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
(verified) GoogleToolbarNotifier c:\program files (x86)\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
(verified) ICQ C:\Program Files (x86)\ICQ7.2\ICQ.exe
(verified) ICQToolBar c:\program files (x86)\icq6toolbar\icqtoolbar.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
(verified) Java Deployment Toolkit 6.0.220.4 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
(verified) Java(TM) Platform SE 6 U22 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
(verified) Microsoft Office 2003 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
(verified) nppdf32.DEU C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU
(verified) NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
(verified) RadioWMPCore.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll
(verified) Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll
(verified) SweetIM Toolbar for Internet Explorer c:\program files (x86)\sweetim\toolbars\internet explorer\mghelper.dll
(verified) SweetIM Toolbar for Internet Explorer c:\program files (x86)\sweetim\toolbars\internet explorer\mgtoolbarie.dll
(verified) Windows Live® Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll


Missing files
-------------
File not found: C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe -m
--> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Performance Center"
--> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"Performance Center"

File not found: c:\program files (x86)\xfirexo\tbxfir.dll
--> HKCR\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\InprocServer32\"(default)"
--> HKCR\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\InprocServer32\"(default)"
--> HKCR\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\InprocServer32\"(default)"


Scan
----
(unsigned) MD5: b402c87856832a908d162c43c56b8333 C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe
(unsigned) MD5: 9ac78d384ce632bf4b5c73d5231ce17e C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(unsigned) MD5: 8c05c68fedfcbf400093a0e232315bc2 C:\Program Files (x86)\Avira\AntiVir Desktop\ccgenrc.dll
(unsigned) MD5: 86e162677d131e5fa32fb2bff60cfd05 C:\Program Files (x86)\Avira\AntiVir Desktop\ccgrdrc.dll
(unsigned) MD5: d17e73d08d3f9bf86778ca32bafea292 C:\Program Files (x86)\Avira\AntiVir Desktop\cclicrc.dll
(unsigned) MD5: 05be6a994e936dc58ee3940e0bb46e70 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmainrc.dll
(unsigned) MD5: a7af0c0d9cd0c9efc8929c64008a0193 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmgrdrc.dll
(unsigned) MD5: 339b2db238a59554a6e45fe00c155fe3 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmguard.dll
(unsigned) MD5: d201762816e297d0eed3b7cf00d64c93 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmsgrc.dll
(unsigned) MD5: 6bb82348cc5c8d0ac51090f2bf7e0a92 C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdrc.dll
(unsigned) MD5: 0e6646ac36256ab3f3af8069cefcd8a8 C:\Program Files (x86)\Avira\AntiVir Desktop\ccwgrd.dll
(unsigned) MD5: ac5b7ad060844b1bf3bddf624f68a545 C:\Program Files (x86)\Avira\AntiVir Desktop\ccwgrdrc.dll
(unsigned) MD5: d41a02871f992a2c47b84a95c2a78b40 C:\Program Files (x86)\Avira\AntiVir Desktop\ccwgrdw.dll
(unsigned) MD5: ad045e1cb3fea867df40dd1622f1eef9 C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll
(unsigned) MD5: 87e8f577cd2d3b08270893b6d12d3464 C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.crl
(unsigned) MD5: 69cdba2b9c397e349a04fa70dd9170a2 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(unsigned) MD5: 8084668d40e5eb157839c5519e533541 C:\Program Files (x86)\Creative\Shared Files\CTIniF.dll
(unsigned) MD5: ec046688c85011435dc8071eba02f833 C:\Program Files (x86)\Creative\Shared Files\CtrlSrc.dll
(unsigned) MD5: eeb43b761b01f7668a466a1439e4d675 C:\Program Files (x86)\Creative\Shared Files\CTTheme.dll
(unsigned) MD5: ebf4c4557fbfea9ccf642abd5a239471 C:\Program Files (x86)\Creative\Shared Files\GDICtrl.skc
(unsigned) MD5: 1602eecc8b71bda0947134871a5a1478 C:\Program Files (x86)\Creative\Shared Files\GDICtrl3.skc
(unsigned) MD5: 4dd881b1918d195682ea7e696000d342 C:\Program Files (x86)\Creative\Shared Files\MxLib.dll
(unsigned) MD5: 3ed8e561044723c6039a8a20a3ae60cc C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
(unsigned) MD5: c98fb0239d4a50328cf2f8a6e54681db C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
(unsigned) MD5: e709a3a583103005702d5341f3cba5d7 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
(unsigned) MD5: cce32ecd46bba2eb94ff5d305a6700f3 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
(unsigned) MD5: daf473a146a3d77b4e26c1f809997329 C:\Program Files (x86)\Ralink\Common\CiscoEapFast.dll
(unsigned) MD5: 654de714db500f5aec66c3fbc8d25a43 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe
(unsigned) MD5: 4cd6aec48561460c3b97f0ef3e0b636c C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll
(unsigned) MD5: 63f70c127c8794c6a2f236fd5bd7bb53 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll
(unsigned) MD5: 0a69406d3cf3747ab528ace7739ac46d C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
(unsigned) MD5: e5b02bb0c6ea7cd4607b49c7be4db5b0 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
(unsigned) MD5: 288cc8a1f9ca886a3555da06dbae6144 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
(unsigned) MD5: ad7ec854e30b632bcdd7dee6a3ab4077 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
(unsigned) MD5: f4bd8926afb3b2067f2bd210032ec3be C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
(unsigned) MD5: 0421441fbf668c7e72eeb658b04aa8c7 C:\Windows\SysWOW64\APOMngr.DLL
(unsigned) MD5: 45f681a6de7ccd2e2cc3bae71fc1cb51 C:\Windows\SysWOW64\CmdRtr.DLL


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.03 MB sent, 0.42 KB recvd
Scanned 635 files and modules - 20 seconds

==============================================================================


Viren habe ich laut Avira Premium, AVG 2011 und Ad-Aware nicht mehr darauf.

Ich hoffe die Viren haben nicht all zu große Schäden hinterlassen.

MfG Sven


PS: Gerade: 27.10 17.10

folgenden Virus im AVG Ordner entdeckt (avira): (FEHLALARM)


Typ: Datei
Quelle: C:\ProgramData\avg9\update\backup\avgui.exe
Status: Infiziert
Quarantäne-Objekt: 49bee160.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows 2000/XP/VISTA Workstation
Suchengine: 8.02.04.84
Virendefinitionsdatei: 7.10.13.49
Meldung: Ist das Trojanische Pferd TR/Spy.ZBot.JP
Datum/Uhrzeit: 27.10.2010, 17:06

(FEHLALARM) oder doch nicht?
NAch weiteren Scans in der Quarantäne wurde aus dem Virus nur noch eine Verdächtige Datei. Nach dem wiederherrstellen scännte ich erneut, diesmal keine Infektion!


17:38

Ad-Aware hat folgende datei als sehr gefährlich und als eine Bedrohung eingestuft. Die Datei habe ich in Quarantäne verschoben:

Win32.Adware.Ascentive/A

(c:\windows\syswow64\asccontest.dll)

Geändert von Sven2010 (27.10.2010 um 16:40 Uhr) Grund: Neue Informationen

Alt 28.10.2010, 20:49   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
starker Viren befall in letzter Zeit - Standard

starker Viren befall in letzter Zeit



Hallo und

Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 29.10.2010, 17:38   #3
Sven2010
 
starker Viren befall in letzter Zeit - Standard

starker Viren befall in letzter Zeit



Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4964

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

29.10.2010 18:35:27
mbam-log-2010-10-29 (18-35-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|J:\|K:\|)
Durchsuchte Objekte: 337242
Laufzeit: 33 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Admin\Downloads\AA3DeployInstaller.exe (Trojan.Dropper) -> No action taken.

Die Dateil war eine Istallationsdatei eines Spieles. Meine anderen Antiviren haben nichts gefunden, somit bin ich verunsichert, den OTL poste ich gleich!
__________________

Alt 29.10.2010, 17:58   #4
Sven2010
 
starker Viren befall in letzter Zeit - Standard

starker Viren befall in letzter Zeit



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.10.2010 18:39:19 - Run 5
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Admin\Downloads\Programme
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
8,00 Gb Paging File | 4,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 51,84 Gb Free Space | 34,58% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 312,12 Gb Free Space | 79,88% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 253,38 Gb Free Space | 64,84% Space Free | Partition Type: NTFS
Drive F: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Admin\AppData\Local\Apps\2.0\ZNH5DCZR.VT0\QHAZLHKD.D8W\aa3d..tion_38b9e60664ffaf59_0001.0002_554fd5a80c861f64\AA3Deploy.exe (Pragmatic Solution Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Admin\Downloads\Programme\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Admin\Downloads\Programme\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files (x86)\SweetIM\Messenger\MSVCR71.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (SDClockService) -- C:\Windows\SysNative\SDClockService.exe (BlueCosmos(kt))
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (SearchAnonymizer) -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.)
SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys ()
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation)
DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation)
DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab)
DRV:64bit: - (TcUsb) -- C:\Windows\SysNative\drivers\tcusb.sys (UPEK Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\drivers\hxctlflt.sys (Guillemot Corporation)
DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.)
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys ()
DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys ()
DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h;t;t;p;:;/;/;h;o;m;e;.;s;w;e;e;t;i;m;.;c;o;m;
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de
IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll File not found
IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0
FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4
FF - prefs.js..keyword.URL: "hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_de&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010.10.26 12:46:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.28 16:52:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.28 16:52:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.07.23 16:24:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010.05.06 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2010.05.06 11:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.10.29 16:13:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions
[2010.10.12 16:08:01 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
[2010.09.12 12:06:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.06.22 15:36:32 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
[2010.06.16 13:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.27 17:19:34 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
[2010.10.27 15:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.10.29 13:53:17 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.10.10 19:09:42 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2010.09.23 06:22:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\personas@christopher.beard
[2010.06.16 13:57:17 | 000,001,150 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\icqplugin.xml
[2010.10.29 13:53:07 | 000,003,915 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\sweetim.xml
[2010.06.16 13:57:17 | 000,002,152 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\{45D37331-AAFB-4DC3-ACCB-ECEE65A45E48}.xml
[2010.06.16 13:57:17 | 000,001,834 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\{9608EFAC-9926-4BDB-B86A-F0E40D384B19}.xml
[2010.06.16 13:57:17 | 000,002,041 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\{DC613617-F408-4D2C-BD26-3F2CDD3258BC}.xml
[2010.10.29 17:58:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.06.12 15:35:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.03 11:36:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.10.29 17:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.10.29 17:57:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.26 19:15:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.26 19:15:32 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.26 19:15:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.26 19:15:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.26 19:15:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3:64bit: - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll File not found
O3 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.)
O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [PC SpeedScan Pro] C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Ascentive LLC)
O4 - HKLM..\Run: [Performance Center] C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICAE.EXE File not found
O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [Steam] d:\steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.10.12 13:42:53 | 000,000,000 | R--D | M] - F:\AutoPlay -- [ UDF ]
O32 - AutoRun File - [2008.04.11 19:52:28 | 002,404,352 | R--- | M] () - F:\autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.11.06 18:33:09 | 000,000,043 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - G:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - G:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{e8a12876-5df3-11df-bf94-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e8a12876-5df3-11df-bf94-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.)
O33 - MountPoints2\{fe46c094-5387-11df-930c-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{fe46c094-5387-11df-930c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Start.exe -- [2006.01.10 15:49:24 | 000,492,032 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) -  File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Programme (x86)\AVG\AVG10\avgchsva.exe File not found
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Programme (x86)\AVG\AVG10\avgrsa.exe File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.10.29 17:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.10.29 17:58:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.10.29 17:58:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.10.29 17:58:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.10.29 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.10.29 15:53:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AA3DeployClient
[2010.10.29 15:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient
[2010.10.28 17:55:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender
[2010.10.28 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender
[2010.10.28 17:54:15 | 000,388,168 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys
[2010.10.25 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos
[2010.10.25 14:05:01 | 000,036,864 | ---- | C] (CIPL) -- C:\Windows\SysWow64\ascbalon.dll
[2010.10.25 14:05:01 | 000,020,480 | ---- | C] (Ascentive LLC) -- C:\Windows\SysWow64\SysRestore.dll
[2010.10.25 13:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascentive
[2010.10.25 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Uniblue
[2010.10.25 13:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue
[2010.10.19 14:28:48 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2010.10.15 13:23:57 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.10.15 13:23:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.10.15 13:23:55 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2010.10.15 13:23:49 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2010.10.15 13:23:46 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2010.10.15 13:23:45 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2010.10.15 13:23:44 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2010.10.15 13:23:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2010.10.15 13:23:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2010.10.15 13:23:34 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2010.10.15 13:23:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2010.10.15 13:23:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2010.10.15 13:23:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2010.10.15 13:23:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2010.10.15 13:23:32 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2010.10.15 13:23:32 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2010.10.15 13:23:32 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.10.15 13:23:32 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.10.15 13:23:32 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.10.15 13:23:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.10.15 13:23:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2010.10.15 13:23:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.10.15 13:23:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.10.15 13:23:20 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.10.15 13:23:19 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.10.15 13:23:18 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.10.15 13:23:18 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.10.15 13:23:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2010.10.14 13:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.10.13 17:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWiSHzone.com
[2010.10.12 16:11:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FireShot
[2010.10.12 16:03:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Updater
[2010.10.12 16:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems
[2010.10.12 16:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared
[2010.10.12 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF
[2010.10.11 18:13:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc
[2010.10.11 18:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2010.10.11 16:38:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\ArcaniA - Gothic 4 Demo
[2010.10.11 16:38:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2010.10.11 16:38:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2010.10.11 16:38:01 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2010.10.11 16:38:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2010.10.11 16:38:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2010.10.11 16:38:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2010.10.11 16:38:00 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2010.10.11 16:38:00 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2010.10.11 16:38:00 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2010.10.11 16:38:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2010.10.11 16:38:00 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2010.10.11 16:38:00 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2010.10.11 16:38:00 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2010.10.11 16:38:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2010.10.11 16:37:59 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2010.10.11 16:37:59 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll
[2010.10.11 16:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.10.11 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD Entertainment AG
[2010.10.09 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\MeinSpore-Kreationen
[2010.10.09 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SPORE
[2010.10.09 07:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2010.10.09 07:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2010.10.05 17:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft
[2010.10.04 19:06:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira
[2010.10.04 19:05:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.10.04 19:05:16 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.04 19:05:16 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.10.04 19:05:16 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.10.04 19:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.10.04 19:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2010.10.04 18:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.10.04 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager
[2010.10.04 18:26:36 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll
[2010.10.04 18:26:36 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll
[2010.10.04 18:26:36 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll
[2010.10.04 18:26:36 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll
[2010.10.04 18:26:36 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EPPicMgr.dll
[2010.10.04 18:19:28 | 000,129,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMCAE.DLL
[2010.10.04 18:19:28 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBCAE.DLL
[2010.10.04 18:19:25 | 000,000,000 | ---D | C] -- C:\Programme\EPSON
[2010.10.04 17:38:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Makro_Corporation
[2010.10.03 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BAT 2 EXE 1
[2010.10.03 16:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Makro
[2010.10.02 16:29:48 | 000,000,000 | ---D | C] -- C:\#Virus Maker
[2010.10.02 12:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.10.02 11:04:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG10
[2010.10.02 10:54:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2010.10.02 10:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10
[2010.10.02 10:53:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2010.10.02 10:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010.10.01 19:35:49 | 000,036,864 | ---- | C] (BlueCosmos(kt)) -- C:\Windows\SysNative\SDClockService.exe
[2010.10.01 19:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDClock
[2010.10.01 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan
 
========== Files - Modified Within 30 Days ==========
 
[2010.10.29 18:14:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.10.29 17:57:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.10.29 17:57:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.10.29 17:57:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.10.29 17:57:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.10.29 16:10:09 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\prvlcl.dat
[2010.10.29 15:53:44 | 000,000,316 | ---- | M] () -- C:\Users\Admin\Desktop\AA3Deploy.appref-ms
[2010.10.29 13:05:58 | 000,022,639 | ---- | M] () -- C:\Users\Admin\AppData\Local\backup.vtp
[2010.10.29 12:32:19 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.10.29 12:32:19 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.10.29 12:24:14 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.10.29 12:24:07 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010.10.29 12:23:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.10.29 12:23:42 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys
[2010.10.29 06:10:29 | 097,961,613 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010.10.28 17:56:18 | 000,027,440 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2010.10.28 17:11:38 | 000,000,344 | ---- | M] () -- C:\Users\Admin\Documents\Patti.dat
[2010.10.28 15:12:49 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.10.28 15:12:49 | 000,698,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.10.28 15:12:49 | 000,652,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.10.28 15:12:49 | 000,148,100 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.10.28 15:12:49 | 000,120,958 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.10.27 17:43:43 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010.10.25 13:35:05 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.10.23 19:03:30 | 000,625,796 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2010.10.16 14:52:01 | 000,001,486 | ---- | M] () -- C:\Users\Admin\Desktop\SpeedSim - Verknüpfung.lnk
[2010.10.15 18:06:18 | 000,356,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.10.12 16:01:24 | 000,001,291 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010.10.11 16:35:45 | 000,001,361 | ---- | M] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4 Demo.lnk
[2010.10.11 14:56:27 | 000,330,606 | ---- | M] () -- C:\Users\Admin\Documents\vlc-record-2010-10-11-14h56m06s-doncamp.mp3-.mp3
[2010.10.11 14:56:03 | 000,349,832 | ---- | M] () -- C:\Users\Admin\Documents\vlc-record-2010-10-11-14h55m41s-doncamp.mp3-.mp3
[2010.10.10 15:16:19 | 000,000,355 | ---- | M] () -- C:\Users\Admin\Desktop\Arbeitsplatz.lnk
[2010.10.09 14:20:15 | 000,000,190 | ---- | M] () -- C:\Users\Admin\Desktop\SPORE™.lnk
[2010.10.06 17:27:03 | 000,025,600 | ---- | M] () -- C:\Users\Admin\Documents\Der Arbeitstag ist lang und schwer 2.doc
[2010.10.06 15:22:33 | 000,026,112 | ---- | M] () -- C:\Users\Admin\Documents\Der Arbeitstag ist lang und schwer.doc
[2010.10.05 17:51:13 | 000,018,929 | ---- | M] () -- C:\Windows\War3Unin.dat
[2010.10.05 17:42:39 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.10.05 16:38:52 | 000,868,848 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.10.05 06:58:53 | 001,591,958 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.10.05 06:24:28 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.10.04 19:04:03 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.10.04 19:04:03 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.10.04 19:04:02 | 000,081,072 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.10.04 19:04:02 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.10.04 18:18:52 | 000,000,027 | ---- | M] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2010.10.03 17:21:25 | 000,000,197 | ---- | M] () -- C:\Windows\bat2exe.INI
[2010.10.03 17:20:04 | 000,080,896 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe
[2010.10.03 17:20:04 | 000,001,019 | ---- | M] () -- C:\Users\Admin\Desktop\BAT 2 EXE 1.0.lnk
[2010.10.03 16:39:22 | 000,001,015 | ---- | M] () -- C:\Users\Admin\Desktop\E-Mail Spam 2.0.lnk
[2010.10.03 16:38:38 | 000,516,096 | ---- | M] () -- C:\Windows\iwexec.exe
[2010.10.02 10:54:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm
[2010.10.02 10:54:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavifw.avm
[2010.10.02 10:54:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm
[2010.10.01 19:35:50 | 000,005,012 | ---- | M] () -- C:\Windows\SysNative\SDClockService.InstallState
[2010.10.01 19:33:32 | 000,001,012 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDNotify.lnk
 
========== Files Created - No Company Name ==========
 
[2010.10.29 15:53:44 | 000,000,316 | ---- | C] () -- C:\Users\Admin\Desktop\AA3Deploy.appref-ms
[2010.10.29 06:10:29 | 097,961,613 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2010.10.28 17:54:06 | 000,027,440 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2010.10.28 17:11:38 | 000,000,344 | ---- | C] () -- C:\Users\Admin\Documents\Patti.dat
[2010.10.25 14:05:01 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll
[2010.10.25 13:35:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2010.10.25 13:35:05 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk
[2010.10.23 19:03:30 | 000,625,796 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2010.10.16 14:52:01 | 000,001,486 | ---- | C] () -- C:\Users\Admin\Desktop\SpeedSim - Verknüpfung.lnk
[2010.10.14 13:56:19 | 000,000,000 | ---- | C] () -- C:\Users\Admin\Sti_Trace.log
[2010.10.12 16:01:24 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2010.10.11 16:35:45 | 000,001,361 | ---- | C] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4 Demo.lnk
[2010.10.11 14:56:27 | 000,330,606 | ---- | C] () -- C:\Users\Admin\Documents\vlc-record-2010-10-11-14h56m06s-doncamp.mp3-.mp3
[2010.10.11 14:56:03 | 000,349,832 | ---- | C] () -- C:\Users\Admin\Documents\vlc-record-2010-10-11-14h55m41s-doncamp.mp3-.mp3
[2010.10.10 15:16:19 | 000,000,355 | ---- | C] () -- C:\Users\Admin\Desktop\Arbeitsplatz.lnk
[2010.10.09 14:20:15 | 000,000,190 | ---- | C] () -- C:\Users\Admin\Desktop\SPORE™.lnk
[2010.10.06 16:54:11 | 000,025,600 | ---- | C] () -- C:\Users\Admin\Documents\Der Arbeitstag ist lang und schwer 2.doc
[2010.10.05 17:42:39 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010.10.05 17:23:14 | 000,026,112 | ---- | C] () -- C:\Users\Admin\Documents\Der Arbeitstag ist lang und schwer.doc
[2010.10.05 16:38:50 | 000,868,848 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys
[2010.10.05 16:19:26 | 001,359,360 | ---- | C] () -- C:\Users\Admin\Desktop\#Virus Maker.exe
[2010.10.05 06:24:28 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
[2010.10.04 18:26:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2010.10.04 18:26:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2010.10.04 18:26:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2010.10.04 18:26:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2010.10.04 18:26:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2010.10.04 18:26:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2010.10.04 18:26:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2010.10.04 18:26:36 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg
[2010.10.04 18:26:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2010.10.04 18:26:36 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg
[2010.10.04 18:26:36 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg
[2010.10.04 18:26:36 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg
[2010.10.04 18:26:36 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg
[2010.10.04 18:26:36 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg
[2010.10.04 18:26:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2010.10.04 18:26:36 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg
[2010.10.04 18:26:36 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg
[2010.10.04 18:26:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2010.10.04 18:26:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2010.10.04 18:26:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2010.10.04 18:26:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2010.10.04 18:26:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2010.10.04 18:26:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2010.10.04 18:26:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2010.10.04 18:26:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2010.10.04 18:26:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2010.10.04 18:26:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.10.04 18:26:35 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg
[2010.10.04 18:26:35 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg
[2010.10.04 18:26:35 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg
[2010.10.04 18:26:35 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg
[2010.10.04 18:26:35 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg
[2010.10.04 18:18:52 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini
[2010.10.03 17:21:25 | 000,000,197 | ---- | C] () -- C:\Windows\bat2exe.INI
[2010.10.03 17:20:04 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.10.03 17:20:04 | 000,001,019 | ---- | C] () -- C:\Users\Admin\Desktop\BAT 2 EXE 1.0.lnk
[2010.10.03 16:39:22 | 000,516,096 | ---- | C] () -- C:\Windows\iwexec.exe
[2010.10.03 16:39:22 | 000,001,015 | ---- | C] () -- C:\Users\Admin\Desktop\E-Mail Spam 2.0.lnk
[2010.10.02 10:54:39 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk
[2010.10.01 19:35:50 | 000,005,012 | ---- | C] () -- C:\Windows\SysNative\SDClockService.InstallState
[2010.10.01 19:33:32 | 000,001,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDNotify.lnk
[2010.08.28 10:38:19 | 000,015,144 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll
[2010.08.26 09:13:34 | 000,022,639 | ---- | C] () -- C:\Users\Admin\AppData\Local\backup.vtp
[2010.08.03 17:39:50 | 001,591,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.07.12 14:09:48 | 000,000,516 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2010.07.12 14:09:48 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini
[2010.07.12 14:09:47 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2010.06.19 12:32:29 | 000,005,103 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik
[2010.06.19 12:25:06 | 000,033,280 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.14 17:39:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.06.04 16:09:37 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\prvlcl.dat
[2010.05.24 17:46:19 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll
[2010.05.23 13:53:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll
[2010.05.19 17:25:53 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini
[2010.05.07 20:09:45 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.05.05 07:06:59 | 000,020,816 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png
[2010.04.30 11:52:51 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys
[2010.04.29 16:22:58 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2010.04.29 16:22:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008.11.13 14:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini
[2007.12.04 13:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini
[2007.06.07 13:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini
[2006.05.19 09:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4

< End of report >
         
--- --- ---





2. Logfile:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.10.2010 18:39:19 - Run 5
OTL by OldTimer - Version 3.2.17.1     Folder = C:\Users\Admin\Downloads\Programme
64bit- An unknown product  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
8,00 Gb Paging File | 4,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 51,84 Gb Free Space | 34,58% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 312,12 Gb Free Space | 79,88% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 253,38 Gb Free Space | 64,84% Space Free | Partition Type: NTFS
Drive F: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{140587DE-51BE-45DA-838D-CD594C88B691}" = AVG 2011
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{319B58E8-4C80-4912-8EA7-24A9658120C6}" = AVG 2011
"{453464E5-2B99-43CA-9C0E-FD1A6C76C792}" = Protector Suite 2009.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{5BF8A577-B334-49BE-A7B2-349C1F1B0C58}" = AVG 2011
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{778C8673-1A90-45DD-91E8-33FD0202E9E2}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A019FB54-F9D4-42BE-937D-5A4B9A36428D}" = AVG 2011
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{BE748D49-9B5F-4D69-ABF1-A891C95CAB4A}" = AVG 2011
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SearchAnonymizer" = SearchAnonymizer
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}" = FOCMapEditor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{82A5E136-23E4-4BD3-938C-8DC490B59F92}" = PC SpeedScan Pro
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A842BCF9-824C-4100-9430-CF061FDE495F}" = Makro
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DB6823F8-490F-46ED-9778-F1B2DD9032E5}" = Hama WLAN USB Stick
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF3E420F-2DCF-4C24-8E37-896801901031}" = Nero 7 Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.3
"7-Zip" = 7-Zip 4.65
"AbAlarm_is1" = AbAlarm
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"ALchemy" = Creative ALchemy
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BAT 2 EXE 1" = BAT 2 EXE 1
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EA Download Manager" = EA Download Manager
"elveon's Texturepatch_is1" = elveon's Texturepatch v1.4
"Empire at War Forces of Corruption Mappack" = Empire at War Forces of Corruption Mappack 6.00 
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"Gothic II" = Gothic II
"heroes in the sky" = heroes in the sky
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LameACM" = Lame ACM MP3 Codec
"LeechFTP" = LeechFTP MP3 CODE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.7
"MegaTrainer XL_is1" = MegaTrainer XL V1.5.8.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"PC-AUS 2.00" = PC-AUS 2.00
"Risen - My Life De" = Risen - My Life De
"SDClock_is1" = SDClock
"Security Task Manager" = Security Task Manager 1.7i
"SpeedFan" = SpeedFan (remove only)
"Steam App 34030" = Napoleon: Total War
"Steam App 35110" = Just Cause 2 Demo
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"2a4f70b48f669acd" = AA3Deploy
"FileZilla Client" = FileZilla Client 3.3.4.1
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.10.2010 11:44:30 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 27.10.2010 11:44:31 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 28.10.2010 09:08:48 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 28.10.2010 10:52:35 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 28.10.2010 11:54:34 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.10.2010 00:16:28 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.10.2010 06:24:23 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.10.2010 07:52:22 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Downloads\Programme\SoftonicDownloader_fuer_warcraft-iii-reign-of-chaos.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 29.10.2010 09:53:47 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.10.2010 10:31:29 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3951 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: ce8    Startzeit: 
01cb77736d060e5c    Endzeit: 3    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 34ef2396-e369-11df-bc45-e0cb4e933385  
 
[ Media Center Events ]
Error - 04.06.2010 08:42:50 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:42:50 - Fehler beim Herstellen der Internetverbindung.  14:42:50 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.06.2010 08:17:24 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:17:24 - Fehler beim Herstellen der Internetverbindung.  14:17:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.06.2010 08:17:32 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:17:29 - Fehler beim Herstellen der Internetverbindung.  14:17:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.06.2010 09:23:21 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:23:03 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
 für Vorgang überschritten)  
 
Error - 06.06.2010 08:22:20 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:22:20 - Fehler beim Herstellen der Internetverbindung.  14:22:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.06.2010 08:22:30 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:22:27 - Fehler beim Herstellen der Internetverbindung.  14:22:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.06.2010 09:22:40 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:22:40 - Fehler beim Herstellen der Internetverbindung.  15:22:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.06.2010 09:22:48 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:22:45 - Fehler beim Herstellen der Internetverbindung.  15:22:45 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.07.2010 00:11:13 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 06:11:12 - Fehler beim Herstellen der Internetverbindung.  06:11:12 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 13.07.2010 06:16:56 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 12:16:56 - Fehler beim Herstellen der Internetverbindung.  12:16:56 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 28.10.2010 10:00:17 | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description = 
 
Error - 28.10.2010 10:49:06 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?10.?2010 um 16:47:56 unerwartet heruntergefahren.
 
Error - 28.10.2010 10:51:21 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 28.10.2010 10:52:10 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.10.2010 10:52:22 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 28.10.2010 11:06:56 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 29.10.2010 00:07:36 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 29.10.2010 00:09:40 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 
 
Error - 29.10.2010 06:25:15 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv07
 
Error - 29.10.2010 06:26:05 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description = 
 
 
< End of report >
         
--- --- ---

Alt 30.10.2010, 20:29   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
starker Viren befall in letzter Zeit - Standard

starker Viren befall in letzter Zeit



Das OTL-Log ist rel. unauffällig. Fixen würde ich da so erstmal nichts.
Hattest Du noch weitere Funde bekommen in der Zwischenzeit?

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 30.10.2010, 21:34   #6
Sven2010
 
starker Viren befall in letzter Zeit - Standard

starker Viren befall in letzter Zeit



Nein in letzter Zeit is es ruhig...

Aber mein PC ist total langsam geworden.

...!

Alt 31.10.2010, 12:01   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
starker Viren befall in letzter Zeit - Standard

starker Viren befall in letzter Zeit



http://www.trojaner-board.de/71631-p...samer-tun.html
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu starker Viren befall in letzter Zeit
32-bit, ad-aware, adobe, adobe updater, antivir, avg, avg free, avira, bho, components, defender, desktop, excel, firefox, google, hijack, hijackthis, internet, internet explorer, microsoft office 2003, mozilla, object, performance, programdata, registry, rundll, security, software, system, syswow64, viren, windows



Ähnliche Themen: starker Viren befall in letzter Zeit


  1. Win 7, PUP.Optional.DVDVideoSoftTB.A gefunden, Rechner in letzter Zeit langsamer geworden
    Log-Analyse und Auswertung - 17.09.2014 (16)
  2. PC in letzter Zeit langsam, evtl Viren
    Log-Analyse und Auswertung - 31.08.2014 (19)
  3. Windows 7 - PC in letzter Zeit langsam geworden, FPS-Einbrüche im Spiel
    Log-Analyse und Auswertung - 03.08.2014 (16)
  4. Windos 8.1: Ping in letzter Zeit konstant auf 503ms
    Log-Analyse und Auswertung - 12.06.2014 (6)
  5. PC ist in letzter Zeit sehr langsam geworden // Virenverdacht,Festplattenfehler
    Plagegeister aller Art und deren Bekämpfung - 14.03.2014 (15)
  6. (cracky) PC wurde langsamer in letzter zeit
    Mülltonne - 08.01.2014 (10)
  7. Windows 7: Rechner und Internet in letzter Zeit langsam
    Plagegeister aller Art und deren Bekämpfung - 27.09.2013 (10)
  8. Leistung in letzter Zeit schwach, Virus?
    Plagegeister aller Art und deren Bekämpfung - 15.01.2013 (23)
  9. Starker W32/Murofet.A Befall auf dem Server
    Plagegeister aller Art und deren Bekämpfung - 01.06.2011 (4)
  10. Cpu leistung konstanz 100% seit letzter Zeit
    Log-Analyse und Auswertung - 26.04.2011 (1)
  11. finde mit AntiVir in letzter Zeit dauernd Viren!
    Plagegeister aller Art und deren Bekämpfung - 26.04.2011 (8)
  12. viele Viren/Trojaner-Funde in letzter Zeit
    Plagegeister aller Art und deren Bekämpfung - 09.03.2011 (18)
  13. Mein Fire Fox gibt in Letzter Zeit immer diese Meldung aus
    Plagegeister aller Art und deren Bekämpfung - 18.03.2009 (8)
  14. Mein PC ist in letzter zeit relativ lahm
    Log-Analyse und Auswertung - 04.03.2009 (11)
  15. PC spinnt total in letzter zeit
    Plagegeister aller Art und deren Bekämpfung - 20.07.2008 (0)
  16. Mein PC ist in letzter Zeit recht langsam. Viren- und Trojanerbefall?
    Plagegeister aller Art und deren Bekämpfung - 02.06.2008 (8)
  17. Dubiose Emails in letzter Zeit
    Plagegeister aller Art und deren Bekämpfung - 06.05.2006 (3)

Zum Thema starker Viren befall in letzter Zeit - Hab starken Virenbefall in letzter Zeit, meist starke Viren und mein System ist anscheinend jetzt sehr Instabil und verlangsamt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:17:56, on - starker Viren befall in letzter Zeit...
Archiv
Du betrachtest: starker Viren befall in letzter Zeit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.