| |
| |||||||
Log-Analyse und Auswertung: starker Viren befall in letzter ZeitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.10.2010, 15:49
| #1 |
| |  starker Viren befall in letzter Zeit Hab starken Virenbefall in letzter Zeit, meist starke Viren und mein System ist anscheinend jetzt sehr Instabil und verlangsamt: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 08:17:56, on 10.08.2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\SysWOW64\rundll32.exe C:\Program Files (x86)\AVG\AVG9\avgtray.exe C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Ralink\Common\RaUI.exe C:\Program Files (x86)\Xfire\Xfire.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe C:\Users\Admin\Downloads\mbam_setup_1.46.exe C:\Users\Admin\AppData\Local\Temp\is-3U18U.tmp\mbam_setup_1.46.tmp C:\Users\Admin\Downloads\mbam_setup_1.46.exe C:\Users\Admin\AppData\Local\Temp\is-8J8RL.tmp\mbam_setup_1.46.tmp C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll R3 - URLSearchHook: (no name) - - (no file) R3 - URLSearchHook: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll O2 - BHO: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: SweetIM Toolbar Helper - {eee6c35c-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWow64\Msdxm6.ocx O3 - Toolbar: XfireXO Toolbar - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll O4 - HKLM\..\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe O4 - HKLM\..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [Steam] "d:\steam\steam.exe" -silent O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [EPSON Stylus DX4400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE /FU "C:\Windows\TEMP\E_S3803.tmp" /EF "HKCU" O4 - HKCU\..\Run: [WallpaperCam] C:\Program Files (x86)\Wallpaper Cam\WallPaperCam.exe /d40 O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup O4 - HKCU\..\Run: [Configuring] rundll32.exe C:\Users\Admin\AppData\Local\Temp\7889688.txt,W O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST') O4 - Startup: CurseClientStartup.ccip O4 - Startup: Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files (x86)\Ralink\Common\RaUI.exe O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe O23 - Service: Ralink Registry Writer 64 (RalinkRegistryWriter64) - Ralink Technology, Corp. - C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: SearchAnonymizer - Unknown owner - C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12540 Dann habe ich noch folgenden Scan von BitDefender: QuickScan Beta 32-bit v0.9.9.50 ------------------------------- Scan date: Wed Oct 27 16:41:37 2010 Machine ID: 3E68E262 No infection found. ------------------- Processes --------- (verified) Ad-Aware Tray Application 4812 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (verified) AntiVir Desktop 7152 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (verified) AVG IDS 6492 C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (verified) AVG Internet Security 7084 C:\Program Files (x86)\AVG\AVG10\avgtray.exe (verified) Betriebssystem Microsoft® Windows® 6432 C:\Windows\SysWOW64\rundll32.exe (verified) Creative Volume Control 6680 C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (verified) Firefox 5732 C:\Program Files (x86)\Mozilla Firefox\firefox.exe (verified) Firefox 3016 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (verified) Java(TM) Platform SE Auto Updater 2 0 6860 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (verified) RaUI Application 6460 C:\Program Files (x86)\Ralink\Common\RaUI.exe (verified) Xfire 6888 C:\Program Files (x86)\Xfire\Xfire.exe Autoruns and critical files --------------------------- (unsigned) Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (unsigned) PCSpeedScan C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (verified) P17Run Endpoints Dynamic Link Library C:\Windows\system32\P17RunE.dll (verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (verified) Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (verified) Adobe Systems, Inc. Adobe Gamma Loader C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (verified) Adobe Updater C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe (verified) Alcohol Soft Development Team C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (verified) AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (verified) Autorun Application G:\autorun.exe (verified) AVG Internet Security C:\Program Files (x86)\AVG\AVG10\avgtray.exe (verified) Betriebssystem Microsoft® Windows® C:\Program Files\Windows Sidebar\sidebar.exe (verified) Betriebssystem Microsoft® Windows® C:\Windows\Speech\Common\sapisvr.exe (verified) Betriebssystem Microsoft® Windows® c:\windows\system32\userinit.exe (verified) Creative Updreg C:\Windows\UpdReg.EXE (verified) Creative Volume Control C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (verified) EPSON Status Monitor 3 C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICAE.EXE (verified) GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (verified) Java(TM) Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (verified) RaUI Application C:\Program Files (x86)\Ralink\Common\RaUI.exe (verified) SDNotify(en) C:\Program Files (x86)\SDClock\SDNotify.exe (verified) start.exe F:\start.exe (verified) Steam d:\steam\steam.exe (verified) Uniblue Launcher C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (verified) Xfire C:\Program Files (x86)\Xfire\Xfire.exe Browser plugins --------------- (unsigned) FireShot C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll (unsigned) FireShot for Internet Explorer C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll (unsigned) fireshot-install.exe C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe (unsigned) frozen.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (unsigned) googletoolbar-ff2.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll (unsigned) googletoolbar-ff3.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll (unsigned) googletoolbarloader.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll (unsigned) Java(TM) Platform SE 6 U22 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (verified) AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll (verified) Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll (verified) Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe (verified) AntiVir Desktop C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (verified) AVG Internet Security c:\program files (x86)\avg\avg10\avgssie.dll (verified) Betriebssystem Microsoft® Windows® C:\Windows\System32\mswsock.dll (verified) Betriebssystem Microsoft® Windows® C:\Windows\system32\napinsp.dll (verified) Betriebssystem Microsoft® Windows® C:\Windows\system32\pnrpnsp.dll (verified) BitDefender QuickScan C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll (verified) BitDefender QuickScan C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (verified) DirectShow c:\windows\syswow64\msdxm6.ocx (verified) FFExternalAlert.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\FFExternalAlert.dll (verified) Google Toolbar for Internet Explorer c:\program files (x86)\google\google toolbar\googletoolbar_32.dll (verified) Google Update C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll (verified) GoogleToolbarNotifier c:\program files (x86)\google\googletoolbarnotifier\5.6.5805.1910\swg.dll (verified) ICQ C:\Program Files (x86)\ICQ7.2\ICQ.exe (verified) ICQToolBar c:\program files (x86)\icq6toolbar\icqtoolbar.dll (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe (verified) InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll (verified) Java Deployment Toolkit 6.0.220.4 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll (verified) Java(TM) Platform SE 6 U22 c:\program files (x86)\java\jre6\bin\jp2ssv.dll (verified) Microsoft Office 2003 C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll (verified) Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll (verified) nppdf32.DEU C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.DEU (verified) NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll (verified) RadioWMPCore.dll C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components\RadioWMPCore.dll (verified) Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll (verified) SweetIM Toolbar for Internet Explorer c:\program files (x86)\sweetim\toolbars\internet explorer\mghelper.dll (verified) SweetIM Toolbar for Internet Explorer c:\program files (x86)\sweetim\toolbars\internet explorer\mgtoolbarie.dll (verified) Windows Live® Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll Missing files ------------- File not found: C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe -m --> HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Performance Center" --> HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"Performance Center" File not found: c:\program files (x86)\xfirexo\tbxfir.dll --> HKCR\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\InprocServer32\"(default)" --> HKCR\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\InprocServer32\"(default)" --> HKCR\CLSID\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\InprocServer32\"(default)" Scan ---- (unsigned) MD5: b402c87856832a908d162c43c56b8333 C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (unsigned) MD5: 9ac78d384ce632bf4b5c73d5231ce17e C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (unsigned) MD5: 8c05c68fedfcbf400093a0e232315bc2 C:\Program Files (x86)\Avira\AntiVir Desktop\ccgenrc.dll (unsigned) MD5: 86e162677d131e5fa32fb2bff60cfd05 C:\Program Files (x86)\Avira\AntiVir Desktop\ccgrdrc.dll (unsigned) MD5: d17e73d08d3f9bf86778ca32bafea292 C:\Program Files (x86)\Avira\AntiVir Desktop\cclicrc.dll (unsigned) MD5: 05be6a994e936dc58ee3940e0bb46e70 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmainrc.dll (unsigned) MD5: a7af0c0d9cd0c9efc8929c64008a0193 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmgrdrc.dll (unsigned) MD5: 339b2db238a59554a6e45fe00c155fe3 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmguard.dll (unsigned) MD5: d201762816e297d0eed3b7cf00d64c93 C:\Program Files (x86)\Avira\AntiVir Desktop\ccmsgrc.dll (unsigned) MD5: 6bb82348cc5c8d0ac51090f2bf7e0a92 C:\Program Files (x86)\Avira\AntiVir Desktop\ccupdrc.dll (unsigned) MD5: 0e6646ac36256ab3f3af8069cefcd8a8 C:\Program Files (x86)\Avira\AntiVir Desktop\ccwgrd.dll (unsigned) MD5: ac5b7ad060844b1bf3bddf624f68a545 C:\Program Files (x86)\Avira\AntiVir Desktop\ccwgrdrc.dll (unsigned) MD5: d41a02871f992a2c47b84a95c2a78b40 C:\Program Files (x86)\Avira\AntiVir Desktop\ccwgrdw.dll (unsigned) MD5: ad045e1cb3fea867df40dd1622f1eef9 C:\Program Files (x86)\Avira\AntiVir Desktop\rcimage.dll (unsigned) MD5: 87e8f577cd2d3b08270893b6d12d3464 C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.crl (unsigned) MD5: 69cdba2b9c397e349a04fa70dd9170a2 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (unsigned) MD5: 8084668d40e5eb157839c5519e533541 C:\Program Files (x86)\Creative\Shared Files\CTIniF.dll (unsigned) MD5: ec046688c85011435dc8071eba02f833 C:\Program Files (x86)\Creative\Shared Files\CtrlSrc.dll (unsigned) MD5: eeb43b761b01f7668a466a1439e4d675 C:\Program Files (x86)\Creative\Shared Files\CTTheme.dll (unsigned) MD5: ebf4c4557fbfea9ccf642abd5a239471 C:\Program Files (x86)\Creative\Shared Files\GDICtrl.skc (unsigned) MD5: 1602eecc8b71bda0947134871a5a1478 C:\Program Files (x86)\Creative\Shared Files\GDICtrl3.skc (unsigned) MD5: 4dd881b1918d195682ea7e696000d342 C:\Program Files (x86)\Creative\Shared Files\MxLib.dll (unsigned) MD5: 3ed8e561044723c6039a8a20a3ae60cc C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (unsigned) MD5: c98fb0239d4a50328cf2f8a6e54681db C:\Program Files (x86)\Mozilla Firefox\freebl3.dll (unsigned) MD5: e709a3a583103005702d5341f3cba5d7 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll (unsigned) MD5: cce32ecd46bba2eb94ff5d305a6700f3 C:\Program Files (x86)\Mozilla Firefox\softokn3.dll (unsigned) MD5: daf473a146a3d77b4e26c1f809997329 C:\Program Files (x86)\Ralink\Common\CiscoEapFast.dll (unsigned) MD5: 654de714db500f5aec66c3fbc8d25a43 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-install.exe (unsigned) MD5: 4cd6aec48561460c3b97f0ef3e0b636c C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\FSAddin.dll (unsigned) MD5: 63f70c127c8794c6a2f236fd5bd7bb53 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\SSS.dll (unsigned) MD5: 0a69406d3cf3747ab528ace7739ac46d C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll (unsigned) MD5: e5b02bb0c6ea7cd4607b49c7be4db5b0 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll (unsigned) MD5: 288cc8a1f9ca886a3555da06dbae6144 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll (unsigned) MD5: ad7ec854e30b632bcdd7dee6a3ab4077 C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll (unsigned) MD5: f4bd8926afb3b2067f2bd210032ec3be C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe (unsigned) MD5: 0421441fbf668c7e72eeb658b04aa8c7 C:\Windows\SysWOW64\APOMngr.DLL (unsigned) MD5: 45f681a6de7ccd2e2cc3bae71fc1cb51 C:\Windows\SysWOW64\CmdRtr.DLL No file uploaded. Scan finished - communication took 2 sec Total traffic - 0.03 MB sent, 0.42 KB recvd Scanned 635 files and modules - 20 seconds ============================================================================== Viren habe ich laut Avira Premium, AVG 2011 und Ad-Aware nicht mehr darauf. Ich hoffe die Viren haben nicht all zu große Schäden hinterlassen. MfG Sven PS: Gerade: 27.10 17.10 folgenden Virus im AVG Ordner entdeckt (avira): (FEHLALARM) Typ: Datei Quelle: C:\ProgramData\avg9\update\backup\avgui.exe Status: Infiziert Quarantäne-Objekt: 49bee160.qua Wiederhergestellt: NEIN Zu Avira hochgeladen: NEIN Betriebssystem: Windows 2000/XP/VISTA Workstation Suchengine: 8.02.04.84 Virendefinitionsdatei: 7.10.13.49 Meldung: Ist das Trojanische Pferd TR/Spy.ZBot.JP Datum/Uhrzeit: 27.10.2010, 17:06 (FEHLALARM) oder doch nicht? NAch weiteren Scans in der Quarantäne wurde aus dem Virus nur noch eine Verdächtige Datei. Nach dem wiederherrstellen scännte ich erneut, diesmal keine Infektion! 17:38 Ad-Aware hat folgende datei als sehr gefährlich und als eine Bedrohung eingestuft. Die Datei habe ich in Quarantäne verschoben: Win32.Adware.Ascentive/A (c:\windows\syswow64\asccontest.dll) Geändert von Sven2010 (27.10.2010 um 16:40 Uhr) Grund: Neue Informationen |
|
28.10.2010, 20:49
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  starker Viren befall in letzter Zeit Hallo und
__________________ Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
29.10.2010, 17:38
| #3 |
| | starker Viren befall in letzter Zeit Malwarebytes' Anti-Malware 1.46
__________________www.malwarebytes.org Datenbank Version: 4964 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 29.10.2010 18:35:27 mbam-log-2010-10-29 (18-35-27).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|I:\|J:\|K:\|) Durchsuchte Objekte: 337242 Laufzeit: 33 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\Admin\Downloads\AA3DeployInstaller.exe (Trojan.Dropper) -> No action taken. Die Dateil war eine Istallationsdatei eines Spieles. Meine anderen Antiviren haben nichts gefunden, somit bin ich verunsichert, den OTL poste ich gleich! |
|
29.10.2010, 17:58
| #4 |
| | starker Viren befall in letzter Zeit OTL Logfile: Code:
ATTFilter OTL logfile created on: 29.10.2010 18:39:19 - Run 5 OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Admin\Downloads\Programme 64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free 8,00 Gb Paging File | 4,00 Gb Available in Paging File | 47,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,90 Gb Total Space | 51,84 Gb Free Space | 34,58% Space Free | Partition Type: NTFS Drive D: | 390,76 Gb Total Space | 312,12 Gb Free Space | 79,88% Space Free | Partition Type: NTFS Drive E: | 390,76 Gb Total Space | 253,38 Gb Free Space | 64,84% Space Free | Partition Type: NTFS Drive F: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive G: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\AppData\Local\Apps\2.0\ZNH5DCZR.VT0\QHAZLHKD.D8W\aa3d..tion_38b9e60664ffaf59_0001.0002_554fd5a80c861f64\AA3Deploy.exe (Pragmatic Solution Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Admin\Downloads\Programme\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Program Files (x86)\Uniblue\RegistryBooster\rbmonitor.exe (Uniblue Systems Limited) PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe () PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\avgam.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) PRC - C:\Program Files (x86)\Ralink\Common\RaUI.exe (Ralink Technology, Corp.) PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) PRC - C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) ========== Modules (SafeList) ========== MOD - C:\Users\Admin\Downloads\Programme\OTL.exe (OldTimer Tools) MOD - C:\Program Files (x86)\SweetIM\Messenger\mgAdaptersProxy.dll (SweetIM Technologies Ltd.) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files (x86)\SweetIM\Messenger\MSVCR71.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (SDClockService) -- C:\Windows\SysNative\SDClockService.exe (BlueCosmos(kt)) SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira GmbH) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (avgfws) -- C:\Program Files (x86)\AVG\AVG10\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs) SRV - (SearchAnonymizer) -- C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe () SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare) SRV - (RalinkRegistryWriter64) -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe (Ralink Technology, Corp.) SRV - (RalinkRegistryWriter) -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe (Ralink Technology, Corp.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd) SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software) ========== Driver Services (SafeList) ========== DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB) DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\drivers\bdfsfltr.sys (BitDefender) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (acedrv07) -- C:\Windows\SysNative\drivers\acedrv07.sys () DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.) DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab) DRV:64bit: - (TcUsb) -- C:\Windows\SysNative\drivers\tcusb.sys (UPEK Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys () DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys () DRV:64bit: - (hxctlflt) -- C:\Windows\SysNative\drivers\hxctlflt.sys (Guillemot Corporation) DRV:64bit: - (AmdTools64) -- C:\Windows\SysNative\drivers\AmdTools64.sys (AMD, Inc.) DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.) DRV:64bit: - (ATITool) -- C:\Windows\SysNative\drivers\ATITool64.sys () DRV - (Lavasoft Kernexplorer) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys () DRV - (speedfan) -- C:\Windows\SysWOW64\speedfan.sys (Windows (R) Server 2003 DDK provider) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h;t;t;p;:;/;/;h;o;m;e;.;s;w;e;e;t;i;m;.;c;o;m; IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.hiergehtslos.de IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\URLSearchHook: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll File not found IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKU\S-1-5-21-96592108-3296164111-614215933-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.sweetim.com/search.asp?src=2&q=" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {5e5ab302-7f65-44cd-8211-c1d4caaccea3}:2.7.1.3 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1 FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.50 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1151 FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.0 FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4 FF - prefs.js..keyword.URL: "hxxp://de.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_de&p=" FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010.10.26 12:46:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.10.28 16:52:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.10.28 16:52:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010.07.23 16:24:13 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2010.05.06 11:40:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2010.05.06 11:40:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.10.29 16:13:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions [2010.10.12 16:08:01 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2010.09.12 12:06:27 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.06.22 15:36:32 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} [2010.06.16 13:49:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.27 17:19:34 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9} [2010.10.27 15:57:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2010.10.29 13:53:17 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.10.10 19:09:42 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB} [2010.09.23 06:22:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\d85esxis.default\extensions\personas@christopher.beard [2010.06.16 13:57:17 | 000,001,150 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\icqplugin.xml [2010.10.29 13:53:07 | 000,003,915 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\sweetim.xml [2010.06.16 13:57:17 | 000,002,152 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\{45D37331-AAFB-4DC3-ACCB-ECEE65A45E48}.xml [2010.06.16 13:57:17 | 000,001,834 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\{9608EFAC-9926-4BDB-B86A-F0E40D384B19}.xml [2010.06.16 13:57:17 | 000,002,041 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\FireFox\Profiles\d85esxis.default\searchplugins\{DC613617-F408-4D2C-BD26-3F2CDD3258BC}.xml [2010.10.29 17:58:02 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions [2010.06.12 15:35:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.08.03 11:36:40 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.10.29 17:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.10.29 17:57:56 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2010.10.26 19:15:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.26 19:15:32 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.26 19:15:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.26 19:15:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.26 19:15:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll (Google Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.) O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (XfireXO Toolbar) - {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - C:\Program Files (x86)\XfireXO\tbXfir.dll File not found O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3:64bit: - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\Toolbar\WebBrowser: (XfireXO Toolbar) - {5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - C:\Program Files (x86)\XfireXO\tbXfir.dll File not found O3 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {eee6c35b-6118-11dc-9c72-001320c79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [CamserviceOG] C:\Program Files (x86)\Hercules\Deluxe Optical Glass\XtrCtrl.exe (Guillemot Corporation S.A.) O4:64bit: - HKLM..\Run: [Ocs_SM] C:\Users\Admin\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe () O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [CTSysVol] C:\Program Files (x86)\Creative\SBAudigy\Surround Mixer\CTSysVol.exe (Creative Technology Ltd) O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.) O4 - HKLM..\Run: [PC SpeedScan Pro] C:\Program Files (x86)\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Ascentive LLC) O4 - HKLM..\Run: [Performance Center] C:\Program Files (x86)\Ascentive\Performance Center\ApcMain.exe File not found O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SweetIM] C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated) O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team) O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [EPSON Stylus DX4400 Series] C:\Windows\SysWow64\spool\DRIVERS\x64\3\E_IATICAE.EXE File not found O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [RegistryBooster] C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited) O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [Steam] d:\steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-96592108-3296164111-614215933-1000..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk = C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1 O7 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira GmbH) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - Reg Error: Key error. File not found O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\Windows\SysWOW64\Msdxm6.ocx (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\psfus: DllName - Reg Error: Key error. - C:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.10.12 13:42:53 | 000,000,000 | R--D | M] - F:\AutoPlay -- [ UDF ] O32 - AutoRun File - [2008.04.11 19:52:28 | 002,404,352 | R--- | M] () - F:\autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.11.06 18:33:09 | 000,000,043 | R--- | M] () - F:\Autorun.inf -- [ UDF ] O32 - AutoRun File - [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) - G:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2008.10.11 19:03:48 | 000,000,054 | R--- | M] () - G:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{e8a12876-5df3-11df-bf94-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{e8a12876-5df3-11df-bf94-806e6f6e6963}\Shell\AutoRun\command - "" = G:\Autorun.exe -- [2008.11.15 11:52:50 | 000,161,088 | R--- | M] (Take-Two Interactive Software, Inc.) O33 - MountPoints2\{fe46c094-5387-11df-930c-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fe46c094-5387-11df-930c-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Start.exe -- [2006.01.10 15:49:24 | 000,492,032 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (lsdelete) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Programme (x86)\AVG\AVG10\avgchsva.exe File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Programme (x86)\AVG\AVG10\avgrsa.exe File not found O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.10.29 17:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010.10.29 17:58:00 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.10.29 17:58:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.10.29 17:58:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.10.29 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010.10.29 15:53:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\AA3DeployClient [2010.10.29 15:53:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AA3DeployClient [2010.10.28 17:55:10 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\BitDefender [2010.10.28 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\BitDefender [2010.10.28 17:54:15 | 000,388,168 | ---- | C] (BitDefender) -- C:\Windows\SysNative\drivers\bdfsfltr.sys [2010.10.25 15:50:32 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Games for Windows - LIVE Demos [2010.10.25 14:05:01 | 000,036,864 | ---- | C] (CIPL) -- C:\Windows\SysWow64\ascbalon.dll [2010.10.25 14:05:01 | 000,020,480 | ---- | C] (Ascentive LLC) -- C:\Windows\SysWow64\SysRestore.dll [2010.10.25 13:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ascentive [2010.10.25 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Uniblue [2010.10.25 13:35:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Uniblue [2010.10.19 14:28:48 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2010.10.15 13:23:57 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll [2010.10.15 13:23:57 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll [2010.10.15 13:23:55 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll [2010.10.15 13:23:49 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll [2010.10.15 13:23:46 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll [2010.10.15 13:23:45 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2010.10.15 13:23:44 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll [2010.10.15 13:23:43 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll [2010.10.15 13:23:43 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll [2010.10.15 13:23:34 | 000,702,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2010.10.15 13:23:33 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll [2010.10.15 13:23:33 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2010.10.15 13:23:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll [2010.10.15 13:23:33 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll [2010.10.15 13:23:32 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec [2010.10.15 13:23:32 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec [2010.10.15 13:23:32 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll [2010.10.15 13:23:32 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2010.10.15 13:23:32 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll [2010.10.15 13:23:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2010.10.15 13:23:32 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2010.10.15 13:23:32 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe [2010.10.15 13:23:32 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe [2010.10.15 13:23:20 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll [2010.10.15 13:23:19 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll [2010.10.15 13:23:18 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL [2010.10.15 13:23:18 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL [2010.10.15 13:23:17 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll [2010.10.14 13:20:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab [2010.10.13 17:12:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWiSHzone.com [2010.10.12 16:11:15 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\FireShot [2010.10.12 16:03:55 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Updater [2010.10.12 16:03:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe Systems [2010.10.12 16:02:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe Systems Shared [2010.10.12 16:01:22 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe PDF [2010.10.11 18:13:59 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\vlc [2010.10.11 18:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2010.10.11 16:38:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\ArcaniA - Gothic 4 Demo [2010.10.11 16:38:01 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll [2010.10.11 16:38:01 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll [2010.10.11 16:38:01 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll [2010.10.11 16:38:01 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll [2010.10.11 16:38:01 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll [2010.10.11 16:38:01 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll [2010.10.11 16:38:00 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll [2010.10.11 16:38:00 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll [2010.10.11 16:38:00 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll [2010.10.11 16:38:00 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll [2010.10.11 16:38:00 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll [2010.10.11 16:38:00 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll [2010.10.11 16:38:00 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll [2010.10.11 16:38:00 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll [2010.10.11 16:37:59 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll [2010.10.11 16:37:59 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_43.dll [2010.10.11 16:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation [2010.10.11 16:32:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JoWooD Entertainment AG [2010.10.09 14:25:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\MeinSpore-Kreationen [2010.10.09 14:25:31 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\SPORE [2010.10.09 07:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010.10.09 07:50:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2010.10.05 17:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Alcohol Soft [2010.10.04 19:06:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Avira [2010.10.04 19:05:16 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.10.04 19:05:16 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.10.04 19:05:16 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.10.04 19:05:16 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.10.04 19:05:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2010.10.04 19:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2010.10.04 18:51:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan [2010.10.04 18:51:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Security Task Manager [2010.10.04 18:26:36 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK2.dll [2010.10.04 18:26:36 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EpPicPrt.dll [2010.10.04 18:26:36 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICEntry.dll [2010.10.04 18:26:36 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\PICSDK.dll [2010.10.04 18:26:36 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysWow64\EPPicMgr.dll [2010.10.04 18:19:28 | 000,129,536 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMCAE.DLL [2010.10.04 18:19:28 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBCAE.DLL [2010.10.04 18:19:25 | 000,000,000 | ---D | C] -- C:\Programme\EPSON [2010.10.04 17:38:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Makro_Corporation [2010.10.03 17:20:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BAT 2 EXE 1 [2010.10.03 16:39:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Makro [2010.10.02 16:29:48 | 000,000,000 | ---D | C] -- C:\#Virus Maker [2010.10.02 12:39:45 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2010.10.02 11:04:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG10 [2010.10.02 10:54:49 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2010.10.02 10:53:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG10 [2010.10.02 10:53:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG [2010.10.02 10:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010.10.01 19:35:49 | 000,036,864 | ---- | C] (BlueCosmos(kt)) -- C:\Windows\SysNative\SDClockService.exe [2010.10.01 19:33:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDClock [2010.10.01 18:29:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\QuickScan ========== Files - Modified Within 30 Days ========== [2010.10.29 18:14:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010.10.29 17:57:55 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll [2010.10.29 17:57:55 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe [2010.10.29 17:57:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe [2010.10.29 17:57:55 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe [2010.10.29 16:10:09 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Local\prvlcl.dat [2010.10.29 15:53:44 | 000,000,316 | ---- | M] () -- C:\Users\Admin\Desktop\AA3Deploy.appref-ms [2010.10.29 13:05:58 | 000,022,639 | ---- | M] () -- C:\Users\Admin\AppData\Local\backup.vtp [2010.10.29 12:32:19 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010.10.29 12:32:19 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010.10.29 12:24:14 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010.10.29 12:24:07 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job [2010.10.29 12:23:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.10.29 12:23:42 | 3214,188,544 | -HS- | M] () -- C:\hiberfil.sys [2010.10.29 06:10:29 | 097,961,613 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2010.10.28 17:56:18 | 000,027,440 | ---- | M] () -- C:\ProgramData\bdinstall.bin [2010.10.28 17:11:38 | 000,000,344 | ---- | M] () -- C:\Users\Admin\Documents\Patti.dat [2010.10.28 15:12:49 | 001,611,160 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010.10.28 15:12:49 | 000,698,044 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2010.10.28 15:12:49 | 000,652,026 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010.10.28 15:12:49 | 000,148,100 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2010.10.28 15:12:49 | 000,120,958 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010.10.27 17:43:43 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010.10.25 13:35:05 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\RegistryBooster.lnk [2010.10.23 19:03:30 | 000,625,796 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm [2010.10.16 14:52:01 | 000,001,486 | ---- | M] () -- C:\Users\Admin\Desktop\SpeedSim - Verknüpfung.lnk [2010.10.15 18:06:18 | 000,356,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2010.10.12 16:01:24 | 000,001,291 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2010.10.11 16:35:45 | 000,001,361 | ---- | M] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4 Demo.lnk [2010.10.11 14:56:27 | 000,330,606 | ---- | M] () -- C:\Users\Admin\Documents\vlc-record-2010-10-11-14h56m06s-doncamp.mp3-.mp3 [2010.10.11 14:56:03 | 000,349,832 | ---- | M] () -- C:\Users\Admin\Documents\vlc-record-2010-10-11-14h55m41s-doncamp.mp3-.mp3 [2010.10.10 15:16:19 | 000,000,355 | ---- | M] () -- C:\Users\Admin\Desktop\Arbeitsplatz.lnk [2010.10.09 14:20:15 | 000,000,190 | ---- | M] () -- C:\Users\Admin\Desktop\SPORE™.lnk [2010.10.06 17:27:03 | 000,025,600 | ---- | M] () -- C:\Users\Admin\Documents\Der Arbeitstag ist lang und schwer 2.doc [2010.10.06 15:22:33 | 000,026,112 | ---- | M] () -- C:\Users\Admin\Documents\Der Arbeitstag ist lang und schwer.doc [2010.10.05 17:51:13 | 000,018,929 | ---- | M] () -- C:\Windows\War3Unin.dat [2010.10.05 17:42:39 | 000,001,176 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2010.10.05 16:38:52 | 000,868,848 | ---- | M] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.10.05 06:58:53 | 001,591,958 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.05 06:24:28 | 000,000,000 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2010.10.04 19:04:03 | 000,116,568 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2010.10.04 19:04:03 | 000,017,016 | ---- | M] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys [2010.10.04 19:04:02 | 000,081,072 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2010.10.04 19:04:02 | 000,051,992 | ---- | M] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys [2010.10.04 18:18:52 | 000,000,027 | ---- | M] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2010.10.03 17:21:25 | 000,000,197 | ---- | M] () -- C:\Windows\bat2exe.INI [2010.10.03 17:20:04 | 000,080,896 | ---- | M] () -- C:\Windows\cadkasdeinst01.exe [2010.10.03 17:20:04 | 000,001,019 | ---- | M] () -- C:\Users\Admin\Desktop\BAT 2 EXE 1.0.lnk [2010.10.03 16:39:22 | 000,001,015 | ---- | M] () -- C:\Users\Admin\Desktop\E-Mail Spam 2.0.lnk [2010.10.03 16:38:38 | 000,516,096 | ---- | M] () -- C:\Windows\iwexec.exe [2010.10.02 10:54:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\incavi.avm [2010.10.02 10:54:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavifw.avm [2010.10.02 10:54:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\avg\iavichjw.avm [2010.10.01 19:35:50 | 000,005,012 | ---- | M] () -- C:\Windows\SysNative\SDClockService.InstallState [2010.10.01 19:33:32 | 000,001,012 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDNotify.lnk ========== Files Created - No Company Name ========== [2010.10.29 15:53:44 | 000,000,316 | ---- | C] () -- C:\Users\Admin\Desktop\AA3Deploy.appref-ms [2010.10.29 06:10:29 | 097,961,613 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2010.10.28 17:54:06 | 000,027,440 | ---- | C] () -- C:\ProgramData\bdinstall.bin [2010.10.28 17:11:38 | 000,000,344 | ---- | C] () -- C:\Users\Admin\Documents\Patti.dat [2010.10.25 14:05:01 | 000,307,200 | ---- | C] () -- C:\Windows\SysWow64\AscSQLite.dll [2010.10.25 13:35:10 | 000,000,344 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job [2010.10.25 13:35:05 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\RegistryBooster.lnk [2010.10.23 19:03:30 | 000,625,796 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm [2010.10.16 14:52:01 | 000,001,486 | ---- | C] () -- C:\Users\Admin\Desktop\SpeedSim - Verknüpfung.lnk [2010.10.14 13:56:19 | 000,000,000 | ---- | C] () -- C:\Users\Admin\Sti_Trace.log [2010.10.12 16:01:24 | 000,001,291 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2010.10.11 16:35:45 | 000,001,361 | ---- | C] () -- C:\Users\Public\Desktop\ArcaniA - Gothic 4 Demo.lnk [2010.10.11 14:56:27 | 000,330,606 | ---- | C] () -- C:\Users\Admin\Documents\vlc-record-2010-10-11-14h56m06s-doncamp.mp3-.mp3 [2010.10.11 14:56:03 | 000,349,832 | ---- | C] () -- C:\Users\Admin\Documents\vlc-record-2010-10-11-14h55m41s-doncamp.mp3-.mp3 [2010.10.10 15:16:19 | 000,000,355 | ---- | C] () -- C:\Users\Admin\Desktop\Arbeitsplatz.lnk [2010.10.09 14:20:15 | 000,000,190 | ---- | C] () -- C:\Users\Admin\Desktop\SPORE™.lnk [2010.10.06 16:54:11 | 000,025,600 | ---- | C] () -- C:\Users\Admin\Documents\Der Arbeitstag ist lang und schwer 2.doc [2010.10.05 17:42:39 | 000,001,176 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk [2010.10.05 17:23:14 | 000,026,112 | ---- | C] () -- C:\Users\Admin\Documents\Der Arbeitstag ist lang und schwer.doc [2010.10.05 16:38:50 | 000,868,848 | ---- | C] () -- C:\Windows\SysNative\drivers\sptd.sys [2010.10.05 16:19:26 | 001,359,360 | ---- | C] () -- C:\Users\Admin\Desktop\#Virus Maker.exe [2010.10.05 06:24:28 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip [2010.10.04 18:26:36 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2010.10.04 18:26:36 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2010.10.04 18:26:36 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2010.10.04 18:26:36 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2010.10.04 18:26:36 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2010.10.04 18:26:36 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2010.10.04 18:26:36 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2010.10.04 18:26:36 | 000,013,732 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_EN.cfg [2010.10.04 18:26:36 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2010.10.04 18:26:36 | 000,006,442 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_IT.cfg [2010.10.04 18:26:36 | 000,006,335 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_GE.cfg [2010.10.04 18:26:36 | 000,006,103 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_ES.cfg [2010.10.04 18:26:36 | 000,005,817 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_KO.cfg [2010.10.04 18:26:36 | 000,005,436 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_SC.cfg [2010.10.04 18:26:36 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2010.10.04 18:26:36 | 000,002,889 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_RU.cfg [2010.10.04 18:26:36 | 000,002,426 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_TC.cfg [2010.10.04 18:26:36 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2010.10.04 18:26:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2010.10.04 18:26:36 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2010.10.04 18:26:36 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2010.10.04 18:26:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2010.10.04 18:26:36 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2010.10.04 18:26:36 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2010.10.04 18:26:36 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2010.10.04 18:26:36 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2010.10.04 18:26:36 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2010.10.04 18:26:35 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_PT.cfg [2010.10.04 18:26:35 | 000,006,347 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_BP.cfg [2010.10.04 18:26:35 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_FR.cfg [2010.10.04 18:26:35 | 000,006,195 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_CF.cfg [2010.10.04 18:26:35 | 000,006,122 | ---- | C] () -- C:\Windows\SysWow64\EPPICLocal_DU.cfg [2010.10.04 18:18:52 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX4400DEFGIPS.ini [2010.10.03 17:21:25 | 000,000,197 | ---- | C] () -- C:\Windows\bat2exe.INI [2010.10.03 17:20:04 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2010.10.03 17:20:04 | 000,001,019 | ---- | C] () -- C:\Users\Admin\Desktop\BAT 2 EXE 1.0.lnk [2010.10.03 16:39:22 | 000,516,096 | ---- | C] () -- C:\Windows\iwexec.exe [2010.10.03 16:39:22 | 000,001,015 | ---- | C] () -- C:\Users\Admin\Desktop\E-Mail Spam 2.0.lnk [2010.10.02 10:54:39 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010.10.01 19:35:50 | 000,005,012 | ---- | C] () -- C:\Windows\SysNative\SDClockService.InstallState [2010.10.01 19:33:32 | 000,001,012 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SDNotify.lnk [2010.08.28 10:38:19 | 000,015,144 | ---- | C] () -- C:\Windows\SysWow64\HWLMSET2PS.dll [2010.08.26 09:13:34 | 000,022,639 | ---- | C] () -- C:\Users\Admin\AppData\Local\backup.vtp [2010.08.03 17:39:50 | 001,591,958 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.07.12 14:09:48 | 000,000,516 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini [2010.07.12 14:09:48 | 000,000,072 | ---- | C] () -- C:\Windows\SysWow64\RaCertMgr.ini [2010.07.12 14:09:47 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll [2010.07.09 21:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll [2010.06.19 12:32:29 | 000,005,103 | ---- | C] () -- C:\ProgramData\xqkcebzs.dik [2010.06.19 12:25:06 | 000,033,280 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.06.14 17:39:27 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.06.04 16:09:37 | 000,000,000 | ---- | C] () -- C:\Users\Admin\AppData\Local\prvlcl.dat [2010.05.24 17:46:19 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\Gif89.dll [2010.05.23 13:53:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2010.05.19 17:25:53 | 000,000,040 | ---- | C] () -- C:\ProgramData\ra3.ini [2010.05.07 20:09:45 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll [2010.05.05 07:06:59 | 000,020,816 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\UserTile.png [2010.04.30 11:52:51 | 000,003,972 | ---- | C] () -- C:\Windows\SysWow64\drivers\PciBus.sys [2010.04.29 16:22:58 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL [2010.04.29 16:22:58 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL [2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2008.11.13 14:07:24 | 000,002,177 | ---- | C] () -- C:\Windows\P17EP.ini [2007.12.04 13:20:30 | 000,001,489 | ---- | C] () -- C:\Windows\P17EP51.ini [2007.06.07 13:25:42 | 000,001,578 | ---- | C] () -- C:\Windows\P17EPLS.ini [2006.05.19 09:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini [2003.02.20 17:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\SysWow64\OUTLPERF.INI ========== Alternate Data Streams ========== @Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:0B4227B4 < End of report > 2. Logfile: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 29.10.2010 18:39:19 - Run 5
OTL by OldTimer - Version 3.2.17.1 Folder = C:\Users\Admin\Downloads\Programme
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 33,00% Memory free
8,00 Gb Paging File | 4,00 Gb Available in Paging File | 47,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149,90 Gb Total Space | 51,84 Gb Free Space | 34,58% Space Free | Partition Type: NTFS
Drive D: | 390,76 Gb Total Space | 312,12 Gb Free Space | 79,88% Space Free | Partition Type: NTFS
Drive E: | 390,76 Gb Total Space | 253,38 Gb Free Space | 64,84% Space Free | Partition Type: NTFS
Drive F: | 7,34 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 7,03 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{140587DE-51BE-45DA-838D-CD594C88B691}" = AVG 2011
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{319B58E8-4C80-4912-8EA7-24A9658120C6}" = AVG 2011
"{453464E5-2B99-43CA-9C0E-FD1A6C76C792}" = Protector Suite 2009.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{576A97E3-1A79-6215-49DE-AA358AF47420}" = ATI Catalyst Install Manager
"{5BF8A577-B334-49BE-A7B2-349C1F1B0C58}" = AVG 2011
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{778C8673-1A90-45DD-91E8-33FD0202E9E2}" = AVG 2011
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A019FB54-F9D4-42BE-937D-5A4B9A36428D}" = AVG 2011
"{AF51A2B6-3AAF-46C5-36A7-0E78B2D23E3E}" = ccc-utility64
"{BE748D49-9B5F-4D69-ABF1-A891C95CAB4A}" = AVG 2011
"{E6456858-8C0C-35CE-96B8-AFFCD205C9FC}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2011
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"SearchAnonymizer" = SearchAnonymizer
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{024FDD4C-B4EE-4CFC-696F-9A36B3BE4D41}" = Catalyst Control Center Graphics Previews Vista
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05BC432D-819E-86AF-74A9-0622CAD08767}" = Catalyst Control Center Graphics Previews Common
"{0A477437-2307-018D-3F3A-AFBDE1D4FF7A}" = Catalyst Control Center HydraVision Full
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}" = Sound Blaster Audigy
"{1D301950-EA2F-4882-9AA0-49467756842A}" = SweetIM for Messenger 3.3
"{1E869B1A-FE19-4519-B9AE-EF383A7C00E4}" = FOCMapEditor
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot 3
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3C2739CB-9E0F-8E06-F315-25F9E9AB2763}" = CCC Help English
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{43FC4C9A-9D17-9CAB-FA69-6588AFA5A1B2}" = Catalyst Control Center Core Implementation
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{786C5747-0C40-4930-9AFE-113BCE553101}" = Adobe Stock Photos 1.0
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{828CFF5D-054C-D04A-3CB1-0788828CA236}" = Catalyst Control Center Graphics Light
"{82A5E136-23E4-4BD3-938C-8DC490B59F92}" = PC SpeedScan Pro
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{85B0B11F-7EA3-D9DE-BB18-1B52CE1A3E3B}" = Catalyst Control Center Graphics Full Existing
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9EEA0ED5-CB59-2F06-84A7-3F7B241521B8}" = Catalyst Control Center InstallProxy
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A842BCF9-824C-4100-9430-CF061FDE495F}" = Makro
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.0 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B69F28DF-CBB1-41B7-008A-210E4D0518FC}" = Harry Potter und der Orden des Phönix™
"{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{C3C44248-B8F7-4B20-A5C7-994870B60F55}" = Hercules Webcam Station Evolution SE
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DB6823F8-490F-46ED-9778-F1B2DD9032E5}" = Hama WLAN USB Stick
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DF9B7D24-4C6E-C773-3E58-D2FEF49ADD74}" = ccc-core-static
"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster
"{E6F043EB-FEF5-4C34-95AF-99B3EB68F7D9}" = Hercules Deluxe Optical Glass
"{E9787678-119F-4D52-B551-6739B2B22101}" = Adobe Help Center 1.0
"{EAD931B5-129D-2A7E-9FD2-522BF504EAF4}" = Catalyst Control Center Graphics Full New
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EF3E420F-2DCF-4C24-8E37-896801901031}" = Nero 7 Essentials
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F93D2591-8201-4692-BD8D-67A0BFAC9C14}" = SweetIM Toolbar for Internet Explorer 3.9
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Public Beta 2.0.3
"7-Zip" = 7-Zip 4.65
"AbAlarm_is1" = AbAlarm
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-2E257A25E34D}" = Adobe Photoshop CS2
"ALchemy" = Creative ALchemy
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"AudioCS" = Creative Audio-Systemsteuerung
"Avira AntiVir Desktop" = Avira AntiVir Premium
"BAT 2 EXE 1" = BAT 2 EXE 1
"Cheat Engine 5.6.1_is1" = Cheat Engine 5.6.1
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"CX4300_5500_DX4400 Handbuch" = CX4300_5500_DX4400 Handbuch
"Drakensang_TRoT_is1" = Drakensang - Am Fluss der Zeit
"EA Download Manager" = EA Download Manager
"elveon's Texturepatch_is1" = elveon's Texturepatch v1.4
"Empire at War Forces of Corruption Mappack" = Empire at War Forces of Corruption Mappack 6.00
"EPSON Scanner" = EPSON Scan
"Fraps" = Fraps (remove only)
"Gothic II" = Gothic II
"heroes in the sky" = heroes in the sky
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LameACM" = Lame ACM MP3 Codec
"LeechFTP" = LeechFTP MP3 CODE
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.7
"MegaTrainer XL_is1" = MegaTrainer XL V1.5.8.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"Mozilla Thunderbird (3.0.6)" = Mozilla Thunderbird (3.0.6)
"PC-AUS 2.00" = PC-AUS 2.00
"Risen - My Life De" = Risen - My Life De
"SDClock_is1" = SDClock
"Security Task Manager" = Security Task Manager 1.7i
"SpeedFan" = SpeedFan (remove only)
"Steam App 34030" = Napoleon: Total War
"Steam App 35110" = Just Cause 2 Demo
"VLC media player" = VLC media player 1.1.4
"Warcraft III" = Warcraft III
"WaveStudio 7" = Creative WaveStudio 7
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Xfire" = Xfire (remove only)
"XfireXO Toolbar" = XfireXO Toolbar
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-96592108-3296164111-614215933-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"2a4f70b48f669acd" = AA3Deploy
"FileZilla Client" = FileZilla Client 3.3.4.1
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 27.10.2010 11:44:30 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 27.10.2010 11:44:31 | Computer Name = Admin-PC | Source = MsiInstaller | ID = 1013
Description =
Error - 28.10.2010 09:08:48 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 28.10.2010 10:52:35 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 28.10.2010 11:54:34 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 29.10.2010 00:16:28 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 29.10.2010 06:24:23 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 29.10.2010 07:52:22 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Admin\Downloads\Programme\SoftonicDownloader_fuer_warcraft-iii-reign-of-chaos.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
Error - 29.10.2010 09:53:47 | Computer Name = Admin-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 29.10.2010 10:31:29 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 1.9.2.3951 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: ce8 Startzeit:
01cb77736d060e5c Endzeit: 3 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID:
34ef2396-e369-11df-bc45-e0cb4e933385
[ Media Center Events ]
Error - 04.06.2010 08:42:50 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:42:50 - Fehler beim Herstellen der Internetverbindung. 14:42:50
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2010 08:17:24 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:17:24 - Fehler beim Herstellen der Internetverbindung. 14:17:24
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2010 08:17:32 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:17:29 - Fehler beim Herstellen der Internetverbindung. 14:17:29
- Serververbindung konnte nicht hergestellt werden..
Error - 05.06.2010 09:23:21 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:23:03 - MCESpotlight konnte nicht abgerufen werden (Fehler: Timeout
für Vorgang überschritten)
Error - 06.06.2010 08:22:20 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:22:20 - Fehler beim Herstellen der Internetverbindung. 14:22:20
- Serververbindung konnte nicht hergestellt werden..
Error - 06.06.2010 08:22:30 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 14:22:27 - Fehler beim Herstellen der Internetverbindung. 14:22:27
- Serververbindung konnte nicht hergestellt werden..
Error - 06.06.2010 09:22:40 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:22:40 - Fehler beim Herstellen der Internetverbindung. 15:22:40
- Serververbindung konnte nicht hergestellt werden..
Error - 06.06.2010 09:22:48 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 15:22:45 - Fehler beim Herstellen der Internetverbindung. 15:22:45
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2010 00:11:13 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 06:11:12 - Fehler beim Herstellen der Internetverbindung. 06:11:12
- Serververbindung konnte nicht hergestellt werden..
Error - 13.07.2010 06:16:56 | Computer Name = Admin-PC | Source = MCUpdate | ID = 0
Description = 12:16:56 - Fehler beim Herstellen der Internetverbindung. 12:16:56
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 28.10.2010 10:00:17 | Computer Name = Admin-PC | Source = bowser | ID = 8003
Description =
Error - 28.10.2010 10:49:06 | Computer Name = Admin-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?10.?2010 um 16:47:56 unerwartet heruntergefahren.
Error - 28.10.2010 10:51:21 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error - 28.10.2010 10:52:10 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
Error - 28.10.2010 10:52:22 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
Error - 28.10.2010 11:06:56 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
Error - 29.10.2010 00:07:36 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error - 29.10.2010 00:09:40 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
Error - 29.10.2010 06:25:15 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv07
Error - 29.10.2010 06:26:05 | Computer Name = Admin-PC | Source = ipnathlp | ID = 31004
Description =
< End of report >
|
|
30.10.2010, 20:29
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | starker Viren befall in letzter Zeit Das OTL-Log ist rel. unauffällig. Fixen würde ich da so erstmal nichts. Hattest Du noch weitere Funde bekommen in der Zwischenzeit?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
30.10.2010, 21:34
| #6 |
| | starker Viren befall in letzter Zeit Nein in letzter Zeit is es ruhig... Aber mein PC ist total langsam geworden. ...! |
|
31.10.2010, 13:01
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | starker Viren befall in letzter Zeit
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu starker Viren befall in letzter Zeit |
| 32-bit, ad-aware, adobe, adobe updater, antivir, avg, avg free, avira, bho, components, defender, desktop, excel, firefox, google, hijack, hijackthis, internet, internet explorer, microsoft office 2003, mozilla, object, performance, plug-in, programdata, registry, rundll, security, software, system, syswow64, viren, windows |
