Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows aus Sicherheitsgründen deaktiviert. (https://www.trojaner-board.de/109791-windows-sicherheitsgruenden-deaktiviert.html)

Fabiaan 13.02.2012 14:18
Windows aus Sicherheitsgründen deaktiviert.
 
Hallo Trojaner Bord

Ich hoffe ich bin hier mit meinem Problem richtig.
Allerdings weiß ich nicht was Loggfiles sind.

Zu meinem Problem Mein Windows wurde aus Sicherheitsgründen deaktiviert und die wollen 50 euro von mir. Hab mir natürlich alles im Forum durchgelesen und OLT.exe mehrmals laufen gelassen, danach bereinigt, den neustart durchgeführt und zack wieder das gleiche Problem, muss übermorgen beruflich 600 km in den süden und bitte um schnelle Hilfe.

markusg 13.02.2012 14:19
hi,
und was steht denn immer ganz deutlich bei den otl scripts, nicht auf andere pcs anwenden...
also bitte neustart, f8 drücken, abgesicherter modus mit netzwerk wählen.
in infiziertem konto anmelden.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Fabiaan 13.02.2012 14:41
ich hoffe das war so richtig
OTL Logfile:
Code:
OTL logfile created on: 13.02.2012 14:32:32 - Run 1
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Fabian\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,26 Gb Available Physical Memory | 81,64% Memory free
8,16 Gb Paging File | 7,58 Gb Available in Paging File | 92,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,16 Gb Total Space | 45,01 Gb Free Space | 31,66% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 11,26 Gb Free Space | 7,92% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.13 14:32:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.06.22 10:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009.11.11 15:29:14 | 000,202,752 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.28 13:17:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.19 13:31:08 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.28 09:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.08.04 17:56:08 | 000,111,936 | ---- | M] (Broadcom Corp.) [Auto | Stopped] -- C:\Programme\Broadcom\BACS\BPowMon.exe -- (BPowMon)
SRV - [2008.07.27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 03:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.28 13:17:42 | 000,123,784 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 13:17:42 | 000,088,288 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.03 11:08:41 | 000,069,376 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.08.07 09:40:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.08.07 09:39:59 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.07.16 17:40:33 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.08 19:19:34 | 000,135,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 18:53:26 | 000,117,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.11 16:02:12 | 006,104,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.05.25 10:49:06 | 000,145,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.05.25 10:49:06 | 000,128,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009.05.25 10:49:06 | 000,034,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.05.25 10:49:04 | 000,152,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009.05.25 10:49:04 | 000,132,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.05.25 10:49:04 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009.05.25 10:49:00 | 000,113,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.17 15:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008.10.08 08:42:40 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hidshim.sys -- (hidshim)
DRV:64bit: - [2008.10.08 08:42:38 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV:64bit: - [2008.09.19 16:43:58 | 000,068,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008.08.26 10:26:02 | 000,185,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008.07.20 16:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.06.25 15:39:02 | 000,252,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008.01.21 03:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 03:46:05 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008.01.21 03:46:05 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008.01.21 03:46:05 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2007.10.19 14:33:00 | 000,024,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\modrc.sys -- (MODRC)
DRV - [2012.02.12 16:42:37 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2008.09.30 08:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008.08.04 17:56:00 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Programme\Broadcom\BACS\BASFND.sys -- (BASFND)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Fabian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.07 14:42:01 | 000,000,000 | ---D | M]
 
[2010.11.21 16:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2012.02.09 19:47:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions
[2011.03.27 11:59:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.09 07:26:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.29 16:50:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.09 19:47:20 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\plugin@yontoo.com
[2012.02.09 20:07:47 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-1.xml
[2011.08.17 17:44:16 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-2.xml
[2011.09.01 08:49:39 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-3.xml
[2011.09.07 13:43:15 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-4.xml
[2011.09.28 17:52:09 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-5.xml
[2011.11.13 12:21:16 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-6.xml
[2011.12.23 15:03:50 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-7.xml
[2012.02.07 13:37:57 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-8.xml
[2012.02.07 14:42:40 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin.xml
[2012.02.07 14:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.12 14:45:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.13 10:24:30 | 000,000,925 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1 serial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 www.alcohol-soft.com
O1 - Hosts: 127.0.0.1 images.alcohol-soft.com
O1 - Hosts: 127.0.0.1 trial.alcohol-soft.com
O1 - Hosts: 127.0.0.1 alcohol-soft.com
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Fabian\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [PMCLoader] C:\Program Files (x86)\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
O4 - HKCU..\Run: [PMCRemote]  File not found
O4 - HKCU..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BBCDEB4-DB32-4673-B6FB-B07DB2C251F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D803FA02-CDB7-431D-A983-822FDF2B9E8E}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Bayern\P1010030.JPG
O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Bayern\P1010030.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1697cc86-d253-11e0-9d2c-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{1697cc86-d253-11e0-9d2c-001f16b801cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1697cc89-d253-11e0-9d2c-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{1697cc89-d253-11e0-9d2c-001f16b801cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{1697cc95-d253-11e0-9d2c-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{1697cc95-d253-11e0-9d2c-001f16b801cc}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{37605440-c36a-11e0-8546-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{37605440-c36a-11e0-8546-001f16b801cc}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{37605447-c36a-11e0-8546-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{37605447-c36a-11e0-8546-001f16b801cc}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{38c7aeba-d46e-11e0-a8d6-001e656fe2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{38c7aeba-d46e-11e0-a8d6-001e656fe2e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3dfff952-f3f1-11e0-9853-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{3dfff952-f3f1-11e0-9853-806e6f6e6963}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{48e70505-7ef9-11df-8fd5-86bf14a3f32b}\Shell - "" = AutoRun
O33 - MountPoints2\{48e70505-7ef9-11df-8fd5-86bf14a3f32b}\Shell\AutoRun\command - "" = G:\setup.exe AUTORUN=1
O33 - MountPoints2\{5fb873fa-d398-11e0-b206-001e656fe2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{5fb873fa-d398-11e0-b206-001e656fe2e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{5fb8740f-d398-11e0-b206-001e656fe2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{5fb8740f-d398-11e0-b206-001e656fe2e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{8eb600d5-880e-11df-94e6-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{8eb600d5-880e-11df-94e6-001f16b801cc}\Shell\AutoRun\command - "" = F:\Startme.exe
O33 - MountPoints2\{92c3bed4-be85-11e0-9ef3-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{92c3bed4-be85-11e0-9ef3-001f16b801cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{92c3bef3-be85-11e0-9ef3-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{92c3bef3-be85-11e0-9ef3-001f16b801cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{92c3befe-be85-11e0-9ef3-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{92c3befe-be85-11e0-9ef3-001f16b801cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{b432d430-cfa2-11e0-af2c-001e656fe2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{b432d430-cfa2-11e0-af2c-001e656fe2e2}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{b432d442-cfa2-11e0-af2c-001e656fe2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{b432d442-cfa2-11e0-af2c-001e656fe2e2}\Shell\AutoRun\command - "" = G:\StartVMCLite.exe
O33 - MountPoints2\{beb0ea86-d849-11e0-828d-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{beb0ea86-d849-11e0-828d-001f16b801cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{beb0ea88-d849-11e0-828d-001f16b801cc}\Shell - "" = AutoRun
O33 - MountPoints2\{beb0ea88-d849-11e0-828d-001f16b801cc}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff4fb352-c35b-11e0-9626-001e656fe2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{ff4fb352-c35b-11e0-9626-001e656fe2e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{ff4fb361-c35b-11e0-9626-001e656fe2e2}\Shell - "" = AutoRun
O33 - MountPoints2\{ff4fb361-c35b-11e0-9626-001e656fe2e2}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setup.exe AUTORUN=1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.13 14:32:00 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.02.13 13:11:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.02.12 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.02.12 16:42:26 | 000,163,644 | ---- | C] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2012.02.09 19:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012.02.09 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.02.09 19:47:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Tarma Installer
[2012.02.09 19:46:16 | 001,161,112 | ---- | C] (Double Simple LLC) -- C:\Users\Fabian\Desktop\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe
[2012.02.07 14:41:11 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\OnCue - Cant Wait (DatPiff.com)
[2012.02.03 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1auf die fresse elektro
[2012.01.31 15:22:00 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Snoop Dogg and Wiz Khalifa – Mac And Devin Go To High School (2011)
[2012.01.22 18:59:27 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\AVS4YOU
[2012.01.22 18:59:16 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.01.22 18:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.01.22 18:58:30 | 011,137,024 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\libmfxsw32.dll
[2012.01.22 18:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.01.22 18:57:44 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2012.01.22 18:57:44 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.01.22 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.01.22 18:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.13 14:32:32 | 001,698,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.13 14:32:32 | 000,722,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.13 14:32:32 | 000,675,012 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.13 14:32:32 | 000,166,646 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.13 14:32:32 | 000,136,092 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.13 14:32:02 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.02.13 14:28:21 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.13 14:28:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.13 14:07:02 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.02.13 14:05:55 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 14:04:55 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 14:04:55 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.13 14:04:45 | 000,231,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.13 13:11:26 | 000,000,732 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps64.dat
[2012.02.12 20:23:34 | 000,007,728 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2012.02.12 20:15:56 | 000,140,800 | ---- | M] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.12 19:25:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.12 18:25:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000UA.job
[2012.02.12 16:42:37 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2012.02.12 14:37:46 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.02.12 14:37:46 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.02.11 21:25:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000Core.job
[2012.02.09 19:48:23 | 000,000,646 | ---- | M] () -- C:\Users\Public\Desktop\UltraStar Deluxe spielen.lnk
[2012.02.09 19:47:15 | 001,161,112 | ---- | M] (Double Simple LLC) -- C:\Users\Fabian\Desktop\ezLookerSilent_DDD_FTT_BG_BD_BVD.exe
[2012.02.09 19:47:10 | 036,884,520 | ---- | M] () -- C:\Users\Fabian\Desktop\ultrastardx-1.1-installer-full.exe
[2012.02.08 17:36:58 | 000,000,000 | ---- | M] () -- C:\Users\Fabian\Documents\vlc-1.1.11-win32.exe
[2012.02.07 14:42:04 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.30 20:09:58 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.01.22 18:59:18 | 000,001,092 | ---- | M] () -- C:\Users\Fabian\Desktop\AVS4YOU Software Navigator.lnk
[2012.01.22 18:58:41 | 000,001,036 | ---- | M] () -- C:\Users\Fabian\Desktop\AVS Video Converter.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.13 13:45:51 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.09 19:48:23 | 000,000,646 | ---- | C] () -- C:\Users\Public\Desktop\UltraStar Deluxe spielen.lnk
[2012.02.09 19:46:16 | 036,884,520 | ---- | C] () -- C:\Users\Fabian\Desktop\ultrastardx-1.1-installer-full.exe
[2012.02.08 17:36:58 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\Documents\vlc-1.1.11-win32.exe
[2012.02.07 14:42:04 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.07 14:42:03 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.22 18:59:18 | 000,001,092 | ---- | C] () -- C:\Users\Fabian\Desktop\AVS4YOU Software Navigator.lnk
[2012.01.22 18:58:41 | 000,001,036 | ---- | C] () -- C:\Users\Fabian\Desktop\AVS Video Converter.lnk
[2012.01.22 18:39:09 | 1151,154,186 | ---- | C] () -- C:\Users\Fabian\Desktop\Paranormal.Activity.divx
[2011.04.30 01:43:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.30 01:43:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.22 15:28:55 | 000,201,488 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2011.04.22 15:28:55 | 000,144,144 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2011.04.22 15:28:55 | 000,141,584 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2011.04.22 15:28:55 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2011.04.22 15:28:55 | 000,033,040 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2011.01.15 11:08:51 | 000,007,728 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2011.01.04 11:42:18 | 001,585,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.27 14:51:52 | 000,899,677 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\UserTile.png
[2010.11.21 16:01:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.18 07:49:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.19 13:31:13 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.19 13:31:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.17 13:41:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.06.24 13:33:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.06.24 13:32:12 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.24 00:08:40 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2010.06.23 22:05:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.23 20:26:08 | 000,140,800 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.23 20:01:41 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2010.06.23 19:55:53 | 000,000,552 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d8caps.dat
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2010.06.23 19:35:49 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.06.23 18:29:50 | 000,000,732 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps64.dat
[2009.04.21 23:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.12.12 22:15:57 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008.12.12 22:15:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008.01.21 03:48:56 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2006.11.02 16:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >
--- --- ---

markusg 13.02.2012 14:49
passt.
weiter im abgesicherten modus mit netzwerk:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
  • Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
    Tool

    Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Hinweis:
    Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
  • Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

Fabiaan 13.02.2012 15:22
so

Combofix Logfile:
Code:
ComboFix 12-02-12.01 - Fabian 13.02.2012  15:01:05.1.2 - x64 NETWORK
Microsoft® Windows Vista™ Ultimate  6.0.6001.1.1252.49.1031.18.4090.3334 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Virenschutz *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setup.dll
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.dat
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe
c:\programdata\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.ico
c:\users\Fabian\AppData\Local\._Revolution_
c:\users\Fabian\AppData\Local\Mozilla\Firefox\firefox.exe
c:\users\Fabian\Documents\vlc-1.1.11-win32.exe
c:\windows\WindowsUpdate.log
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-13 bis 2012-02-13  ))))))))))))))))))))))))))))))
.
.
2012-02-13 14:07 . 2012-02-13 14:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-13 12:11 . 2012-02-13 12:11        --------        d-sh--w-        c:\programdata\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-02-12 19:07 . 2012-02-12 19:07        --------        d-----w-        c:\windows\system32\IO
2012-02-12 15:42 . 2012-02-12 15:42        163644        ----a-w-        c:\windows\SysWow64\drivers\SECDRV.SYS
2012-02-09 18:47 . 2012-02-09 18:47        --------        d-----w-        c:\program files (x86)\Yontoo
2012-02-07 13:42 . 2012-02-12 13:45        134104        ----a-w-        c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-02-07 13:42 . 2012-02-12 13:45        97240        ----a-w-        c:\program files (x86)\Mozilla Firefox\libEGL.dll
2012-02-07 13:42 . 2012-02-12 13:45        801752        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2012-02-07 13:42 . 2012-02-12 13:45        45016        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-07 13:42 . 2012-02-12 13:45        437208        ----a-w-        c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2012-02-07 13:42 . 2012-02-12 13:45        1911768        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozjs.dll
2012-02-07 13:42 . 2012-02-12 13:45        15832        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2012-02-07 13:42 . 2012-01-29 13:35        2106216        ----a-w-        c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2012-02-07 13:42 . 2012-01-29 13:35        1998168        ----a-w-        c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2012-02-07 13:42 . 2012-01-29 13:35        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-07 13:42 . 2012-01-29 13:35        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-07 13:42 . 2012-01-29 13:35        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-22 17:59 . 2012-01-22 17:59        --------        d-----w-        c:\users\Fabian\AppData\Roaming\AVS4YOU
2012-01-22 17:58 . 2011-09-16 15:05        11137024        ----a-w-        c:\windows\SysWow64\libmfxsw32.dll
2012-01-22 17:58 . 2012-01-22 17:59        --------        d-----w-        c:\program files (x86)\Common Files\AVSMedia
2012-01-22 17:57 . 2012-01-22 17:59        --------        d-----w-        c:\programdata\AVS4YOU
2012-01-22 17:57 . 2012-01-22 17:59        --------        d-----w-        c:\program files (x86)\AVS4YOU
2012-01-22 17:57 . 2011-08-22 15:33        1700352        ----a-w-        c:\windows\SysWow64\GdiPlus.dll
2012-01-22 17:57 . 2011-08-22 15:32        24576        ----a-w-        c:\windows\SysWow64\msxml3a.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-03 10:44 . 2011-12-03 10:44        404640        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 20:44        1400712        ----a-w-        c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-12-09 01:11        194848        ----a-w-        c:\program files (x86)\Yontoo\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2008-01-21 2153472]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe" [2009-02-24 203928]
"PMCLoader"="c:\program files (x86)\Pinnacle\TVCenter Pro\PMCLoader.exe" [2008-01-24 644368]
"ICQ"="c:\program files (x86)\ICQ7.5\ICQ.exe" [2011-08-01 124480]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 222128]
"Facebook Update"="c:\users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-09-12 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BkupTray"="c:\users\Fabian\AppData\Roaming\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-25 28672]
"eAudio"="c:\program files\Acer\Empowering Technology\eAudio\eAudio.exe" [2008-09-11 781824]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-11 98304]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Pinnacle Streaming Server.lnk - c:\program files (x86)\Pinnacle\Shared Files\Programs\StrmServer\StrmServer.exe [2007-12-3 599312]
web'n'walk Manager.lnk - c:\program files (x86)\T-Mobile\web'n'walk Manager\web'n'walk Manager.exe [2007-11-7 798720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-11 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000Core.job
- c:\users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 19:20]
.
2012-02-12 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000UA.job
- c:\users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-09-12 19:20]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 16:18]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-04 16:18]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-11-28 488448]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [2008-09-18 1833504]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://start.icq.com/
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files (x86)\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.3.1&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extentions.y2layers.installId - a1db9b39-48fd-4281-b287-d24c6e3b5088
FF - user.js: extentions.y2layers.defaultEnableAppsList - DropDownDeals,BestVideoDownloader,EzLooker,TwitTube,TopRelatedTopics,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
Wow6432Node-HKCU-Run-PMCRemote - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-ffdwnd - c:\users\Fabian\AppData\Local\Mozilla\Firefox\firefox.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-uTorrent - c:\program files (x86)\uTorrent\uTorrent.exe
AddRemove-{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA} - c:\program files (x86)\InstallShield Installation Information\{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}\Setup.exeUNINSTALL
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-4284006758-4131106128-3106105730-1000\Software\SecuROM\License information*]
"datasecu"=hex:ad,8a,0b,81,5d,1a,74,fd,ef,3d,3b,4e,10,c6,fd,aa,24,fa,34,e6,ff,
  39,a3,71,07,b5,6d,86,66,db,15,48,7f,27,6b,bd,b4,d4,f4,23,9e,f1,ec,5d,e9,cc,\
"rkeysecu"=hex:1d,c0,d2,9d,6a,e8,6f,c5,2e,24,66,23,90,ce,37,83
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\users\Fabian\AppData\Roaming\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
c:\program files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\users\Fabian\AppData\Roaming\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
c:\users\Fabian\AppData\Roaming\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-13  15:19:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-13 14:19
.
Vor Suchlauf: 13 Verzeichnis(se), 48.081.227.776 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 48.692.002.816 Bytes frei
.
- - End Of File - - E79D195AC75EA14BB624713FD70DBC93
--- --- ---

markusg 13.02.2012 16:07
hi,

besuche:
Trojaner-Board Upload Channel
und lade dort
C:\Windows\SysNative\userinit.exe
hoch, gib mir bescheid wenn das erledigt ist

Fabiaan 13.02.2012 17:05
Habs hochgeladen, wie schon in der Beschreibung C:\Windows\SysNative\userinit.exe war nicht vorhanden und ich hab ihm aus den SYSWOW64 hochgeladen.

markusg 13.02.2012 17:35
hi


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
 :Files
C:\Windows\SysNative\userinit.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.


Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Fabiaan 14.02.2012 12:24
Den nächsten schritt konnte ich nicht befolgen, da mein Windows nun wieder gesperrt wurde, war auf keiner Webseit ect, Windows lief auch ein paar Stunden super ohne Probleme und jetzt das gleiche Problem wieder :/

markusg 14.02.2012 12:38
dann erstelle neue otl logs.

Fabiaan 15.02.2012 15:34
dann nochmal von vorne :/OTL Logfile:
Code:
OTL logfile created on: 15.02.2012 15:31:07 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Fabian\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,27 Gb Available Physical Memory | 81,78% Memory free
8,22 Gb Paging File | 7,61 Gb Available in Paging File | 92,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,16 Gb Total Space | 65,26 Gb Free Space | 45,91% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 13,52 Gb Free Space | 9,51% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.15 15:22:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
PRC - [2011.06.22 10:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.09 11:59:08 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.11.11 15:29:14 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.09 11:59:08 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.28 13:17:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.19 13:31:08 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.28 09:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.08.04 17:56:08 | 000,111,936 | ---- | M] (Broadcom Corp.) [Auto | Stopped] -- C:\Programme\Broadcom\BACS\BPowMon.exe -- (BPowMon)
SRV - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 03:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.28 13:17:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 13:17:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.03 11:08:41 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.08.07 09:40:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.08.07 09:39:59 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.07.16 17:40:33 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.08 19:19:34 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 18:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.11 16:02:12 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.05.25 10:49:06 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.05.25 10:49:06 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009.05.25 10:49:06 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.05.25 10:49:04 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009.05.25 10:49:04 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.05.25 10:49:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009.05.25 10:49:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008.10.08 08:42:40 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hidshim.sys -- (hidshim)
DRV:64bit: - [2008.10.08 08:42:38 | 000,024,576 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV:64bit: - [2008.09.19 16:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008.08.26 10:26:02 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008.07.20 16:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.06.25 15:39:02 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008.01.21 03:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 03:46:05 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008.01.21 03:46:05 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008.01.21 03:46:05 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2007.12.11 01:05:38 | 000,630,528 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mod7700.sys -- (mod7700)
DRV:64bit: - [2007.10.19 14:33:00 | 000,024,200 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\modrc.sys -- (MODRC)
DRV - [2012.02.12 16:42:37 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.03.03 11:08:42 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2008.09.30 08:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008.08.04 17:56:00 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Programme\Broadcom\BACS\BASFND.sys -- (BASFND)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=240e99d1000000000000001e656fe2e2"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Fabian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.07 14:42:01 | 000,000,000 | ---D | M]
 
[2010.11.21 16:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2012.02.13 18:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions
[2011.03.27 11:59:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.09 07:26:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.29 16:50:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.13 18:07:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\ffxtlbr@babylon.com
[2012.02.09 19:47:20 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\plugin@yontoo.com
[2012.02.09 20:07:47 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-1.xml
[2011.08.17 17:44:16 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-2.xml
[2011.09.01 08:49:39 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-3.xml
[2011.09.07 13:43:15 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-4.xml
[2011.09.28 17:52:09 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-5.xml
[2011.11.13 12:21:16 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-6.xml
[2011.12.23 15:03:50 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-7.xml
[2012.02.07 13:37:57 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-8.xml
[2012.02.07 14:42:40 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin.xml
[2012.02.07 14:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.12 14:45:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 18:06:55 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.02.13 15:14:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Fabian\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O4 - HKCU..\Run: [PMCLoader] C:\Program Files (x86)\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BBCDEB4-DB32-4673-B6FB-B07DB2C251F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D803FA02-CDB7-431D-A983-822FDF2B9E8E}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\wallpaper_desktop_wallpaper_desktop_wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\wallpaper_desktop_wallpaper_desktop_wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.15 15:22:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.02.15 14:44:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012.02.15 14:44:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012.02.15 14:44:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012.02.15 14:44:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012.02.15 14:44:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012.02.15 14:44:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012.02.14 01:08:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.02.13 18:07:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Download
[2012.02.13 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Media Finder
[2012.02.13 18:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.02.13 18:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.13 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Babylon
[2012.02.13 18:06:52 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Babylon
[2012.02.13 18:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.13 17:24:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2012.02.13 17:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.13 17:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.13 17:24:42 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.13 17:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.13 17:13:09 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.13 17:13:09 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.13 15:41:50 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.13 15:41:50 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.13 15:41:50 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.13 15:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.02.13 15:40:49 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software
[2012.02.13 15:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.02.13 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.02.13 15:38:57 | 033,205,152 | ---- | C] (TuneUp Software) -- C:\Users\Fabian\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.02.13 15:19:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.02.13 15:14:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.02.13 14:57:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.13 13:11:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.02.12 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.02.09 19:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012.02.09 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.01.22 18:59:27 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\AVS4YOU
[2012.01.22 18:59:16 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.01.22 18:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.01.22 18:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.01.22 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.01.22 18:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.15 15:22:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.02.15 14:55:21 | 001,698,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.15 14:55:21 | 000,722,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.15 14:55:21 | 000,675,012 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.15 14:55:21 | 000,166,646 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.15 14:55:21 | 000,136,092 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.15 14:50:25 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.15 14:49:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.15 14:49:50 | 000,231,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 14:41:48 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.02.15 14:41:48 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.02.14 12:25:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000UA.job
[2012.02.14 12:19:12 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 12:19:12 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 01:05:36 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.02.14 01:03:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.14 01:03:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 21:25:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000Core.job
[2012.02.13 18:07:07 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.13 17:24:44 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 15:41:48 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.13 15:41:48 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.13 15:14:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.02.13 14:53:08 | 000,000,732 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps64.dat
[2012.02.13 13:08:56 | 033,205,152 | ---- | M] (TuneUp Software) -- C:\Users\Fabian\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.02.12 20:23:34 | 000,007,728 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2012.02.12 20:15:56 | 000,140,800 | ---- | M] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.09 11:59:10 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 11:59:08 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 11:59:06 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.07 14:42:04 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.30 20:09:58 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.01.22 18:59:18 | 000,001,092 | ---- | M] () -- C:\Users\Fabian\Desktop\AVS4YOU Software Navigator.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.15 14:40:09 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.13 18:07:05 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.13 17:24:44 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 15:41:48 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.13 15:41:48 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.13 15:41:47 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.02.07 14:42:04 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.07 14:42:03 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.22 18:59:18 | 000,001,092 | ---- | C] () -- C:\Users\Fabian\Desktop\AVS4YOU Software Navigator.lnk
[2011.04.30 01:43:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.30 01:43:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.22 15:28:55 | 000,201,488 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2011.04.22 15:28:55 | 000,144,144 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2011.04.22 15:28:55 | 000,141,584 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2011.04.22 15:28:55 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2011.04.22 15:28:55 | 000,033,040 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2011.03.15 18:55:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.03.15 18:54:34 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.03.15 18:54:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.01.15 11:08:51 | 000,007,728 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2011.01.04 11:42:18 | 001,585,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.27 14:51:52 | 000,899,677 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\UserTile.png
[2010.11.21 16:01:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.18 07:49:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.19 13:31:13 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.19 13:31:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.17 13:41:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.06.24 13:33:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.06.24 13:32:12 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.24 00:08:40 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2010.06.23 22:05:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.23 20:26:08 | 000,140,800 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.23 20:01:41 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2010.06.23 19:55:53 | 000,000,552 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d8caps.dat
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2010.06.23 19:35:49 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.06.23 18:29:50 | 000,000,732 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps64.dat
[2009.04.21 23:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.12.12 22:15:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.03.09 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Acreon
[2012.02.13 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Babylon
[2011.11.13 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft
[2011.03.29 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.27 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\GetRightToGo
[2012.01.31 15:26:58 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2012.02.13 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Media Finder
[2010.06.23 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\NewTech Infosystems
[2010.07.20 19:07:41 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OCS
[2010.07.20 19:07:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera
[2011.11.20 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SecondLife
[2011.01.04 12:01:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Software4u
[2010.08.17 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\thriXXX
[2011.12.10 13:47:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client
[2012.02.13 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software
[2010.11.24 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\uTorrent
[2010.06.25 09:12:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Warsow 0.5
[2012.02.15 14:50:25 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.02.13 21:25:01 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000Core.job
[2012.02.14 12:25:04 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000UA.job
[2012.02.14 01:01:58 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

Fabiaan 15.02.2012 15:36
dann nochmal von vorne:/OTL Logfile:
Code:
OTL logfile created on: 15.02.2012 15:31:07 - Run 2
OTL by OldTimer - Version 3.2.31.0    Folder = C:\Users\Fabian\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,27 Gb Available Physical Memory | 81,78% Memory free
8,22 Gb Paging File | 7,61 Gb Available in Paging File | 92,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,16 Gb Total Space | 65,26 Gb Free Space | 45,91% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 13,52 Gb Free Space | 9,51% Space Free | Partition Type: NTFS
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.15 15:22:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
PRC - [2011.06.22 10:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.09 11:59:08 | 000,035,648 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.11.11 15:29:14 | 000,202,752 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.09 11:59:08 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.28 13:17:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.19 13:31:08 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.03.30 05:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.28 09:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.08.04 17:56:08 | 000,111,936 | ---- | M] (Broadcom Corp.) [Auto | Stopped] -- C:\Programme\Broadcom\BACS\BPowMon.exe -- (BPowMon)
SRV - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 03:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.06.28 13:17:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 13:17:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.03 11:08:41 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.08.07 09:40:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.08.07 09:39:59 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.07.16 17:40:33 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.12.08 19:19:34 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 18:53:26 | 000,117,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.11 16:02:12 | 006,104,576 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.12 14:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.05.25 10:49:06 | 000,145,960 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.05.25 10:49:06 | 000,128,552 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009.05.25 10:49:06 | 000,034,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.05.25 10:49:04 | 000,152,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009.05.25 10:49:04 | 000,132,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.05.25 10:49:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009.05.25 10:49:00 | 000,113,704 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.17 15:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008.10.08 08:42:40 | 000,006,656 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hidshim.sys -- (hidshim)
DRV:64bit: - [2008.10.08 08:42:38 | 000,024,576 | ---- | M] (Nuvoton Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV:64bit: - [2008.09.19 16:43:58 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008.08.26 10:26:02 | 000,185,248 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008.07.20 16:44:54 | 000,402,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.06.25 15:39:02 | 000,252,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008.01.21 03:46:34 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 03:46:05 | 001,523,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008.01.21 03:46:05 | 000,724,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008.01.21 03:46:05 | 000,286,720 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2007.12.11 01:05:38 | 000,630,528 | ---- | M] (DiBcom SA) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\mod7700.sys -- (mod7700)
DRV:64bit: - [2007.10.19 14:33:00 | 000,024,200 | ---- | M] (DiBcom S.A.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\modrc.sys -- (MODRC)
DRV - [2012.02.12 16:42:37 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2011.03.03 11:08:42 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2008.09.30 08:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008.08.04 17:56:00 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Programme\Broadcom\BACS\BASFND.sys -- (BASFND)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Babylon Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&affID=110482&mntrId=240e99d1000000000000001e656fe2e2"
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.3.1
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Fabian\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.12 14:45:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.07 14:42:01 | 000,000,000 | ---D | M]
 
[2010.11.21 16:01:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2012.02.13 18:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions
[2011.03.27 11:59:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.09 07:26:08 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.03.29 16:50:56 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.13 18:07:02 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\ffxtlbr@babylon.com
[2012.02.09 19:47:20 | 000,000,000 | ---D | M] (Yontoo) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\2m96epyr.default\extensions\plugin@yontoo.com
[2012.02.09 20:07:47 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-1.xml
[2011.08.17 17:44:16 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-2.xml
[2011.09.01 08:49:39 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-3.xml
[2011.09.07 13:43:15 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-4.xml
[2011.09.28 17:52:09 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-5.xml
[2011.11.13 12:21:16 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-6.xml
[2011.12.23 15:03:50 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-7.xml
[2012.02.07 13:37:57 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-8.xml
[2012.02.07 14:42:40 | 000,000,950 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin-9.xml
[2011.03.30 14:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\2m96epyr.default\searchplugins\icqplugin.xml
[2012.02.07 14:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.12 14:45:10 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 18:06:55 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.02.13 15:14:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Fabian\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [ffdwnd] C:\Users\Fabian\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O4 - HKCU..\Run: [PMCLoader] C:\Program Files (x86)\Pinnacle\TVCenter Pro\PMCLoader.exe (Pinnacle Systems GmbH)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BBCDEB4-DB32-4673-B6FB-B07DB2C251F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D803FA02-CDB7-431D-A983-822FDF2B9E8E}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\wallpaper_desktop_wallpaper_desktop_wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\wallpaper_desktop_wallpaper_desktop_wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.15 15:22:55 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.02.15 14:44:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\vi-VN
[2012.02.15 14:44:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\eu-ES
[2012.02.15 14:44:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ca-ES
[2012.02.15 14:44:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\eu-ES
[2012.02.15 14:44:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\ca-ES
[2012.02.15 14:44:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\vi-VN
[2012.02.14 01:08:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.02.13 18:07:12 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Download
[2012.02.13 18:07:05 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Media Finder
[2012.02.13 18:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.02.13 18:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.13 18:06:53 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Babylon
[2012.02.13 18:06:52 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Babylon
[2012.02.13 18:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.13 17:24:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Malwarebytes
[2012.02.13 17:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.13 17:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.13 17:24:42 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.13 17:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.13 17:13:09 | 000,035,648 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.13 17:13:09 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.13 15:41:50 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.13 15:41:50 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.13 15:41:50 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.13 15:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.02.13 15:40:49 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software
[2012.02.13 15:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.02.13 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.02.13 15:38:57 | 033,205,152 | ---- | C] (TuneUp Software) -- C:\Users\Fabian\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.02.13 15:19:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.02.13 15:14:46 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.02.13 14:57:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.13 13:11:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.02.12 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.02.09 19:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012.02.09 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
[2012.01.22 18:59:27 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\AVS4YOU
[2012.01.22 18:59:16 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.01.22 18:58:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVS4YOU
[2012.01.22 18:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2012.01.22 18:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012.01.22 18:57:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.15 15:22:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2012.02.15 14:55:21 | 001,698,476 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.15 14:55:21 | 000,722,282 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.15 14:55:21 | 000,675,012 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.15 14:55:21 | 000,166,646 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.15 14:55:21 | 000,136,092 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.15 14:50:25 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.15 14:49:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.15 14:49:50 | 000,231,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.15 14:41:48 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.02.15 14:41:48 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.02.14 12:25:04 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000UA.job
[2012.02.14 12:19:12 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 12:19:12 | 000,004,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.14 01:05:36 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.02.14 01:03:05 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.14 01:03:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.13 21:25:01 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000Core.job
[2012.02.13 18:07:07 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.13 17:24:44 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 15:41:48 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.13 15:41:48 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.13 15:14:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.02.13 14:53:08 | 000,000,732 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps64.dat
[2012.02.13 13:08:56 | 033,205,152 | ---- | M] (TuneUp Software) -- C:\Users\Fabian\Desktop\TuneUpUtilities2012_de-DE.exe
[2012.02.12 20:23:34 | 000,007,728 | ---- | M] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2012.02.12 20:15:56 | 000,140,800 | ---- | M] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.09 11:59:10 | 000,034,624 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 11:59:08 | 000,035,648 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 11:59:06 | 000,025,920 | ---- | M] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.02.07 14:42:04 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.01.30 20:09:58 | 000,000,738 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2012.01.22 18:59:18 | 000,001,092 | ---- | M] () -- C:\Users\Fabian\Desktop\AVS4YOU Software Navigator.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.15 14:40:09 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.02.13 18:07:05 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.13 17:24:44 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 15:41:48 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.13 15:41:48 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.13 15:41:47 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.02.07 14:42:04 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.07 14:42:03 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.01.22 18:59:18 | 000,001,092 | ---- | C] () -- C:\Users\Fabian\Desktop\AVS4YOU Software Navigator.lnk
[2011.04.30 01:43:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.30 01:43:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.22 15:28:55 | 000,201,488 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2011.04.22 15:28:55 | 000,144,144 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2011.04.22 15:28:55 | 000,141,584 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2011.04.22 15:28:55 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2011.04.22 15:28:55 | 000,033,040 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2011.03.15 18:55:04 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2011.03.15 18:54:34 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2011.03.15 18:54:06 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2011.01.15 11:08:51 | 000,007,728 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2011.01.04 11:42:18 | 001,585,168 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.27 14:51:52 | 000,899,677 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\UserTile.png
[2010.11.21 16:01:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.18 07:49:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.19 13:31:13 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.19 13:31:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.17 13:41:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.06.24 13:33:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.06.24 13:32:12 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.24 00:08:40 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2010.06.23 22:05:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.23 20:26:08 | 000,140,800 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.23 20:01:41 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2010.06.23 19:55:53 | 000,000,552 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d8caps.dat
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2010.06.23 19:35:49 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe
[2010.06.23 18:29:50 | 000,000,732 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps64.dat
[2009.04.21 23:19:06 | 000,172,173 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2008.12.12 22:15:57 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008.01.21 03:49:10 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2006.11.02 16:35:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006.11.02 13:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006.11.02 13:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.11.02 10:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
 
========== LOP Check ==========
 
[2011.03.09 08:36:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Acreon
[2012.02.13 18:06:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Babylon
[2011.11.13 20:02:59 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoft
[2011.03.29 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.27 18:44:03 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\GetRightToGo
[2012.01.31 15:26:58 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2012.02.13 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Media Finder
[2010.06.23 19:42:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\NewTech Infosystems
[2010.07.20 19:07:41 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OCS
[2010.07.20 19:07:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera
[2011.11.20 00:03:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SecondLife
[2011.01.04 12:01:34 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Software4u
[2010.08.17 13:32:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\thriXXX
[2011.12.10 13:47:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client
[2012.02.13 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software
[2010.11.24 17:46:33 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\uTorrent
[2010.06.25 09:12:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Warsow 0.5
[2012.02.15 14:50:25 | 000,000,408 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2012.02.13 21:25:01 | 000,000,910 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000Core.job
[2012.02.14 12:25:04 | 000,000,932 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000UA.job
[2012.02.14 01:01:58 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

markusg 15.02.2012 16:14
hi
arbeite ausschließlich auf von mir genannten seiten, nirendwo anders.


dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user.
wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts.


• Starte bitte die OTL.exe
• Kopiere nun das Folgende in die Textbox.



Code:
:OTL
O4 - HKCU..\Run: [ffdwnd] C:\Users\Fabian\AppData\Local\Mozilla\Firefox\firefox.exe (Tomasz Pawlak)
 :Files
C:\Users\Fabian\AppData\Local\Mozilla\Firefox\firefox.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


• Schliesse bitte nun alle Programme.
• Klicke nun bitte auf den Fix Button.
• OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
• Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
starte in den normalen modus.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Fabiaan 03.03.2012 22:35
war jetzt beruflich im ausland und habe das gefühl das noch weniger an meinem laptop geht. ich glaub wir fangen nochmal vorne an und ich poste dir meine neusten otl file.OTL Logfile:
Code:
OTL logfile created on: 03.03.2012 22:22:04 - Run 2
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,08% Memory free
8,16 Gb Paging File | 7,58 Gb Available in Paging File | 92,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,16 Gb Total Space | 60,72 Gb Free Space | 42,71% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 18,18 Gb Free Space | 12,79% Space Free | Partition Type: NTFS
Drive E: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 7,45 Gb Total Space | 0,02 Gb Free Space | 0,30% Space Free | Partition Type: FAT32
 
Computer Name: FABIAN-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.28 18:07:08 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\otl.exe
PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.06.22 10:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.09 11:59:08 | 000,035,648 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.11.11 15:29:14 | 000,202,752 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.23 19:07:22 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.09 11:59:08 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.28 13:17:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.19 13:31:08 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.28 09:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.08.04 17:56:08 | 000,111,936 | ---- | M] (Broadcom Corp.) [Auto | Stopped] -- C:\Programme\Broadcom\BACS\BPowMon.exe -- (BPowMon)
SRV - [2008.07.27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 03:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.22 20:43:17 | 000,117,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011.06.28 13:17:42 | 000,123,784 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 13:17:42 | 000,088,288 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.03 11:08:41 | 000,069,376 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.08.07 09:40:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.08.07 09:39:59 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.07.16 17:40:33 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009.12.08 20:19:34 | 000,135,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.11 16:02:12 | 006,104,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.05.25 10:49:06 | 000,145,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.05.25 10:49:06 | 000,128,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009.05.25 10:49:06 | 000,034,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.05.25 10:49:04 | 000,152,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009.05.25 10:49:04 | 000,132,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.05.25 10:49:04 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009.05.25 10:49:00 | 000,113,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.17 15:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008.10.08 08:42:40 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hidshim.sys -- (hidshim)
DRV:64bit: - [2008.10.08 08:42:38 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV:64bit: - [2008.09.19 16:43:58 | 000,068,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008.08.26 10:26:02 | 000,185,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008.07.20 16:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.06.25 15:39:02 | 000,252,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008.01.21 03:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 03:46:05 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008.01.21 03:46:05 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008.01.21 03:46:05 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2007.10.19 14:33:00 | 000,024,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\modrc.sys -- (MODRC)
DRV - [2012.02.12 16:42:37 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.09.30 08:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008.08.04 17:56:00 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Programme\Broadcom\BACS\BASFND.sys -- (BASFND)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.19 18:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.07 14:42:01 | 000,000,000 | ---D | M]
 
[2012.02.07 14:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.19 18:35:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 18:06:55 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.03 22:15:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SkypeM] C:\Users\Administrator\AppData\Local\Skype\Skype.exe (Activision Blizzard, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BBCDEB4-DB32-4673-B6FB-B07DB2C251F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D803FA02-CDB7-431D-A983-822FDF2B9E8E}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.03 22:15:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.03 22:11:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.03.03 21:40:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.03 21:37:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.03 21:37:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.03 21:37:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.03 21:36:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.03 21:36:16 | 004,420,481 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012.03.03 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2012.03.03 19:35:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DivX
[2012.03.03 16:17:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.03 16:17:17 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\otl.exe
[2012.03.03 10:36:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2012.03.02 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2012.03.02 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012.02.28 18:27:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.02.28 18:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.02.27 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2012.02.27 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2012.02.27 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surf & E-Mail-Stick
[2012.02.27 17:17:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.02.26 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012.02.26 21:02:45 | 000,000,000 | ---D | C] -- C:\found.000
[2012.02.26 20:44:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012.02.26 19:27:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012.02.26 19:26:30 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.02.26 19:26:30 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012.02.26 19:26:30 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.02.26 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012.02.26 19:26:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten
[2012.02.26 19:25:00 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.02.26 19:25:00 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2012.02.26 19:25:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012.02.26 19:25:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012.02.26 19:25:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012.02.23 20:09:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.02.23 20:09:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.02.23 20:09:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.02.23 20:09:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.02.23 20:09:13 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.02.23 20:09:13 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.02.23 20:09:12 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.02.23 20:09:10 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.02.23 20:09:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.02.23 20:09:09 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.02.23 20:09:08 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.02.23 20:09:07 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012.02.23 20:09:07 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012.02.23 20:09:06 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012.02.23 20:09:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.02.23 20:09:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.02.23 20:09:04 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.02.23 20:09:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.02.23 20:09:03 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.02.23 20:09:03 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.02.23 20:09:02 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.02.23 20:09:01 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.02.23 20:09:01 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.02.23 20:09:00 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.02.23 20:09:00 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.02.23 20:08:59 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.02.23 20:08:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.02.23 20:08:59 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.02.23 20:08:58 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.02.23 20:08:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.02.23 20:08:56 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.02.23 20:08:56 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.02.23 20:08:56 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.02.23 20:08:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.02.23 20:08:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.02.23 20:08:54 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.02.23 20:08:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.02.23 20:08:52 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.02.23 20:08:52 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.02.23 20:08:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.02.23 20:08:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.02.23 20:08:50 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.02.23 20:08:50 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.02.23 20:08:49 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.02.23 20:08:48 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.02.23 20:08:47 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.02.23 20:08:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.02.23 20:08:46 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.02.23 20:08:45 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.02.23 20:08:43 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.02.23 20:08:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.02.23 20:08:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.02.23 20:08:41 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.02.23 20:08:41 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.02.23 20:08:40 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.02.23 20:08:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.02.23 20:08:39 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.02.23 20:08:39 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.02.23 20:08:38 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.02.23 20:08:37 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.02.23 20:08:37 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.02.23 20:08:36 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.02.23 20:08:35 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.02.23 20:08:35 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.02.23 20:08:34 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.02.23 20:08:33 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.02.23 20:08:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.02.23 20:08:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.02.23 20:08:31 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.02.23 20:08:31 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.02.23 20:08:30 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.02.23 20:08:30 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.02.23 20:08:29 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.02.23 20:08:29 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.02.23 20:08:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.02.23 20:08:22 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.02.23 20:08:22 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.02.23 20:08:21 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.02.23 20:08:20 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.02.23 20:08:19 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.02.23 20:08:18 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.02.23 20:08:16 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.02.23 20:08:15 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.02.22 20:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.02.22 20:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.02.22 20:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012.02.19 18:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2012.02.14 01:08:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.02.13 18:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.02.13 18:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.13 18:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.13 17:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.13 17:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.13 17:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.13 17:13:09 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.13 15:41:50 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.13 15:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.02.13 15:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.02.13 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.02.13 14:57:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.13 13:11:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.02.12 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.02.12 16:42:26 | 000,163,644 | ---- | C] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2012.02.09 19:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012.02.09 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.03 22:24:01 | 001,699,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.03 22:24:01 | 000,722,462 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.03 22:24:01 | 000,675,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.03 22:24:01 | 000,166,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.03 22:24:01 | 000,136,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.03 22:19:10 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.03 22:18:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.03 22:15:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.03 22:14:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.03 22:14:25 | 000,005,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 22:14:25 | 000,005,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 21:34:38 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012.03.03 20:41:09 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.03 20:41:09 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.03 19:38:17 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012.03.03 19:36:43 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.03.03 15:48:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\_
[2012.03.03 14:36:36 | 000,139,264 | ---- | M] () -- C:\Users\Administrator\Desktop\SystemLook.exe
[2012.03.03 13:09:54 | 000,231,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.02 22:25:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.02 21:25:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000UA.job
[2012.03.02 21:25:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000Core.job
[2012.02.28 19:45:00 | 000,000,732 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2012.02.28 18:07:08 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\otl.exe
[2012.02.27 20:41:02 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk
[2012.02.22 20:43:17 | 000,117,248 | ---- | M] () -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2012.02.22 20:04:49 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.02.20 07:54:11 | 536,919,264 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.19 18:48:18 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.02.19 18:21:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.02.19 18:21:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.02.15 16:13:44 | 001,682,560 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.13 18:07:07 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.13 17:24:44 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 15:41:48 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.13 15:41:48 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.12 16:42:37 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2012.02.09 11:59:10 | 000,034,624 | ---- | M] () -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 11:59:08 | 000,035,648 | ---- | M] () -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 11:59:06 | 000,025,920 | ---- | M] () -- C:\Windows\SysNative\authuitu.dll
[2012.02.07 14:42:04 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.03 22:19:10 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.03 21:37:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.03 21:37:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.03 21:37:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.03 21:37:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.03 21:37:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.03 15:48:59 | 000,000,027 | ---- | C] () -- C:\Windows\SysNative\_
[2012.03.03 14:36:28 | 000,139,264 | ---- | C] () -- C:\Users\Administrator\Desktop\SystemLook.exe
[2012.03.03 11:46:59 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012.02.28 19:45:00 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2012.02.27 20:41:02 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk
[2012.02.26 19:26:42 | 000,000,953 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.02.26 19:26:34 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.02.26 19:26:27 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.02.26 19:26:13 | 000,000,919 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.02.23 20:09:15 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2012.02.23 20:09:15 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.02.23 20:09:14 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2012.02.23 20:09:14 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.02.23 20:09:13 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2012.02.23 20:09:13 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2012.02.23 20:09:12 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.02.23 20:09:10 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.02.23 20:09:09 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2012.02.23 20:09:09 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2012.02.23 20:09:08 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2012.02.23 20:09:07 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012.02.23 20:09:07 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2012.02.23 20:09:06 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2012.02.23 20:09:05 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2012.02.23 20:09:05 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.02.23 20:09:04 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2012.02.23 20:09:04 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012.02.23 20:09:03 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.02.23 20:09:03 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2012.02.23 20:09:02 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2012.02.23 20:09:01 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2012.02.23 20:09:01 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.02.23 20:09:00 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2012.02.23 20:09:00 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.02.23 20:08:59 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2012.02.23 20:08:59 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2012.02.23 20:08:59 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.02.23 20:08:58 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.02.23 20:08:58 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2012.02.23 20:08:56 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2012.02.23 20:08:56 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2012.02.23 20:08:56 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.02.23 20:08:55 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2012.02.23 20:08:55 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.02.23 20:08:54 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.02.23 20:08:54 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2012.02.23 20:08:52 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2012.02.23 20:08:52 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2012.02.23 20:08:51 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2012.02.23 20:08:51 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.02.23 20:08:50 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.02.23 20:08:50 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2012.02.23 20:08:49 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2012.02.23 20:08:48 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2012.02.23 20:08:47 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.02.23 20:08:47 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2012.02.23 20:08:46 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2012.02.23 20:08:45 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2012.02.23 20:08:43 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.02.23 20:08:43 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2012.02.23 20:08:42 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2012.02.23 20:08:41 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2012.02.23 20:08:41 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.02.23 20:08:40 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.02.23 20:08:40 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2012.02.23 20:08:39 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2012.02.23 20:08:39 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2012.02.23 20:08:38 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2012.02.23 20:08:37 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.02.23 20:08:37 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2012.02.23 20:08:36 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2012.02.23 20:08:35 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2012.02.23 20:08:35 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2012.02.23 20:08:34 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2012.02.23 20:08:33 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
[2012.02.23 20:08:32 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2012.02.23 20:08:32 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.02.23 20:08:31 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2012.02.23 20:08:31 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2012.02.23 20:08:30 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2012.02.23 20:08:30 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2012.02.23 20:08:29 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2012.02.23 20:08:29 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2012.02.23 20:08:23 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2012.02.23 20:08:22 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2012.02.23 20:08:22 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.02.23 20:08:21 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2012.02.23 20:08:20 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2012.02.23 20:08:19 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2012.02.23 20:08:18 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2012.02.23 20:08:16 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2012.02.23 20:08:15 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2012.02.22 20:43:17 | 000,117,504 | ---- | C] () -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012.02.22 20:43:17 | 000,117,248 | ---- | C] () -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2012.02.22 20:04:49 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.02.19 18:48:18 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.02.19 18:48:13 | 000,114,304 | ---- | C] () -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2012.02.19 18:48:13 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012.02.19 18:48:04 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012.02.19 18:21:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.02.19 18:21:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.02.19 18:21:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012.02.19 18:21:41 | 000,654,928 | ---- | C] () -- C:\Windows\SysNative\drivers\Wdf01000.sys
[2012.02.19 18:21:41 | 000,042,064 | ---- | C] () -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.02.13 18:07:05 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.13 17:24:44 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 17:24:42 | 000,023,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.13 17:13:09 | 000,035,648 | ---- | C] () -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.13 15:41:50 | 000,034,624 | ---- | C] () -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.13 15:41:50 | 000,025,920 | ---- | C] () -- C:\Windows\SysNative\authuitu.dll
[2012.02.13 15:41:48 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.13 15:41:48 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.13 15:41:47 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.02.07 14:42:04 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.07 14:42:03 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.30 01:43:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.30 01:43:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.22 15:28:55 | 000,201,488 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2011.04.22 15:28:55 | 000,144,144 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2011.04.22 15:28:55 | 000,141,584 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2011.04.22 15:28:55 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2011.04.22 15:28:55 | 000,033,040 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2011.01.04 11:42:18 | 001,682,560 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.21 16:01:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.18 07:49:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.19 13:31:13 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.19 13:31:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.17 13:41:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.06.24 13:33:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.06.24 13:32:12 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.24 00:08:40 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2010.06.23 22:05:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.23 20:01:41 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2010.06.23 19:35:49 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe

< End of report >
--- --- ---

Fabiaan 03.03.2012 22:37
ich war jetzt beruflich im ausland und ich hab das gefühl, das noch weniger an meinem laptop geht, am besten wir fangen nochmal von vorne an und ich poste dir mein otl file.OTL Logfile:
Code:
OTL logfile created on: 03.03.2012 22:22:04 - Run 2
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Administrator\Desktop
64bit-Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 3,24 Gb Available Physical Memory | 81,08% Memory free
8,16 Gb Paging File | 7,58 Gb Available in Paging File | 92,88% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 142,16 Gb Total Space | 60,72 Gb Free Space | 42,71% Space Free | Partition Type: NTFS
Drive D: | 142,18 Gb Total Space | 18,18 Gb Free Space | 12,79% Space Free | Partition Type: NTFS
Drive E: | 4,91 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 7,45 Gb Total Space | 0,02 Gb Free Space | 0,30% Space Free | Partition Type: FAT32
 
Computer Name: FABIAN-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.28 18:07:08 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\otl.exe
PRC - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011.08.15 14:49:50 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011.06.22 10:59:04 | 001,101,960 | ---- | M] () -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AWSC.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.02.09 11:59:08 | 000,035,648 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.11.11 15:29:14 | 000,202,752 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008.01.21 03:50:23 | 000,195,584 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.02.23 19:07:22 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.02.09 11:59:08 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) [Auto | Stopped] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.09.02 14:29:30 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011.06.28 13:17:40 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 15:15:04 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.11.21 10:49:24 | 000,247,608 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.08.19 13:31:08 | 000,066,872 | ---- | M] () [Auto | Stopped] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.11.28 09:56:06 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.08.04 17:56:08 | 000,111,936 | ---- | M] (Broadcom Corp.) [Auto | Stopped] -- C:\Programme\Broadcom\BACS\BPowMon.exe -- (BPowMon)
SRV - [2008.07.27 19:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.07.20 16:45:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 03:46:08 | 000,428,544 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008.01.21 03:46:08 | 000,211,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007.11.05 13:28:10 | 000,204,915 | ---- | M] (Option) [Auto | Stopped] -- C:\Program Files (x86)\T-Mobile\web'n'walk Manager\GtDetectSc.exe -- (GtDetectSc)
SRV - [2007.05.28 17:57:54 | 000,275,968 | ---- | M] (Rocket Division Software) [Auto | Stopped] -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.02.22 20:43:17 | 000,117,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV:64bit: - [2011.06.28 13:17:42 | 000,123,784 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 13:17:42 | 000,088,288 | ---- | M] () [File_System | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.03 11:08:41 | 000,069,376 | ---- | M] () [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\Lbd.sys -- (Lbd)
DRV:64bit: - [2010.09.28 15:44:52 | 000,051,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.08.07 09:40:00 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.08.07 09:39:59 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.07.16 17:40:33 | 000,868,848 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2009.12.08 20:19:34 | 000,135,168 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV:64bit: - [2009.12.07 19:53:26 | 000,117,504 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV:64bit: - [2009.11.11 16:02:12 | 006,104,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\ewusbdev.sys -- (hwusbdev)
DRV:64bit: - [2009.05.25 10:49:06 | 000,145,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029unic.sys -- (s1029unic) Sony Ericsson Device 1029 USB Ethernet Emulation (WDM)
DRV:64bit: - [2009.05.25 10:49:06 | 000,128,552 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029obex.sys -- (s1029obex)
DRV:64bit: - [2009.05.25 10:49:06 | 000,034,856 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029nd5.sys -- (s1029nd5) Sony Ericsson Device 1029 USB Ethernet Emulation (NDIS)
DRV:64bit: - [2009.05.25 10:49:04 | 000,152,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdm.sys -- (s1029mdm)
DRV:64bit: - [2009.05.25 10:49:04 | 000,132,648 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mgmt.sys -- (s1029mgmt) Sony Ericsson Device 1029 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2009.05.25 10:49:04 | 000,019,496 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029mdfl.sys -- (s1029mdfl)
DRV:64bit: - [2009.05.25 10:49:00 | 000,113,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\s1029bus.sys -- (s1029bus) Sony Ericsson Device 1029 driver (WDM)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008.11.17 15:50:30 | 004,751,360 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) Intel(R)
DRV:64bit: - [2008.10.08 08:42:40 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\hidshim.sys -- (hidshim)
DRV:64bit: - [2008.10.08 08:42:38 | 000,024,576 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\nuvotonhidgeneric.sys -- (nuvotonhidgeneric)
DRV:64bit: - [2008.09.19 16:43:58 | 000,068,096 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTSTOR64.SYS -- (RTSTOR)
DRV:64bit: - [2008.08.26 10:26:02 | 000,185,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2008.07.20 16:44:54 | 000,402,456 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\iaStor.sys -- (iaStor)
DRV:64bit: - [2008.06.25 15:39:02 | 000,252,928 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2008.01.21 03:46:34 | 000,046,080 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2008.01.21 03:46:05 | 001,523,712 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS -- (HSF_DPV)
DRV:64bit: - [2008.01.21 03:46:05 | 000,724,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS -- (winachsf)
DRV:64bit: - [2008.01.21 03:46:05 | 000,286,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS -- (HSFHWAZL)
DRV:64bit: - [2007.10.19 14:33:00 | 000,024,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\modrc.sys -- (MODRC)
DRV - [2012.02.12 16:42:37 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Stopped] -- C:\Windows\SysWow64\drivers\SECDRV.SYS -- (secdrv)
DRV - [2012.02.09 11:48:24 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2008.09.30 08:42:20 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15)
DRV - [2008.08.04 17:56:00 | 000,015,200 | ---- | M] (Broadcom Corporation) [Kernel | Auto | Stopped] -- C:\Programme\Broadcom\BACS\BASFND.sys -- (BASFND)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.19 18:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.07 14:42:01 | 000,000,000 | ---D | M]
 
[2012.02.07 14:42:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.02.19 18:35:02 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 18:06:55 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.03.03 22:15:49 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [SkypeM] C:\Users\Administrator\AppData\Local\Skype\Skype.exe (Activision Blizzard, Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1BBCDEB4-DB32-4673-B6FB-B07DB2C251F1}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D803FA02-CDB7-431D-A983-822FDF2B9E8E}: DhcpNameServer = 192.168.2.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.10.06 16:01:16 | 000,000,044 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.03 22:15:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.03.03 22:11:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.03.03 21:40:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.03.03 21:37:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.03.03 21:37:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.03.03 21:37:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.03.03 21:36:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.03.03 21:36:16 | 004,420,481 | R--- | C] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012.03.03 20:45:32 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Avira
[2012.03.03 19:35:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\DivX
[2012.03.03 16:17:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.03.03 16:17:17 | 000,583,680 | ---- | C] (OldTimer Tools) -- C:\Users\Administrator\Desktop\otl.exe
[2012.03.03 10:36:16 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Adobe
[2012.03.02 21:22:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Apple
[2012.03.02 21:21:52 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Google
[2012.02.28 18:27:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.02.28 18:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.02.27 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2012.02.27 20:50:36 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2012.02.27 20:41:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Surf & E-Mail-Stick
[2012.02.27 17:17:59 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Malwarebytes
[2012.02.26 21:30:07 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\TuneUp Software
[2012.02.26 21:02:45 | 000,000,000 | ---D | C] -- C:\found.000
[2012.02.26 20:44:10 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2012.02.26 19:27:01 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2012.02.26 19:26:30 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.02.26 19:26:30 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2012.02.26 19:26:30 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.02.26 19:26:17 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2012.02.26 19:26:14 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Vorlagen
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Verlauf
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Temporary Internet Files
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Startmenü
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\SendTo
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Recent
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Netzwerkumgebung
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Lokale Einstellungen
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Videos
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Musik
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Eigene Dateien
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Documents\Eigene Bilder
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Druckumgebung
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Cookies
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\AppData\Local\Anwendungsdaten
[2012.02.26 19:25:01 | 000,000,000 | -HSD | C] -- C:\Users\Administrator\Anwendungsdaten
[2012.02.26 19:25:00 | 000,000,000 | --SD | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Videos
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Saved Games
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Pictures
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Music
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Links
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Favorites
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Downloads
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Documents
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Desktop
[2012.02.26 19:25:00 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.02.26 19:25:00 | 000,000,000 | -H-D | C] -- C:\Users\Administrator\AppData
[2012.02.26 19:25:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\temp
[2012.02.26 19:25:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Microsoft
[2012.02.26 19:25:00 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Media Center Programs
[2012.02.23 20:09:15 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2012.02.23 20:09:15 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2012.02.23 20:09:14 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2012.02.23 20:09:14 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2012.02.23 20:09:13 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2012.02.23 20:09:13 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2012.02.23 20:09:12 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2012.02.23 20:09:10 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2012.02.23 20:09:09 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2012.02.23 20:09:09 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2012.02.23 20:09:08 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2012.02.23 20:09:07 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2012.02.23 20:09:07 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2012.02.23 20:09:06 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2012.02.23 20:09:05 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2012.02.23 20:09:05 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2012.02.23 20:09:04 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2012.02.23 20:09:04 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2012.02.23 20:09:03 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2012.02.23 20:09:03 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2012.02.23 20:09:02 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2012.02.23 20:09:01 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2012.02.23 20:09:01 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2012.02.23 20:09:00 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2012.02.23 20:09:00 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2012.02.23 20:08:59 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2012.02.23 20:08:59 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2012.02.23 20:08:59 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2012.02.23 20:08:58 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.02.23 20:08:58 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.02.23 20:08:56 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.02.23 20:08:56 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2012.02.23 20:08:56 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2012.02.23 20:08:55 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2012.02.23 20:08:55 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2012.02.23 20:08:54 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2012.02.23 20:08:54 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2012.02.23 20:08:52 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2012.02.23 20:08:52 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2012.02.23 20:08:51 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2012.02.23 20:08:51 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2012.02.23 20:08:50 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2012.02.23 20:08:50 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2012.02.23 20:08:49 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2012.02.23 20:08:48 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2012.02.23 20:08:47 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2012.02.23 20:08:47 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2012.02.23 20:08:46 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2012.02.23 20:08:45 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2012.02.23 20:08:43 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2012.02.23 20:08:43 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2012.02.23 20:08:42 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2012.02.23 20:08:41 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2012.02.23 20:08:41 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2012.02.23 20:08:40 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2012.02.23 20:08:40 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2012.02.23 20:08:39 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2012.02.23 20:08:39 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2012.02.23 20:08:38 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2012.02.23 20:08:37 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2012.02.23 20:08:37 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2012.02.23 20:08:36 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2012.02.23 20:08:35 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2012.02.23 20:08:35 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2012.02.23 20:08:34 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2012.02.23 20:08:33 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012.02.23 20:08:32 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2012.02.23 20:08:32 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2012.02.23 20:08:31 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2012.02.23 20:08:31 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2012.02.23 20:08:30 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2012.02.23 20:08:30 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2012.02.23 20:08:29 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2012.02.23 20:08:29 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2012.02.23 20:08:23 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2012.02.23 20:08:22 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2012.02.23 20:08:22 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2012.02.23 20:08:21 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2012.02.23 20:08:20 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2012.02.23 20:08:19 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2012.02.23 20:08:18 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2012.02.23 20:08:16 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2012.02.23 20:08:15 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2012.02.22 20:04:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.02.22 20:04:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.02.22 20:04:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steam
[2012.02.19 18:48:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner
[2012.02.14 01:08:32 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.02.13 18:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012.02.13 18:07:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BabylonToolbar
[2012.02.13 18:06:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2012.02.13 17:24:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.13 17:24:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.13 17:24:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.13 17:13:09 | 000,028,992 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.13 15:41:50 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.13 15:41:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.02.13 15:40:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.02.13 15:39:18 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUp Software
[2012.02.13 14:57:19 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012.02.13 13:11:24 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.02.12 20:07:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO
[2012.02.12 16:42:26 | 000,163,644 | ---- | C] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2012.02.09 19:47:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraStar Deluxe
[2012.02.09 19:47:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yontoo
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.03 22:24:01 | 001,699,008 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.03.03 22:24:01 | 000,722,462 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.03.03 22:24:01 | 000,675,192 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.03.03 22:24:01 | 000,166,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.03.03 22:24:01 | 000,136,272 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.03.03 22:19:10 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.03 22:18:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.03 22:15:49 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.03.03 22:14:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.03 22:14:25 | 000,005,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 22:14:25 | 000,005,312 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.03 21:34:38 | 004,420,481 | R--- | M] (Swearware) -- C:\Users\Administrator\Desktop\ComboFix.exe
[2012.03.03 20:41:09 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.03.03 20:41:09 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.03.03 19:38:17 | 000,000,680 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012.03.03 19:36:43 | 000,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2012.03.03 15:48:59 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\_
[2012.03.03 14:36:36 | 000,139,264 | ---- | M] () -- C:\Users\Administrator\Desktop\SystemLook.exe
[2012.03.03 13:09:54 | 000,231,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.03.02 22:25:03 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.02 21:25:00 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000UA.job
[2012.03.02 21:25:00 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-4284006758-4131106128-3106105730-1000Core.job
[2012.02.28 19:45:00 | 000,000,732 | ---- | M] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2012.02.28 18:07:08 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\otl.exe
[2012.02.27 20:41:02 | 000,000,942 | ---- | M] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk
[2012.02.22 20:43:17 | 000,117,248 | ---- | M] () -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2012.02.22 20:04:49 | 000,000,792 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.02.20 07:54:11 | 536,919,264 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.19 18:48:18 | 000,000,882 | ---- | M] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.02.19 18:21:56 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.02.19 18:21:54 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.02.15 16:13:44 | 001,682,560 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.02.13 18:07:07 | 000,000,237 | ---- | M] () -- C:\user.js
[2012.02.13 17:24:44 | 000,000,912 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 15:41:48 | 000,001,887 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.13 15:41:48 | 000,001,883 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.12 16:42:37 | 000,163,644 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\Windows\SysWow64\drivers\SECDRV.SYS
[2012.02.09 11:59:10 | 000,034,624 | ---- | M] () -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.09 11:59:08 | 000,035,648 | ---- | M] () -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.09 11:59:08 | 000,021,312 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.02.09 11:59:06 | 000,028,992 | ---- | M] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2012.02.09 11:59:06 | 000,025,920 | ---- | M] () -- C:\Windows\SysNative\authuitu.dll
[2012.02.07 14:42:04 | 000,000,852 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2012.03.03 22:19:10 | 000,000,408 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2012.03.03 21:37:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.03.03 21:37:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.03.03 21:37:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.03.03 21:37:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.03.03 21:37:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.03.03 15:48:59 | 000,000,027 | ---- | C] () -- C:\Windows\SysNative\_
[2012.03.03 14:36:28 | 000,139,264 | ---- | C] () -- C:\Users\Administrator\Desktop\SystemLook.exe
[2012.03.03 11:46:59 | 000,000,680 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps.dat
[2012.02.28 19:45:00 | 000,000,732 | ---- | C] () -- C:\Users\Administrator\AppData\Local\d3d9caps64.dat
[2012.02.27 20:41:02 | 000,000,942 | ---- | C] () -- C:\Users\Public\Desktop\Surf & E-Mail-Stick.lnk
[2012.02.26 19:26:42 | 000,000,953 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.02.26 19:26:34 | 000,000,943 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.02.26 19:26:27 | 000,000,938 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2012.02.26 19:26:13 | 000,000,919 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2012.02.23 20:09:15 | 000,530,776 | ---- | C] () -- C:\Windows\SysNative\XAudio2_6.dll
[2012.02.23 20:09:15 | 000,078,680 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_4.dll
[2012.02.23 20:09:14 | 000,176,984 | ---- | C] () -- C:\Windows\SysNative\xactengine3_6.dll
[2012.02.23 20:09:14 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_7.dll
[2012.02.23 20:09:13 | 000,517,960 | ---- | C] () -- C:\Windows\SysNative\XAudio2_5.dll
[2012.02.23 20:09:13 | 000,176,968 | ---- | C] () -- C:\Windows\SysNative\xactengine3_5.dll
[2012.02.23 20:09:12 | 002,582,888 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_42.dll
[2012.02.23 20:09:10 | 005,554,512 | ---- | C] () -- C:\Windows\SysNative\d3dcsx_42.dll
[2012.02.23 20:09:09 | 000,523,088 | ---- | C] () -- C:\Windows\SysNative\d3dx10_42.dll
[2012.02.23 20:09:09 | 000,285,024 | ---- | C] () -- C:\Windows\SysNative\d3dx11_42.dll
[2012.02.23 20:09:08 | 002,475,352 | ---- | C] () -- C:\Windows\SysNative\D3DX9_42.dll
[2012.02.23 20:09:07 | 002,430,312 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_41.dll
[2012.02.23 20:09:07 | 000,520,544 | ---- | C] () -- C:\Windows\SysNative\d3dx10_41.dll
[2012.02.23 20:09:06 | 005,425,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_41.dll
[2012.02.23 20:09:05 | 000,521,560 | ---- | C] () -- C:\Windows\SysNative\XAudio2_4.dll
[2012.02.23 20:09:05 | 000,073,544 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_3.dll
[2012.02.23 20:09:04 | 000,174,936 | ---- | C] () -- C:\Windows\SysNative\xactengine3_4.dll
[2012.02.23 20:09:04 | 000,024,920 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_6.dll
[2012.02.23 20:09:03 | 002,605,920 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_40.dll
[2012.02.23 20:09:03 | 000,519,000 | ---- | C] () -- C:\Windows\SysNative\d3dx10_40.dll
[2012.02.23 20:09:02 | 005,631,312 | ---- | C] () -- C:\Windows\SysNative\D3DX9_40.dll
[2012.02.23 20:09:01 | 000,518,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_3.dll
[2012.02.23 20:09:01 | 000,074,576 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_2.dll
[2012.02.23 20:09:00 | 000,175,440 | ---- | C] () -- C:\Windows\SysNative\xactengine3_3.dll
[2012.02.23 20:09:00 | 000,025,936 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_5.dll
[2012.02.23 20:08:59 | 000,513,544 | ---- | C] () -- C:\Windows\SysNative\XAudio2_2.dll
[2012.02.23 20:08:59 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_2.dll
[2012.02.23 20:08:59 | 000,072,200 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_1.dll
[2012.02.23 20:08:58 | 001,942,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_39.dll
[2012.02.23 20:08:58 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_39.dll
[2012.02.23 20:08:56 | 004,992,520 | ---- | C] () -- C:\Windows\SysNative\D3DX9_39.dll
[2012.02.23 20:08:56 | 000,511,496 | ---- | C] () -- C:\Windows\SysNative\XAudio2_1.dll
[2012.02.23 20:08:56 | 000,068,104 | ---- | C] () -- C:\Windows\SysNative\XAPOFX1_0.dll
[2012.02.23 20:08:55 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_1.dll
[2012.02.23 20:08:55 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_4.dll
[2012.02.23 20:08:54 | 001,941,528 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_38.dll
[2012.02.23 20:08:54 | 000,540,688 | ---- | C] () -- C:\Windows\SysNative\d3dx10_38.dll
[2012.02.23 20:08:52 | 004,991,496 | ---- | C] () -- C:\Windows\SysNative\D3DX9_38.dll
[2012.02.23 20:08:52 | 000,489,480 | ---- | C] () -- C:\Windows\SysNative\XAudio2_0.dll
[2012.02.23 20:08:51 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\xactengine3_0.dll
[2012.02.23 20:08:51 | 000,028,168 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_3.dll
[2012.02.23 20:08:50 | 001,860,120 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_37.dll
[2012.02.23 20:08:50 | 000,529,424 | ---- | C] () -- C:\Windows\SysNative\d3dx10_37.dll
[2012.02.23 20:08:49 | 004,910,088 | ---- | C] () -- C:\Windows\SysNative\D3DX9_37.dll
[2012.02.23 20:08:48 | 000,411,656 | ---- | C] () -- C:\Windows\SysNative\xactengine2_10.dll
[2012.02.23 20:08:47 | 002,006,552 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_36.dll
[2012.02.23 20:08:47 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_36.dll
[2012.02.23 20:08:46 | 005,081,608 | ---- | C] () -- C:\Windows\SysNative\d3dx9_36.dll
[2012.02.23 20:08:45 | 000,411,496 | ---- | C] () -- C:\Windows\SysNative\xactengine2_9.dll
[2012.02.23 20:08:43 | 001,985,904 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_35.dll
[2012.02.23 20:08:43 | 000,508,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10_35.dll
[2012.02.23 20:08:42 | 005,073,256 | ---- | C] () -- C:\Windows\SysNative\d3dx9_35.dll
[2012.02.23 20:08:41 | 000,409,960 | ---- | C] () -- C:\Windows\SysNative\xactengine2_8.dll
[2012.02.23 20:08:41 | 000,021,000 | ---- | C] () -- C:\Windows\SysNative\X3DAudio1_2.dll
[2012.02.23 20:08:40 | 001,401,200 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_34.dll
[2012.02.23 20:08:40 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_34.dll
[2012.02.23 20:08:39 | 004,496,232 | ---- | C] () -- C:\Windows\SysNative\d3dx9_34.dll
[2012.02.23 20:08:39 | 000,107,368 | ---- | C] () -- C:\Windows\SysNative\xinput1_3.dll
[2012.02.23 20:08:38 | 000,403,304 | ---- | C] () -- C:\Windows\SysNative\xactengine2_7.dll
[2012.02.23 20:08:37 | 001,400,176 | ---- | C] () -- C:\Windows\SysNative\D3DCompiler_33.dll
[2012.02.23 20:08:37 | 000,506,728 | ---- | C] () -- C:\Windows\SysNative\d3dx10_33.dll
[2012.02.23 20:08:36 | 004,494,184 | ---- | C] () -- C:\Windows\SysNative\d3dx9_33.dll
[2012.02.23 20:08:35 | 000,393,576 | ---- | C] () -- C:\Windows\SysNative\xactengine2_6.dll
[2012.02.23 20:08:35 | 000,390,424 | ---- | C] () -- C:\Windows\SysNative\xactengine2_5.dll
[2012.02.23 20:08:34 | 000,469,264 | ---- | C] () -- C:\Windows\SysNative\d3dx10.dll
[2012.02.23 20:08:33 | 004,398,360 | ---- | C] () -- C:\Windows\SysNative\d3dx9_32.dll
[2012.02.23 20:08:32 | 000,364,824 | ---- | C] () -- C:\Windows\SysNative\xactengine2_4.dll
[2012.02.23 20:08:32 | 000,017,688 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_1.dll
[2012.02.23 20:08:31 | 003,977,496 | ---- | C] () -- C:\Windows\SysNative\d3dx9_31.dll
[2012.02.23 20:08:31 | 000,363,288 | ---- | C] () -- C:\Windows\SysNative\xactengine2_3.dll
[2012.02.23 20:08:30 | 000,354,072 | ---- | C] () -- C:\Windows\SysNative\xactengine2_2.dll
[2012.02.23 20:08:30 | 000,083,736 | ---- | C] () -- C:\Windows\SysNative\xinput1_2.dll
[2012.02.23 20:08:29 | 000,352,464 | ---- | C] () -- C:\Windows\SysNative\xactengine2_1.dll
[2012.02.23 20:08:29 | 000,083,664 | ---- | C] () -- C:\Windows\SysNative\xinput1_1.dll
[2012.02.23 20:08:23 | 003,927,248 | ---- | C] () -- C:\Windows\SysNative\d3dx9_30.dll
[2012.02.23 20:08:22 | 000,355,536 | ---- | C] () -- C:\Windows\SysNative\xactengine2_0.dll
[2012.02.23 20:08:22 | 000,016,592 | ---- | C] () -- C:\Windows\SysNative\x3daudio1_0.dll
[2012.02.23 20:08:21 | 003,830,992 | ---- | C] () -- C:\Windows\SysNative\d3dx9_29.dll
[2012.02.23 20:08:20 | 003,815,120 | ---- | C] () -- C:\Windows\SysNative\d3dx9_28.dll
[2012.02.23 20:08:19 | 003,807,440 | ---- | C] () -- C:\Windows\SysNative\d3dx9_27.dll
[2012.02.23 20:08:18 | 003,767,504 | ---- | C] () -- C:\Windows\SysNative\d3dx9_26.dll
[2012.02.23 20:08:16 | 003,823,312 | ---- | C] () -- C:\Windows\SysNative\d3dx9_25.dll
[2012.02.23 20:08:15 | 003,544,272 | ---- | C] () -- C:\Windows\SysNative\d3dx9_24.dll
[2012.02.22 20:43:17 | 000,117,504 | ---- | C] () -- C:\Windows\SysNative\drivers\ewusbmdm.sys
[2012.02.22 20:43:17 | 000,117,248 | ---- | C] () -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys
[2012.02.22 20:04:49 | 000,000,792 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.02.19 18:48:18 | 000,000,882 | ---- | C] () -- C:\Users\Public\Desktop\Mobile Partner.lnk
[2012.02.19 18:48:13 | 000,114,304 | ---- | C] () -- C:\Windows\SysNative\drivers\ewusbdev.sys
[2012.02.19 18:48:13 | 000,029,696 | ---- | C] () -- C:\Windows\SysNative\drivers\ewdcsc.sys
[2012.02.19 18:48:04 | 000,135,168 | ---- | C] () -- C:\Windows\SysNative\drivers\ewusbnet.sys
[2012.02.19 18:21:56 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_netaapl64_01009.Wdf
[2012.02.19 18:21:54 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
[2012.02.19 18:21:42 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2012.02.19 18:21:41 | 000,654,928 | ---- | C] () -- C:\Windows\SysNative\drivers\Wdf01000.sys
[2012.02.19 18:21:41 | 000,042,064 | ---- | C] () -- C:\Windows\SysNative\drivers\WdfLdr.sys
[2012.02.13 18:07:05 | 000,000,237 | ---- | C] () -- C:\user.js
[2012.02.13 17:24:44 | 000,000,912 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.13 17:24:42 | 000,023,152 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.13 17:13:09 | 000,035,648 | ---- | C] () -- C:\Windows\SysNative\uxtuneup.dll
[2012.02.13 15:41:50 | 000,034,624 | ---- | C] () -- C:\Windows\SysNative\TURegOpt.exe
[2012.02.13 15:41:50 | 000,025,920 | ---- | C] () -- C:\Windows\SysNative\authuitu.dll
[2012.02.13 15:41:48 | 000,001,887 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.02.13 15:41:48 | 000,001,883 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.02.13 15:41:47 | 000,001,895 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.02.07 14:42:04 | 000,000,852 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.07 14:42:03 | 000,000,864 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.30 01:43:13 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.30 01:43:13 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.22 15:28:55 | 000,201,488 | ---- | C] () -- C:\Windows\SysWow64\MACD32.DLL
[2011.04.22 15:28:55 | 000,144,144 | ---- | C] () -- C:\Windows\SysWow64\MASE32.DLL
[2011.04.22 15:28:55 | 000,141,584 | ---- | C] () -- C:\Windows\SysWow64\MAMC32.DLL
[2011.04.22 15:28:55 | 000,063,248 | ---- | C] () -- C:\Windows\SysWow64\MASD32.DLL
[2011.04.22 15:28:55 | 000,033,040 | ---- | C] () -- C:\Windows\SysWow64\MA32.DLL
[2011.01.04 11:42:18 | 001,682,560 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.21 16:01:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.09.18 07:49:16 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.19 13:31:13 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.08.19 13:31:08 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.08.17 13:41:33 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010.06.24 13:33:26 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2010.06.24 13:32:12 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2010.06.24 00:08:40 | 000,000,286 | ---- | C] () -- C:\Windows\game.ini
[2010.06.23 22:05:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.06.23 20:01:41 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIOFM4.dll
[2010.06.23 19:42:33 | 000,001,024 | RH-- | C] () -- C:\Windows\SysWow64\NTIBUN5.dll
[2010.06.23 19:35:49 | 000,105,984 | ---- | C] () -- C:\Windows\FixUVC.exe

< End of report >
--- --- ---


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:56 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131