Trojan Downloader

#1 Tjah ich weiß das hier irgendwo einer ist ^^

Der gute gibt sich aber nich zu erkennen. Woher weiß ichs? Ganz einfach Eset blockiert dauernd verbindungen zu einer russischen seite mit einer fragwürdigen datei.
Sos brav ^^
Und auch eine buby.exe xD(kryptik FX trojaner) die sich in den arbeitsspeicher schleicht schmeißt er sofort raus

Aber ich finde den Urheber nich.

Eset findet nüscht
Gmer findet nüscht Sophos anti rootkit auch nich also kein rootkit kay
Mein Hijack This ist unaufälliog meines erachtens
Ich hab ihn auch schon automatisch auswerten lassen, langweilig aba der vollständigkeit halber ^^

Hier is es:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:51, on 11.08.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files (x86)\seba14mods\µtorrent 1.8.4 (build 16688) Leecher Pack\utorrent 1.8.4 (16688)_mult10_leecher.exe
C:\Program Files (x86)\ICQ7.0\ICQ.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Users\Hallo\AppData\Roaming\Utruo\bubyy.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.qip.ru/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: QIPBHO Class - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Hallo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Hallo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\seba14mods\µtorrent 1.8.4 (build 16688) Leecher Pack\utorrent 1.8.4 (16688)_mult10_leecher.exe"
O4 - HKCU\..\Run: [autotend] rundll32 "C:\Users\Hallo\AppData\Local\Temp\fixmpubw.dll",ClientDllStartup
O4 - HKCU\..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [autoSTAT] rundll32 "C:\Users\Hallo\AppData\Local\Temp\fontdown.dll",ClientDllStartup
O4 - HKCU\..\Run: [{665BE83D-4E6E-7317-84FF-7DC11A8B7670}] C:\Users\Hallo\AppData\Roaming\Utruo\bubyy.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Dienst "Bonjour" (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Process Monitor (LVPrcS64) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: lxdiCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdiserv.exe
O23 - Service: lxdi_device - - C:\Windows\system32\lxdicoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9876 bytes

Ziemlich, langweilig genau
Also was nun spybot hat bis auf die üblichen verfolgenden cookies nichts gefunden
Wir warten nun den Super anti Spyware scan ab der vorhin schon dreimal fündig gewortden wurde was ich allerdings als fragwürdig empfinde, keylogger die ziemlich sicher keine waren und ein trojan downloader im programmordnern von Cheatengin. Nya nach neustart is der feind noch da

#2 Tjah wie erwartet wenig Hilfreich

Die üblichen verfolgenden cookies
Dann wirds witzig ^^

Trojan.VXGame-Variant/D
der wundervolle dateipfad führt in den ordner eines spiels das ich schon lange deinstallieren wollt und nie dazu gekomm bin xD 4x Alles setups fragwürdig

Dann haben wir da noch ein Unclassiefied Unkown Original ^^
Den ich mal als keygen für ein Programm entlarve

Wir stellen fest, der eigentliche feind ist nichtr dabei. Hilfe O_o

#3 Hallo und herzlich Willkommen auf Protecus.de

Um ein infiziertes System zu bereinigen bedarf es neben Zeit auch die Beachtung folgender Punkte:

• Halte Dich an die Anweisungen des jeweiligen Helfers.
• Falls Du externen Speichermedien (USB Sticks, Festplatten) hast, dann schliesse die vor der Reinigung an.
• Während der Reinigung solltest Du weder Programme installieren noch deinstallieren, welche nicht ausdrücklich verlangt werden.
• Bitte arbeite jeden Schritt der Reihe nach ab.
• Falls bei einem Schritt Probleme auftauchen, poste was du bereits hast und melde Dich mit dem Problembeschreiben.


• Die Bereinigung ist erst beendet wenn der jeweilige Helfer das OK gibt.
• Wenn die Kiste wieder flott läuft heisst das nicht, dass das Sytem auch sauber ist.
• Bei geschäftlich genutzten Rechner sollte der zuständige IT Verantwortliche beigezogen werden.
• Ein Support unsererseits kann unter Umständen bei einem Firmenrechner abgelehnt werden.
• Bei illegaler Software besteht die Möglichkeit, dass der Support eingestellt wird.
• Jegliche Cracks oder Keygens werden weder gefördert noch akzeptiert.
• Bei stark infizierten Systemen vorallem wenn Backdoors oder Rootkits involviert sind kann es vorkommen, dass ein Helfer zum Neuaufsetzen rät.
• In letzter Instanz ist dann immer der User welcher entscheidet.


Vista und Win7 User:
Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.

Schritt 1

Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.

Schritt 2

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

#4 Alles kla

Code

OTL logfile created on: 12.08.2010 15:20:10 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Hallo\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 68,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 606,17 Gb Free Space | 65,08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74,31 Gb Total Space | 51,85 Gb Free Space | 69,78% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 387,67 Gb Free Space | 83,23% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 185,79 Gb Free Space | 19,95% Space Free | Partition Type: NTFS
 
Computer Name: HALLO-PC
Current User Name: Hallo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Hallo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Hallo\AppData\Roaming\Utruo\bubyy.exe (kctv)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\seba14mods\µtorrent 1.8.4 (build 16688) Leecher Pack\utorrent 1.8.4 (16688)_mult10_leecher.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
PRC - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe (ROCCAT)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Hallo\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:[b]64bit:[/b] - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:[b]64bit:[/b] - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:[b]64bit:[/b] - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:[b]64bit:[/b] - (lxdi_device) -- C:\Windows\SysNative\lxdicoms.exe ( )
SRV:[b]64bit:[/b] - (lxdiCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (lxdi_device) -- C:\Windows\SysWow64\lxdicoms.exe ( )
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:[b]64bit:[/b] - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:[b]64bit:[/b] - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:[b]64bit:[/b] - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:[b]64bit:[/b] - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:[b]64bit:[/b] - (LVUVC64) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (MEMSWEEP2) -- C:\Windows\SysNative\847B.tmp (Sophos Plc)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (ArvoFltr) -- C:\Windows\SysNative\drivers\ArvoFltr.sys (ROCCAT Development, Inc.)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:[b]64bit:[/b] - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (SASDIFSV) -- C:\Users\Hallo\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Users\Hallo\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Hallo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: spam@trashmail.net:2.0.4
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.24 09:06:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.24 09:06:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.05.25 18:20:00 | 000,000,000 | ---D | M]
 
[2010.03.05 19:48:27 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Extensions
[2010.08.11 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions
[2010.07.06 19:14:11 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.27 13:31:59 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.03.06 13:13:45 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010.03.27 01:59:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.11 14:08:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.31 15:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.03.06 13:13:44 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.04.06 22:05:15 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\DeviceDetection@logitech.com
[2010.05.03 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.04.09 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\isreaditlater@ideashower.com
[2010.06.24 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\spam@trashmail.net
[2010.07.07 19:18:03 | 000,005,304 | ---- | M] () -- C:\Users\Hallo\AppData\Roaming\Mozilla\FireFox\Profiles\rih7hx5x.default\searchplugins\gmt.xml
[2010.08.11 21:30:36 | 000,000,947 | ---- | M] () -- C:\Users\Hallo\AppData\Roaming\Mozilla\FireFox\Profiles\rih7hx5x.default\searchplugins\icqplugin.xml
[2010.04.27 13:31:59 | 000,002,062 | ---- | M] () -- C:\Users\Hallo\AppData\Roaming\Mozilla\FireFox\Profiles\rih7hx5x.default\searchplugins\qip-search.xml
[2010.04.23 20:26:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.23 20:26:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.25 01:41:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 01:41:01 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.25 01:41:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.25 01:41:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.25 01:41:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Hallo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [{665BE83D-4E6E-7317-84FF-7DC11A8B7670}] C:\Users\Hallo\AppData\Roaming\Utruo\bubyy.exe (kctv)
O4 - HKCU..\Run: [autoSTAT] C:\Users\Hallo\AppData\Local\Temp\fontdown.DLL ()
O4 - HKCU..\Run: [autotend] C:\Users\Hallo\AppData\Local\Temp\fixmpubw.DLL File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\seba14mods\µtorrent 1.8.4 (build 16688) Leecher Pack\utorrent 1.8.4 (16688)_mult10_leecher.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{30fad62e-29d8-11df-b49b-6cf049575964}\Shell - "" = AutoRun
O33 - MountPoints2\{30fad62e-29d8-11df-b49b-6cf049575964}\Shell\AutoRun\command - "" = F:\launcher.exe -- File not found
O33 - MountPoints2\{539a9e50-2bab-11df-92c3-6cf049575964}\Shell - "" = AutoRun
O33 - MountPoints2\{539a9e50-2bab-11df-92c3-6cf049575964}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.08.11 22:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.08.11 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Local\2K Games
[2010.08.11 21:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neuer Ordner
[2010.08.11 21:41:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MafiaIIDemo
[2010.08.11 20:43:06 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\SUPERAntiSpyware.com
[2010.08.11 20:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.11 20:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.08.11 17:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010.08.11 16:52:37 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.11 16:52:36 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.11 16:52:35 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.11 16:52:27 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.11 16:52:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.11 16:52:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.11 16:52:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.11 16:52:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.11 16:52:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.11 16:52:12 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.11 16:52:12 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.11 16:52:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.11 16:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.11 16:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.08.09 18:15:53 | 000,000,000 | ---D | C] -- C:\Windows\B83FC356B7C0441F8A4DD71E088E7974.TMP
[2010.08.09 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Local\Divinity 2
[2010.08.09 18:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2010.08.09 18:09:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.08.09 17:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Divinity II - Ego Draconis
[2010.08.08 19:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\505games
[2010.08.06 20:06:28 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\NCH Software
[2010.08.06 20:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010.08.06 20:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010.08.06 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\FinalBurner Video DVD
[2010.08.06 19:55:30 | 000,000,000 | ---D | C] -- C:\finalburner
[2010.08.06 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalBurner
[2010.08.06 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\Canneverbe Limited
[2010.08.06 19:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.08.06 19:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.08.06 19:23:22 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\Nero
[2010.08.06 19:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeroInstall.bak
[2010.08.06 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Local\Ahead
[2010.08.06 19:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.08.06 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.08.06 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010.08.01 23:08:31 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Desktop\Neuer Ordner (9)
[2010.07.26 21:33:41 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\HU2011
[2010.07.26 21:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hunting Unlimited 2011
[2010.07.26 01:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Guild 2 - Renaissance
[2010.07.25 16:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fmXML
[2010.07.24 23:36:28 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\ZombieDriver
[2010.07.24 23:35:30 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.07.24 23:35:30 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.07.24 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.07.24 23:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zombie Driver
[2010.07.20 00:29:54 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Desktop\Neuer Ordner (8)
[2010.07.20 00:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2010.07.20 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2010.07.20 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Documents\Sports Interactive
[2010.07.20 00:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\Sports Interactive
[2010.07.20 00:12:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2010.07.20 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sports Interactive
[2010.07.20 00:11:49 | 000,000,000 | -H-D | C] -- C:\Users\Hallo\InstallAnywhere
[2010.07.19 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Desktop\Neuer Ordner (7)
[2010.07.14 23:00:10 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Desktop\Neuer Ordner (6)
[2010.07.14 11:09:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.06.17 20:30:09 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2010.06.17 20:30:09 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2010.06.17 20:30:09 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2010.06.17 20:30:09 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2010.06.17 20:30:09 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2010.06.17 20:30:09 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2010.06.17 20:30:09 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2010.06.17 20:30:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2010.06.17 20:30:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2010.06.17 20:30:08 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2010.06.17 20:30:08 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.08.12 15:21:30 | 002,359,296 | -HS- | M] () -- C:\Users\Hallo\NTUSER.DAT
[2010.08.12 14:00:21 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.12 14:00:21 | 000,648,466 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.12 14:00:21 | 000,611,134 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.12 14:00:21 | 000,128,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.12 14:00:21 | 000,105,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.12 13:56:39 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 13:56:39 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 13:49:28 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010.08.12 13:49:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.12 13:49:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.12 13:49:17 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.12 04:08:19 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.12 04:06:13 | 005,749,231 | -H-- | M] () -- C:\Users\Hallo\AppData\Local\IconCache.db
[2010.08.11 20:34:44 | 000,002,097 | ---- | M] () -- C:\Users\Hallo\Desktop\HijackThis.lnk
[2010.08.11 16:44:50 | 000,001,262 | ---- | M] () -- C:\Users\Hallo\Desktop\Spybot - Search & Destroy.lnk
[2010.08.10 13:55:42 | 000,407,552 | ---- | M] () -- C:\Users\Hallo\Desktop\mafia.ii.[demo]-patch.exe
[2010.08.09 18:14:11 | 000,002,184 | ---- | M] () -- C:\Users\Hallo\Desktop\Divinity II - Flames Of Vengeance.lnk
[2010.08.09 18:06:30 | 000,002,140 | ---- | M] () -- C:\Users\Hallo\Desktop\Divinity II - Ego Draconis.lnk
[2010.08.08 19:29:24 | 000,001,227 | ---- | M] () -- C:\Users\Hallo\Desktop\Men of War (Multiplayer).lnk
[2010.08.08 19:27:58 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2010.08.08 19:26:07 | 000,001,208 | ---- | M] () -- C:\Users\Hallo\Desktop\Men of War.lnk
[2010.08.06 20:02:29 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk
[2010.08.06 19:56:02 | 000,005,120 | ---- | M] () -- C:\Users\Hallo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.06 19:49:01 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.08.06 19:45:18 | 000,000,048 | ---- | M] () -- C:\Users\Hallo\Desktop\C
[2010.08.06 19:45:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.06 19:22:41 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.08.06 19:22:41 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010.08.06 19:22:11 | 000,000,026 | ---- | M] () -- C:\Windows\Irremote.ini
[2010.08.06 19:22:06 | 000,001,024 | ---- | M] () -- C:\Users\Hallo\.rnd
[2010.08.06 01:13:52 | 1439,215,616 | ---- | M] () -- C:\Users\Hallo\Desktop\vcf-kisskill.avi
[2010.08.05 15:07:32 | 1212,485,632 | ---- | M] () -- C:\Users\Hallo\Desktop\logic-friseuse-xvid.avi
[2010.08.04 21:50:20 | 550,361,088 | ---- | M] () -- C:\Users\Hallo\Desktop\awa-rockstrentes01e01.avi
[2010.08.03 12:01:51 | 1534,291,967 | ---- | M] () -- C:\Users\Hallo\Desktop\de-dfove.iso
[2010.08.02 21:03:35 | 1194,588,160 | ---- | M] () -- C:\Users\Hallo\Desktop\kinowelt-nine-xvid.avi
[2010.08.02 16:57:02 | 000,819,359 | ---- | M] () -- C:\Users\Hallo\Desktop\IMAG0011.jpg
[2010.08.02 16:56:30 | 000,949,372 | ---- | M] () -- C:\Users\Hallo\Desktop\IMAG0009.jpg
[2010.07.30 23:27:35 | 000,039,424 | R--- | M] () -- C:\Users\Hallo\Desktop\Trainings-Sterne.xls
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.07.25 16:46:37 | 000,001,025 | ---- | M] () -- C:\Users\Hallo\Desktop\fmXML.lnk
[2010.07.24 23:35:30 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.07.24 23:35:30 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.07.24 23:35:30 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.07.24 23:35:30 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.07.24 23:33:31 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Zombie Driver.lnk
[2010.07.24 11:01:26 | 2685,435,904 | ---- | M] () -- C:\Users\Hallo\Desktop\vty-0326.iso
[2010.07.20 03:35:11 | 000,001,786 | ---- | M] () -- C:\Users\Hallo\Desktop\fm - Verknüpfung.lnk
[2010.07.19 17:57:38 | 608,041,392 | ---- | M] () -- C:\Users\Hallo\Desktop\gow-hu2011.bin
[2010.07.19 17:57:38 | 000,000,076 | ---- | M] () -- C:\Users\Hallo\Desktop\gow-hu2011.cue
[2010.07.19 15:34:08 | 735,299,584 | ---- | M] () -- C:\Users\Hallo\Desktop\xcopy-moon2009.avi
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.08.12 03:17:34 | 690,827,264 | ---- | C] () -- C:\Users\Hallo\Desktop\ind-alice-cd2.avi
[2010.08.12 02:15:15 | 731,398,144 | ---- | C] () -- C:\Users\Hallo\Desktop\ind-alice-cd1.avi
[2010.08.11 21:49:52 | 000,407,552 | ---- | C] () -- C:\Users\Hallo\Desktop\mafia.ii.[demo]-patch.exe
[2010.08.11 20:34:44 | 000,002,097 | ---- | C] () -- C:\Users\Hallo\Desktop\HijackThis.lnk
[2010.08.11 16:44:50 | 000,001,262 | ---- | C] () -- C:\Users\Hallo\Desktop\Spybot - Search & Destroy.lnk
[2010.08.11 01:16:05 | 733,931,520 | ---- | C] () -- C:\Users\Hallo\Desktop\ctl-college.animals.3.xvid.avi
[2010.08.09 18:14:11 | 000,002,184 | ---- | C] () -- C:\Users\Hallo\Desktop\Divinity II - Flames Of Vengeance.lnk
[2010.08.09 18:06:30 | 000,002,140 | ---- | C] () -- C:\Users\Hallo\Desktop\Divinity II - Ego Draconis.lnk
[2010.08.09 17:39:54 | 1534,291,967 | ---- | C] () -- C:\Users\Hallo\Desktop\de-dfove.iso
[2010.08.09 17:39:49 | 2741,108,735 | ---- | C] () -- C:\Users\Hallo\Desktop\DIVINITY_II.iso
[2010.08.09 02:41:44 | 1212,485,632 | ---- | C] () -- C:\Users\Hallo\Desktop\logic-friseuse-xvid.avi
[2010.08.08 19:29:24 | 000,001,227 | ---- | C] () -- C:\Users\Hallo\Desktop\Men of War (Multiplayer).lnk
[2010.08.08 19:27:58 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2010.08.08 19:26:07 | 000,001,208 | ---- | C] () -- C:\Users\Hallo\Desktop\Men of War.lnk
[2010.08.08 19:17:22 | 3411,443,712 | ---- | C] () -- C:\Users\Hallo\Desktop\gns-mow.iso
[2010.08.07 18:35:02 | 1439,215,616 | ---- | C] () -- C:\Users\Hallo\Desktop\vcf-kisskill.avi
[2010.08.06 20:02:29 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk
[2010.08.06 19:49:01 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.08.06 19:49:00 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.08.06 19:49:00 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010.08.06 19:37:14 | 000,000,048 | ---- | C] () -- C:\Users\Hallo\Desktop\C
[2010.08.06 19:33:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.08.06 19:22:41 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.08.06 19:22:41 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010.08.06 19:22:11 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.08.06 19:22:05 | 000,001,024 | ---- | C] () -- C:\Users\Hallo\.rnd
[2010.08.06 19:20:59 | 550,361,088 | ---- | C] () -- C:\Users\Hallo\Desktop\awa-rockstrentes01e01.avi
[2010.08.05 03:35:30 | 733,005,824 | ---- | C] () -- C:\Users\Hallo\Desktop\empire-ausgeflittert-xvid-cd2.avi
[2010.08.05 01:55:17 | 734,324,736 | ---- | C] () -- C:\Users\Hallo\Desktop\empire-ausgeflittert-xvid-cd1.avi
[2010.08.03 02:55:44 | 1194,588,160 | ---- | C] () -- C:\Users\Hallo\Desktop\kinowelt-nine-xvid.avi
[2010.08.02 18:57:47 | 000,949,372 | ---- | C] () -- C:\Users\Hallo\Desktop\IMAG0009.jpg
[2010.08.02 18:57:47 | 000,819,359 | ---- | C] () -- C:\Users\Hallo\Desktop\IMAG0011.jpg
[2010.08.01 18:17:46 | 730,462,208 | ---- | C] () -- C:\Users\Hallo\Desktop\kings_of_rock.avi
[2010.07.30 23:27:35 | 000,039,424 | R--- | C] () -- C:\Users\Hallo\Desktop\Trainings-Sterne.xls
[2010.07.27 21:37:51 | 735,299,584 | ---- | C] () -- C:\Users\Hallo\Desktop\xcopy-moon2009.avi
[2010.07.26 21:27:30 | 000,000,076 | ---- | C] () -- C:\Users\Hallo\Desktop\gow-hu2011.cue
[2010.07.26 21:27:10 | 608,041,392 | ---- | C] () -- C:\Users\Hallo\Desktop\gow-hu2011.bin
[2010.07.26 01:40:21 | 2685,435,904 | ---- | C] () -- C:\Users\Hallo\Desktop\vty-0326.iso
[2010.07.25 16:46:37 | 000,001,025 | ---- | C] () -- C:\Users\Hallo\Desktop\fmXML.lnk
[2010.07.24 23:33:31 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Zombie Driver.lnk
[2010.07.21 00:45:14 | 000,065,706 | ---- | C] () -- C:\Users\Hallo\Desktop\team instructions.xml
[2010.07.21 00:45:14 | 000,056,164 | ---- | C] () -- C:\Users\Hallo\Desktop\player instructions.xml
[2010.07.20 03:35:11 | 000,001,786 | ---- | C] () -- C:\Users\Hallo\Desktop\fm - Verknüpfung.lnk
[2010.07.20 00:22:56 | 000,072,821 | ---- | C] () -- C:\Users\Hallo\Desktop\skidrow.nfo
[2010.07.20 00:09:14 | 2486,501,376 | ---- | C] () -- C:\Users\Hallo\Desktop\rld-fm10.iso
[2010.06.17 20:30:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2010.06.17 20:30:09 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2010.06.15 13:12:45 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.22 20:43:59 | 000,000,116 | ---- | C] () -- C:\Windows\SysWow64\applet.ini
[2010.03.03 12:40:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.02.12 19:49:34 | 000,712,704 | ---- | C] () -- C:\Windows\SysWow64\spk.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.05.09 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\.purple
[2010.08.06 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Canneverbe Limited
[2010.03.07 13:03:22 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\DAEMON Tools Lite
[2010.03.06 13:05:35 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\DAEMON Tools Pro
[2010.08.06 19:55:30 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\FinalBurner Video DVD
[2010.04.27 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\gtk-2.0
[2010.07.26 21:40:44 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\HU2011
[2010.08.12 13:50:43 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\ICQ
[2010.04.06 22:18:17 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Leadertech
[2010.06.17 20:35:48 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Lexmark Productivity Studio
[2010.08.11 04:24:37 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Loelwo
[2010.03.12 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Mount&Blade
[2010.04.05 16:46:51 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Mount&Blade Warband
[2010.03.21 17:24:32 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\OpenOffice.org
[2010.03.18 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Opera
[2010.03.22 20:44:16 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\QIP
[2010.03.14 12:25:44 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\ROCCAT
[2010.07.20 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Sports Interactive
[2010.04.27 14:18:52 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Stardock
[2010.05.08 15:44:22 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\StreamTorrent
[2010.03.05 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\TuneUp Software
[2010.08.12 15:21:42 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\uTorrent
[2010.07.12 23:11:04 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Utruo
[2010.04.12 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Vso
[2010.07.24 23:36:56 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\ZombieDriver
[2010.07.29 10:50:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Code

OTL Extras logfile created on: 12.08.2010 15:20:10 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Hallo\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 4,00 Gb Available Physical Memory | 68,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 606,17 Gb Free Space | 65,08% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74,31 Gb Total Space | 51,85 Gb Free Space | 69,78% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 387,67 Gb Free Space | 83,23% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 185,79 Gb Free Space | 19,95% Space Free | Partition Type: NTFS
 
Computer Name: HALLO-PC
Current User Name: Hallo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2016B2AD-0051-05C7-9CCB-CE9F05659CB7}" = ccc-utility64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{25D04DBB-FE9D-E3BA-C2F3-F1BE9B8C0709}" = ATI Catalyst Install Manager
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CE4F361A-8C13-441C-A21A-DDC0FBA6FEED}" = ESET NOD32 Antivirus
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Explorer Suite_is1" = Explorer Suite III
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Nur entfernen)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.0" = Update &1 für Spiel Men of War
"{1733273F-0C04-44E1-A089-E0F0684AC9C2}_is1" = QIP 2010 psYNovA-Edition
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.23.0.193
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{31405CA2-F009-D91B-FEFF-35924343CB14}" = Catalyst Control Center InstallProxy
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61DF2893-0069-4E50-A02E-3A41A97CB1B4}" = ROCCAT Arvo Keyboard Driver
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{6492FF72-4DC5-4D9E-85D5-51574C8986C5}" = QIP Infium 9034 Jeak-Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B587B3-94BA-CAFF-5824-DB8D2E7A72F4}" = Catalyst Control Center InstallProxy
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9CE28521-FEA3-4D5A-8320-D2A6C9151B82}" = Supreme Commander 2
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5334C85-F601-427C-85F7-CDD9FDC8C69F}" = StubbsPatchInstaller
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{E666E822-53A9-460B-BA99-35184AA80965}" = Hunting Unlimited 2011
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"µtorrent 1.8.4 (build 16688) Leecher Pack by seba14_is1" = µtorrent 1.8.4 (build 16688) Leecher Pack
"µtorrent 2.0.0 (build 18296) Leecher Pack by seba14_is1" = µtorrent 2.0.0 (build 18296) Leecher Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Die Gilde 2 - Back to the Roots_is1" = Die Gilde 2 - Back to the Roots Patch v1.2
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"ExpressBurn" = Express Burn Disc Burning Software
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.11.9
"fmXML_is1" = fmXML version 0.3
"Football Manager 2010" = Football Manager 2010
"Fraps" = Fraps (remove only)
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HijackThis" = HijackThis 2.0.2
"Impulse" = Impulse
"Just Cause 2_is1" = Just Cause 2
"LastFM_is1" = Last.fm 1.5.4.24567
"Magic The Gathering - Duels of the Planeswalkers_is1" = Magic The Gathering - Duels of the Planeswalkers
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.5
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Steam App 240" = Counter-Strike: Source
"Steam App 43110" = Metro 2033
"Steam App 48700" = Mount&Blade: Warband
"Steam App 50280" = Mafia II - Demo
"StreamTorrent 1.0" = StreamTorrent 1.0
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"X3TC Bonuspaket_is1" = X3TC Bonuspaket 4.1.01
"X3TerranConflict_is1" = X3 Terran Conflict v2.7
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Zombie Driver" = Zombie Driver 1.1.4b
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 2.0.9034
"QipGuard" = QIP Internet Guardian
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

#5 Schritt 1

Filesharing

Ich poste mal folgenden Hinweis, nicht mit erhobenem Zeigefinger, sondern weil Du Dir dessen vielleicht nicht bewusst bist. Du benutzt P2P-Programme. Wenn Du ein sauberes System bekommen respektive behalten möchtest, solltest Du auf den Download von Software aus solchen Quellen verzichten, denn auch wenn das P2P-Programm selbst "sauber" ist, bewahrt es Dich nicht davor, evtl. schädliche Programme auf Deinen Rechner zu holen.

Du siehst, die Gefahr ist sehr groß, sich über diese Wege zu infizieren. Aus diesem Grund bereinige ich lieber Systeme, die keine solchen Programme installiert haben und bitte Dich daher alle Programme, die in diese Richtung gehen, während unserer Bereinigung komplett und rückstandlos über Systemsteuerung => Software zu deinstallieren

Zitat

BitTorrent
µtorrent

Schritt 2

Java aktualisieren

Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.


Schritt 3

XPAntispy

Bei der Durchsicht der Logfiles habe ich gesehen, dass Du XPAntispy installiert hast. Das erhöht einerseits die Sicherheit, kann uns aber andererseits bei der Bereinigung hinderlich sein. Alle mit XPAntispy gemachten Änderungen müssen rückgängig gemacht werden, indem Du unter "Profile" das Systemprofil auf Systemstandard einstellst. Nach Beendigung der Bereinigung kannst Du in XPAntispy wieder Dein gewohntes Profil einstellen.

Schritt 4

Fixen mit OTL

• Starte die OTL.exe.
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Kopiere folgendes Skript:

Code

:OTL
PRC - C:\Users\Hallo\AppData\Roaming\Utruo\bubyy.exe (kctv)
O4 - HKCU..\Run: [{665BE83D-4E6E-7317-84FF-7DC11A8B7670}] C:\Users\Hallo\AppData\Roaming\Utruo\bubyy.exe (kctv)
O4 - HKCU..\Run: [autoSTAT] C:\Users\Hallo\AppData\Local\Temp\fontdown.DLL ()
O4 - HKCU..\Run: [autotend] C:\Users\Hallo\AppData\Local\Temp\fixmpubw.DLL File not found
O33 - MountPoints2\{30fad62e-29d8-11df-b49b-6cf049575964}\Shell - "" = AutoRun
O33 - MountPoints2\{30fad62e-29d8-11df-b49b-6cf049575964}\Shell\AutoRun\command - "" = F:\launcher.exe -- File not found
O33 - MountPoints2\{539a9e50-2bab-11df-92c3-6cf049575964}\Shell - "" = AutoRun
O33 - MountPoints2\{539a9e50-2bab-11df-92c3-6cf049575964}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
[2010.07.12 23:11:04 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Utruo
:Commands
[purity]
[emptytemp]

• und füge es hier ein:
• Schließe alle Programme.
• Klicke auf den Fix Button.
• Klick auf .
• OTL verlangt einen Neustart. Bitte zulassen.
• Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

Schritt 5

Malwarebytes Anti-Malware

Lade MBAM herunter, installiere es und wähle bei Reiter:

-> “Update“> “Suche nach Aktualisierungen“
-> “Einstellungen“> “Beende Internet Explorer während des Löschvorgangs“
-> “Scanner”> "Quickscan durchfuehren".

Wenn am Ende Infizierungen gefunden werden, diese anhaken und entfernen lassen. Starte dein Rechner neu

Schritt 6

Erneuter Systemscan mit OTL

• Doppelklick auf die OTL.exe
• Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
• Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Minimal-Ausgabe
• Unter Extra-Registrierung wähle bitte Benutze SafeList.
• Mache Häckchen bei LOP- und Purity-Prüfung.
• Klicke nun auf Scan links oben.



• Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
• Poste die Logfiles in Code-Tags hier in den Thread.

#6 Das war alles? O__o Keine Warnungen keine infizierungen

Coool

Kannsu mir erklären wie du das gemacht hast?

Code

OTL logfile created on: 12.08.2010 16:03:13 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Hallo\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 655,79 Gb Free Space | 70,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74,31 Gb Total Space | 51,85 Gb Free Space | 69,78% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 387,67 Gb Free Space | 83,23% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 209,86 Gb Free Space | 22,53% Space Free | Partition Type: NTFS
 
Computer Name: HALLO-PC
Current User Name: Hallo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - C:\Users\Hallo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\seba14mods\µtorrent 1.8.4 (build 16688) Leecher Pack\utorrent 1.8.4 (16688)_mult10_leecher.exe (BitTorrent, Inc.)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
PRC - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
PRC - C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\ROCCAT\Kone Mouse\osd.exe (ROCCAT)
PRC - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
[color=#E56717]========== Modules (SafeList) ==========[/color]
 
MOD - C:\Users\Hallo\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
 
SRV:[b]64bit:[/b] - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:[b]64bit:[/b] - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:[b]64bit:[/b] - (EhttpSrv) -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (ESET)
SRV:[b]64bit:[/b] - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (ESET)
SRV:[b]64bit:[/b] - (LVPrcS64) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV:[b]64bit:[/b] - (lxdi_device) -- C:\Windows\SysNative\lxdicoms.exe ( )
SRV:[b]64bit:[/b] - (lxdiCATSCustConnectService) -- C:\Windows\SysNative\spool\DRIVERS\x64\3\\lxdiserv.exe ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (TuneUp.Defrag) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (clr_optimization_v4.0.30319_64) -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (NMSAccess) -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe ()
SRV - (DAUpdaterSvc) -- C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (BioWare)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (lxdi_device) -- C:\Windows\SysWow64\lxdicoms.exe ( )
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV:[b]64bit:[/b] - (MEMSWEEP2) -- C:\Windows\SysNative\847B.tmp File not found
DRV:[b]64bit:[/b] - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:[b]64bit:[/b] - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:[b]64bit:[/b] - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:[b]64bit:[/b] - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:[b]64bit:[/b] - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:[b]64bit:[/b] - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:[b]64bit:[/b] - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:[b]64bit:[/b] - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:[b]64bit:[/b] - (epfwwfpr) -- C:\Windows\SysNative\drivers\epfwwfpr.sys (ESET)
DRV:[b]64bit:[/b] - (ehdrv) -- C:\Windows\SysNative\drivers\ehdrv.sys (ESET)
DRV:[b]64bit:[/b] - (eamon) -- C:\Windows\SysNative\drivers\eamon.sys (ESET)
DRV:[b]64bit:[/b] - (LVUVC64) Logitech QuickCam Pro 9000(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:[b]64bit:[/b] - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:[b]64bit:[/b] - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (NEC Electronics Corporation)
DRV:[b]64bit:[/b] - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (NEC Electronics Corporation)
DRV:[b]64bit:[/b] - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:[b]64bit:[/b] - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:[b]64bit:[/b] - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:[b]64bit:[/b] - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:[b]64bit:[/b] - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:[b]64bit:[/b] - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()
DRV:[b]64bit:[/b] - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:[b]64bit:[/b] - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:[b]64bit:[/b] - (AF15BDA) -- C:\Windows\SysNative\drivers\AF15BDA.sys (ITETech                  )
DRV:[b]64bit:[/b] - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:[b]64bit:[/b] - (ArvoFltr) -- C:\Windows\SysNative\drivers\ArvoFltr.sys (ROCCAT Development, Inc.)
DRV:[b]64bit:[/b] - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:[b]64bit:[/b] - (KoneFltr) -- C:\Windows\SysNative\drivers\Kone.sys (ROCCAT Ltd)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (StarOpen) -- C:\Windows\SysWow64\drivers\StarOpen.sys ()
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://search.qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://qip.ru
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.qip.ru/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Hallo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.search.defaultenginename: "QIP Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: isreaditlater@ideashower.com:2.0.6
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.48.3
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86
FF - prefs.js..extensions.enabledItems: DeviceDetection@logitech.com:1.0.176.0
FF - prefs.js..extensions.enabledItems: {32a1fd71-835e-4b11-8e54-886fda0b4c89}:1.1
FF - prefs.js..extensions.enabledItems: en-US@dictionaries.addons.mozilla.org:4.0.0
FF - prefs.js..extensions.enabledItems: spam@trashmail.net:2.0.4
FF - prefs.js..keyword.URL: "http://search.qip.ru/search?from=FF&query="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.07.24 09:06:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.07.24 09:06:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2010.05.25 18:20:00 | 000,000,000 | ---D | M]
 
[2010.03.05 19:48:27 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Extensions
[2010.08.11 23:17:14 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions
[2010.07.06 19:14:11 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.04.27 13:31:59 | 000,000,000 | ---D | M] (QipAuthorizer) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
[2010.03.06 13:13:45 | 000,000,000 | ---D | M] (FoxyTunes) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}
[2010.03.27 01:59:50 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2010.07.11 14:08:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.07.31 15:10:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}
[2010.03.06 13:13:44 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.04.06 22:05:15 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\DeviceDetection@logitech.com
[2010.05.03 20:34:29 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\en-US@dictionaries.addons.mozilla.org
[2010.04.09 15:29:38 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\isreaditlater@ideashower.com
[2010.06.24 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\mozilla\Firefox\Profiles\rih7hx5x.default\extensions\spam@trashmail.net
[2010.07.07 19:18:03 | 000,005,304 | ---- | M] () -- C:\Users\Hallo\AppData\Roaming\Mozilla\FireFox\Profiles\rih7hx5x.default\searchplugins\gmt.xml
[2010.08.11 21:30:36 | 000,000,947 | ---- | M] () -- C:\Users\Hallo\AppData\Roaming\Mozilla\FireFox\Profiles\rih7hx5x.default\searchplugins\icqplugin.xml
[2010.04.27 13:31:59 | 000,002,062 | ---- | M] () -- C:\Users\Hallo\AppData\Roaming\Mozilla\FireFox\Profiles\rih7hx5x.default\searchplugins\qip-search.xml
[2010.04.23 20:26:05 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.23 20:26:05 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.06.25 01:41:01 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.06.25 01:41:01 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.06.25 01:41:01 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.06.25 01:41:01 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.06.25 01:41:01 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (QIPBHO Class) - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:\Users\Hallo\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll (qip.ru)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:[b]64bit:[/b] - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:[b]64bit:[/b] - HKLM..\Run: [lxdiamon] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdiamon.exe ()
O4:[b]64bit:[/b] - HKLM..\Run: [lxdimon.exe] C:\Program Files (x86)\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [Kone] C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE (ROCCAT)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\seba14mods\µtorrent 1.8.4 (build 16688) Leecher Pack\utorrent 1.8.4 (16688)_mult10_leecher.exe (BitTorrent, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O10:[b]64bit:[/b] - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:[b]64bit:[/b] - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35:[b]64bit:[/b] - HKLM\..comfile [open] -- "%1" %*
O35:[b]64bit:[/b] - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...com [@ = comfile] -- "%1" %*
O37:[b]64bit:[/b] - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2010.08.12 15:57:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.12 15:19:05 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Hallo\Desktop\OTL.exe
[2010.08.11 22:28:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NVIDIA Corporation
[2010.08.11 22:27:28 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Local\2K Games
[2010.08.11 21:42:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neuer Ordner
[2010.08.11 21:41:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\MafiaIIDemo
[2010.08.11 20:43:06 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\SUPERAntiSpyware.com
[2010.08.11 20:43:06 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.08.11 20:34:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2010.08.11 17:45:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2010.08.11 16:52:37 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2010.08.11 16:52:36 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2010.08.11 16:52:35 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2010.08.11 16:52:27 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2010.08.11 16:52:27 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2010.08.11 16:52:26 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2010.08.11 16:52:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2010.08.11 16:52:26 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2010.08.11 16:52:26 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2010.08.11 16:52:12 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.08.11 16:52:12 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2010.08.11 16:52:12 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2010.08.11 16:44:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.11 16:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.08.09 18:14:10 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Local\Divinity 2
[2010.08.09 18:14:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Divinity 2
[2010.08.09 18:09:22 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2010.08.09 17:52:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Divinity II - Ego Draconis
[2010.08.08 19:24:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\505games
[2010.08.06 20:06:28 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\NCH Software
[2010.08.06 20:02:35 | 000,000,000 | ---D | C] -- C:\ProgramData\NCH Swift Sound
[2010.08.06 20:02:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NCH Swift Sound
[2010.08.06 19:55:30 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\FinalBurner Video DVD
[2010.08.06 19:55:30 | 000,000,000 | ---D | C] -- C:\finalburner
[2010.08.06 19:54:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FinalBurner
[2010.08.06 19:49:04 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\Canneverbe Limited
[2010.08.06 19:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2010.08.06 19:48:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDBurnerXP
[2010.08.06 19:23:22 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\Nero
[2010.08.06 19:22:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NeroInstall.bak
[2010.08.06 19:22:47 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Local\Ahead
[2010.08.06 19:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2010.08.06 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2010.08.06 19:21:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2010.08.01 23:08:31 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Desktop\Neuer Ordner (9)
[2010.07.26 21:33:41 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\HU2011
[2010.07.26 21:30:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Hunting Unlimited 2011
[2010.07.26 01:51:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Guild 2 - Renaissance
[2010.07.25 16:46:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\fmXML
[2010.07.24 23:36:28 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\ZombieDriver
[2010.07.24 23:35:30 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.07.24 23:35:30 | 000,122,904 | ---- | C] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.07.24 23:35:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2010.07.24 23:32:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zombie Driver
[2010.07.20 00:29:54 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Desktop\Neuer Ordner (8)
[2010.07.20 00:20:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports Interactive
[2010.07.20 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2010.07.20 00:19:52 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Documents\Sports Interactive
[2010.07.20 00:19:51 | 000,000,000 | ---D | C] -- C:\Users\Hallo\AppData\Roaming\Sports Interactive
[2010.07.20 00:12:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Zero G Registry
[2010.07.20 00:12:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sports Interactive
[2010.07.20 00:11:49 | 000,000,000 | -H-D | C] -- C:\Users\Hallo\InstallAnywhere
[2010.07.19 20:54:50 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Desktop\Neuer Ordner (7)
[2010.07.14 23:00:10 | 000,000,000 | ---D | C] -- C:\Users\Hallo\Desktop\Neuer Ordner (6)
[2010.07.14 11:09:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2010.06.17 20:30:09 | 001,187,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiserv.dll
[2010.06.17 20:30:09 | 000,942,080 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiusb1.dll
[2010.06.17 20:30:09 | 000,671,744 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdihbn3.dll
[2010.06.17 20:30:09 | 000,614,400 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipmui.dll
[2010.06.17 20:30:09 | 000,532,480 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdilmpm.dll
[2010.06.17 20:30:09 | 000,356,352 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiinpa.dll
[2010.06.17 20:30:09 | 000,339,968 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiiesc.dll
[2010.06.17 20:30:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdiprox.dll
[2010.06.17 20:30:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdipplc.dll
[2010.06.17 20:30:08 | 000,765,952 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomc.dll
[2010.06.17 20:30:08 | 000,360,448 | ---- | C] ( ) -- C:\Windows\SysWow64\lxdicomm.dll
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2010.08.12 16:00:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2010.08.12 16:00:42 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.12 16:00:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.12 16:00:31 | 535,683,071 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.12 15:59:04 | 002,359,296 | -HS- | M] () -- C:\Users\Hallo\NTUSER.DAT
[2010.08.12 15:59:02 | 005,752,453 | -H-- | M] () -- C:\Users\Hallo\AppData\Local\IconCache.db
[2010.08.12 15:19:24 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Hallo\Desktop\OTL.exe
[2010.08.12 14:00:21 | 001,486,084 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.08.12 14:00:21 | 000,648,466 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.08.12 14:00:21 | 000,611,134 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.08.12 14:00:21 | 000,128,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.08.12 14:00:21 | 000,105,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.08.12 13:56:39 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 13:56:39 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.12 04:08:19 | 000,289,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.08.11 20:34:44 | 000,002,097 | ---- | M] () -- C:\Users\Hallo\Desktop\HijackThis.lnk
[2010.08.11 16:44:50 | 000,001,262 | ---- | M] () -- C:\Users\Hallo\Desktop\Spybot - Search & Destroy.lnk
[2010.08.10 13:55:42 | 000,407,552 | ---- | M] () -- C:\Users\Hallo\Desktop\mafia.ii.[demo]-patch.exe
[2010.08.09 18:14:11 | 000,002,184 | ---- | M] () -- C:\Users\Hallo\Desktop\Divinity II - Flames Of Vengeance.lnk
[2010.08.09 18:06:30 | 000,002,140 | ---- | M] () -- C:\Users\Hallo\Desktop\Divinity II - Ego Draconis.lnk
[2010.08.08 19:29:24 | 000,001,227 | ---- | M] () -- C:\Users\Hallo\Desktop\Men of War (Multiplayer).lnk
[2010.08.08 19:27:58 | 000,000,997 | ---- | M] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2010.08.08 19:26:07 | 000,001,208 | ---- | M] () -- C:\Users\Hallo\Desktop\Men of War.lnk
[2010.08.06 20:02:29 | 000,001,211 | ---- | M] () -- C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk
[2010.08.06 19:56:02 | 000,005,120 | ---- | M] () -- C:\Users\Hallo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.06 19:49:01 | 000,001,953 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.08.06 19:45:18 | 000,000,048 | ---- | M] () -- C:\Users\Hallo\Desktop\C
[2010.08.06 19:45:11 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.06 19:22:41 | 000,002,767 | ---- | M] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.08.06 19:22:41 | 000,002,647 | ---- | M] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010.08.06 19:22:11 | 000,000,026 | ---- | M] () -- C:\Windows\Irremote.ini
[2010.08.06 19:22:06 | 000,001,024 | ---- | M] () -- C:\Users\Hallo\.rnd
[2010.08.06 01:13:52 | 1439,215,616 | ---- | M] () -- C:\Users\Hallo\Desktop\vcf-kisskill.avi
[2010.08.05 15:07:32 | 1212,485,632 | ---- | M] () -- C:\Users\Hallo\Desktop\logic-friseuse-xvid.avi
[2010.08.04 21:50:20 | 550,361,088 | ---- | M] () -- C:\Users\Hallo\Desktop\awa-rockstrentes01e01.avi
[2010.08.03 12:01:51 | 1534,291,967 | ---- | M] () -- C:\Users\Hallo\Desktop\de-dfove.iso
[2010.08.02 21:03:35 | 1194,588,160 | ---- | M] () -- C:\Users\Hallo\Desktop\kinowelt-nine-xvid.avi
[2010.08.02 16:57:02 | 000,819,359 | ---- | M] () -- C:\Users\Hallo\Desktop\IMAG0011.jpg
[2010.08.02 16:56:30 | 000,949,372 | ---- | M] () -- C:\Users\Hallo\Desktop\IMAG0009.jpg
[2010.07.30 23:27:35 | 000,039,424 | R--- | M] () -- C:\Users\Hallo\Desktop\Trainings-Sterne.xls
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2010.07.25 16:46:37 | 000,001,025 | ---- | M] () -- C:\Users\Hallo\Desktop\fmXML.lnk
[2010.07.24 23:35:30 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2010.07.24 23:35:30 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2010.07.24 23:35:30 | 000,122,904 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysNative\OpenAL32.dll
[2010.07.24 23:35:30 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\Windows\SysWow64\OpenAL32.dll
[2010.07.24 23:33:31 | 000,001,188 | ---- | M] () -- C:\Users\Public\Desktop\Zombie Driver.lnk
[2010.07.24 11:01:26 | 2685,435,904 | ---- | M] () -- C:\Users\Hallo\Desktop\vty-0326.iso
[2010.07.20 03:35:11 | 000,001,786 | ---- | M] () -- C:\Users\Hallo\Desktop\fm - Verknüpfung.lnk
[2010.07.19 17:57:38 | 608,041,392 | ---- | M] () -- C:\Users\Hallo\Desktop\gow-hu2011.bin
[2010.07.19 17:57:38 | 000,000,076 | ---- | M] () -- C:\Users\Hallo\Desktop\gow-hu2011.cue
[2010.07.19 15:34:08 | 735,299,584 | ---- | M] () -- C:\Users\Hallo\Desktop\xcopy-moon2009.avi
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2010.08.12 03:17:34 | 690,827,264 | ---- | C] () -- C:\Users\Hallo\Desktop\ind-alice-cd2.avi
[2010.08.12 02:15:15 | 731,398,144 | ---- | C] () -- C:\Users\Hallo\Desktop\ind-alice-cd1.avi
[2010.08.11 21:49:52 | 000,407,552 | ---- | C] () -- C:\Users\Hallo\Desktop\mafia.ii.[demo]-patch.exe
[2010.08.11 20:34:44 | 000,002,097 | ---- | C] () -- C:\Users\Hallo\Desktop\HijackThis.lnk
[2010.08.11 16:44:50 | 000,001,262 | ---- | C] () -- C:\Users\Hallo\Desktop\Spybot - Search & Destroy.lnk
[2010.08.11 01:16:05 | 733,931,520 | ---- | C] () -- C:\Users\Hallo\Desktop\ctl-college.animals.3.xvid.avi
[2010.08.09 18:14:11 | 000,002,184 | ---- | C] () -- C:\Users\Hallo\Desktop\Divinity II - Flames Of Vengeance.lnk
[2010.08.09 18:06:30 | 000,002,140 | ---- | C] () -- C:\Users\Hallo\Desktop\Divinity II - Ego Draconis.lnk
[2010.08.09 17:39:54 | 1534,291,967 | ---- | C] () -- C:\Users\Hallo\Desktop\de-dfove.iso
[2010.08.09 17:39:49 | 2741,108,735 | ---- | C] () -- C:\Users\Hallo\Desktop\DIVINITY_II.iso
[2010.08.09 02:41:44 | 1212,485,632 | ---- | C] () -- C:\Users\Hallo\Desktop\logic-friseuse-xvid.avi
[2010.08.08 19:29:24 | 000,001,227 | ---- | C] () -- C:\Users\Hallo\Desktop\Men of War (Multiplayer).lnk
[2010.08.08 19:27:58 | 000,000,997 | ---- | C] () -- C:\Users\Public\Desktop\Acrobat.com.lnk
[2010.08.08 19:26:07 | 000,001,208 | ---- | C] () -- C:\Users\Hallo\Desktop\Men of War.lnk
[2010.08.08 19:17:22 | 3411,443,712 | ---- | C] () -- C:\Users\Hallo\Desktop\gns-mow.iso
[2010.08.07 18:35:02 | 1439,215,616 | ---- | C] () -- C:\Users\Hallo\Desktop\vcf-kisskill.avi
[2010.08.06 20:02:29 | 000,001,211 | ---- | C] () -- C:\Users\Public\Desktop\Express Burn Disc Burning Software.lnk
[2010.08.06 19:49:01 | 000,001,953 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2010.08.06 19:49:00 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.08.06 19:49:00 | 000,005,504 | ---- | C] () -- C:\Windows\SysNative\drivers\StarOpen.sys
[2010.08.06 19:37:14 | 000,000,048 | ---- | C] () -- C:\Users\Hallo\Desktop\C
[2010.08.06 19:33:55 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.08.06 19:22:41 | 000,002,767 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2010.08.06 19:22:41 | 000,002,647 | ---- | C] () -- C:\Users\Public\Desktop\Nero Home.lnk
[2010.08.06 19:22:11 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.08.06 19:22:05 | 000,001,024 | ---- | C] () -- C:\Users\Hallo\.rnd
[2010.08.06 19:20:59 | 550,361,088 | ---- | C] () -- C:\Users\Hallo\Desktop\awa-rockstrentes01e01.avi
[2010.08.05 03:35:30 | 733,005,824 | ---- | C] () -- C:\Users\Hallo\Desktop\empire-ausgeflittert-xvid-cd2.avi
[2010.08.05 01:55:17 | 734,324,736 | ---- | C] () -- C:\Users\Hallo\Desktop\empire-ausgeflittert-xvid-cd1.avi
[2010.08.03 02:55:44 | 1194,588,160 | ---- | C] () -- C:\Users\Hallo\Desktop\kinowelt-nine-xvid.avi
[2010.08.02 18:57:47 | 000,949,372 | ---- | C] () -- C:\Users\Hallo\Desktop\IMAG0009.jpg
[2010.08.02 18:57:47 | 000,819,359 | ---- | C] () -- C:\Users\Hallo\Desktop\IMAG0011.jpg
[2010.08.01 18:17:46 | 730,462,208 | ---- | C] () -- C:\Users\Hallo\Desktop\kings_of_rock.avi
[2010.07.30 23:27:35 | 000,039,424 | R--- | C] () -- C:\Users\Hallo\Desktop\Trainings-Sterne.xls
[2010.07.27 21:37:51 | 735,299,584 | ---- | C] () -- C:\Users\Hallo\Desktop\xcopy-moon2009.avi
[2010.07.26 21:27:30 | 000,000,076 | ---- | C] () -- C:\Users\Hallo\Desktop\gow-hu2011.cue
[2010.07.26 21:27:10 | 608,041,392 | ---- | C] () -- C:\Users\Hallo\Desktop\gow-hu2011.bin
[2010.07.26 01:40:21 | 2685,435,904 | ---- | C] () -- C:\Users\Hallo\Desktop\vty-0326.iso
[2010.07.25 16:46:37 | 000,001,025 | ---- | C] () -- C:\Users\Hallo\Desktop\fmXML.lnk
[2010.07.24 23:33:31 | 000,001,188 | ---- | C] () -- C:\Users\Public\Desktop\Zombie Driver.lnk
[2010.07.21 00:45:14 | 000,065,706 | ---- | C] () -- C:\Users\Hallo\Desktop\team instructions.xml
[2010.07.21 00:45:14 | 000,056,164 | ---- | C] () -- C:\Users\Hallo\Desktop\player instructions.xml
[2010.07.20 03:35:11 | 000,001,786 | ---- | C] () -- C:\Users\Hallo\Desktop\fm - Verknüpfung.lnk
[2010.07.20 00:22:56 | 000,072,821 | ---- | C] () -- C:\Users\Hallo\Desktop\skidrow.nfo
[2010.07.20 00:09:14 | 2486,501,376 | ---- | C] () -- C:\Users\Hallo\Desktop\rld-fm10.iso
[2010.06.17 20:30:09 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxdicomx.dll
[2010.06.17 20:30:09 | 000,294,912 | ---- | C] () -- C:\Windows\SysWow64\lxdiinst.dll
[2010.06.15 13:12:45 | 001,970,176 | ---- | C] () -- C:\Windows\SysWow64\d3dx9.dll
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.22 20:43:59 | 000,000,116 | ---- | C] () -- C:\Windows\SysWow64\applet.ini
[2010.03.03 12:40:26 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010.02.12 19:49:34 | 000,712,704 | ---- | C] () -- C:\Windows\SysWow64\spk.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
 
[color=#E56717]========== LOP Check ==========[/color]
 
[2010.05.09 23:41:55 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\.purple
[2010.08.06 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Canneverbe Limited
[2010.03.07 13:03:22 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\DAEMON Tools Lite
[2010.03.06 13:05:35 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\DAEMON Tools Pro
[2010.08.06 19:55:30 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\FinalBurner Video DVD
[2010.04.27 20:33:44 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\gtk-2.0
[2010.07.26 21:40:44 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\HU2011
[2010.08.12 13:50:43 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\ICQ
[2010.04.06 22:18:17 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Leadertech
[2010.06.17 20:35:48 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Lexmark Productivity Studio
[2010.08.11 04:24:37 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Loelwo
[2010.03.12 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Mount&Blade
[2010.04.05 16:46:51 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Mount&Blade Warband
[2010.03.21 17:24:32 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\OpenOffice.org
[2010.03.18 18:52:54 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Opera
[2010.03.22 20:44:16 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\QIP
[2010.03.14 12:25:44 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\ROCCAT
[2010.07.20 22:07:57 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Sports Interactive
[2010.04.27 14:18:52 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Stardock
[2010.05.08 15:44:22 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\StreamTorrent
[2010.03.05 20:05:12 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\TuneUp Software
[2010.08.12 16:05:57 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\uTorrent
[2010.04.12 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\Vso
[2010.07.24 23:36:56 | 000,000,000 | ---D | M] -- C:\Users\Hallo\AppData\Roaming\ZombieDriver
[2010.07.29 10:50:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
[color=#E56717]========== Purity Check ==========[/color]
 
 
< End of report >

Code

OTL Extras logfile created on: 12.08.2010 16:03:13 - Run 2
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Hallo\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
6,00 Gb Total Physical Memory | 5,00 Gb Available Physical Memory | 76,00% Memory free
12,00 Gb Paging File | 10,00 Gb Available in Paging File | 87,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 655,79 Gb Free Space | 70,41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 74,31 Gb Total Space | 51,85 Gb Free Space | 69,78% Space Free | Partition Type: FAT32
F: Drive not present or media not loaded
Drive G: | 465,76 Gb Total Space | 387,67 Gb Free Space | 83,23% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
Drive I: | 931,51 Gb Total Space | 209,86 Gb Free Space | 22,53% Space Free | Partition Type: NTFS
 
Computer Name: HALLO-PC
Current User Name: Hallo
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== File Associations ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[color=#E56717]========== Shell Spawning ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[color=#E56717]========== Security Center Settings ==========[/color]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[b]64bit:[/b] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[color=#E56717]========== Authorized Applications List ==========[/color]
 
 
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{2016B2AD-0051-05C7-9CCB-CE9F05659CB7}" = ccc-utility64
"{23170F69-40C1-2702-0465-000001000000}" = 7-Zip 4.65 (x64 edition)
"{25D04DBB-FE9D-E3BA-C2F3-F1BE9B8C0709}" = ATI Catalyst Install Manager
"{328CC232-CFDC-468B-A214-2E21300E4CB5}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B55F339-396E-29A9-B6D0-24B6D251C90A}" = AMD Drag and Drop Transcoding
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{53529DAD-F7C9-476E-87CC-1547C4E3E821}" = iTunes
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{987FE247-4E69-4A2E-A961-D14F901FDBF6}" = Logitech Webcam Software
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B91110FB-33B4-468B-90C2-4D5E8AE3FAE1}" = Bonjour
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{CE4F361A-8C13-441C-A21A-DDC0FBA6FEED}" = ESET NOD32 Antivirus
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Explorer Suite_is1" = Explorer Suite III
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"lvdrivers_12.10" = Logitech Webcam Software-Treiberpaket
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{022F6097-A053-4B1B-BE50-3AADE4116B92}" = Opera 10.50
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0CA1005F-B640-0354-EC82-F8F7447A8E8A}" = CCC Help Hungarian
"{0FC472C3-6A2A-969F-10E7-E8F61B18117C}" = Catalyst Control Center Localization All
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_is1" = Men of War (Nur entfernen)
"{137D91E1-2347-4EAC-BB0B-CC06C6B92A52}_update1.11.3.0" = Update &1 für Spiel Men of War
"{1733273F-0C04-44E1-A089-E0F0684AC9C2}_is1" = QIP 2010 psYNovA-Edition
"{1A3E23D7-7A1E-43EC-B35D-EB8A31BED943}" = FinalBurner Free v2.23.0.193
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1" = Media Player Classic - Home Cinema v. 1.3.1249.0
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 19
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{31405CA2-F009-D91B-FEFF-35924343CB14}" = Catalyst Control Center InstallProxy
"{31B75145-DF24-C759-E735-9C129956961E}" = CCC Help Spanish
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{378BA9B5-DB6C-41DB-BE93-86CD198A8A9E}" = Guild 2 King's Edition
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}" = Saboteur™
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61DF2893-0069-4E50-A02E-3A41A97CB1B4}" = ROCCAT Arvo Keyboard Driver
"{641C1B16-FD4C-0F97-47AE-76637FC64225}" = CCC Help English
"{6492FF72-4DC5-4D9E-85D5-51574C8986C5}" = QIP Infium 9034 Jeak-Edition
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}" = Mass Effect 2
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{79C2D7F9-3BF8-52C1-6A7A-84C9296171F8}" = CCC Help German
"{7B29E627-71A5-6824-3F85-DBEF19624BD0}" = ccc-core-static
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84B587B3-94BA-CAFF-5824-DB8D2E7A72F4}" = Catalyst Control Center InstallProxy
"{87323561-58BA-4D5B-BADA-A791B69D1705}" = Catalyst Control Center - Branding
"{88B2BB7B-A684-E8E3-65C6-DDC5DC152C2A}" = CCC Help French
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial 
"{8CB77076-DB66-5D92-7886-807226C9CE4B}" = CCC Help Italian
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{9733747E-E53D-4C17-977E-3A872AFB93E1}" = ROCCAT Kone Mouse Driver
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C6F56DA-7051-6677-4E5A-9DC6C573F2B5}" = CCC Help Portuguese
"{9CE28521-FEA3-4D5A-8320-D2A6C9151B82}" = Supreme Commander 2
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BE282C23-5484-47FF-B2C1-EBEA5C891031}" = Nero 8
"{C3FA3CCE-2A88-0976-B875-4B3E9D41204D}" = Catalyst Control Center Graphics Previews Common
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5334C85-F601-427C-85F7-CDD9FDC8C69F}" = StubbsPatchInstaller
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D54A0D86-35B0-BFC8-174B-D991EDF903B8}" = Catalyst Control Center Graphics Previews Vista
"{D5610369-AF78-386F-4985-9822654973A3}" = CCC Help Polish
"{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI
"{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1" = ConvertXtoDVD 4.0.10.324
"{E666E822-53A9-460B-BA99-35184AA80965}" = Hunting Unlimited 2011
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{ECCA8FE7-767A-4C8A-9DAA-BAB60F877C41}" = Sins of a Solar Empire
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F77D44EB-2A6E-E2EE-7C30-40A5409B2650}" = CCC Help Greek
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX
"{THEGUILDREN-0010-2010-300520102330}_is1" = The Guild 2 - Renaissance
"µtorrent 1.8.4 (build 16688) Leecher Pack by seba14_is1" = µtorrent 1.8.4 (build 16688) Leecher Pack
"µtorrent 2.0.0 (build 18296) Leecher Pack by seba14_is1" = µtorrent 2.0.0 (build 18296) Leecher Pack
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArtMoney SE_is1" = ArtMoney SE v7.32.1
"Aspell German Dictionary_is1" = Aspell German Dictionary-0.50-2
"Cheat Engine 5.6_is1" = Cheat Engine 5.6
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI
"Die Gilde 2 - Back to the Roots_is1" = Die Gilde 2 - Back to the Roots Patch v1.2
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"Divinity II - Ego Draconis_is1" = Divinity II - Ego Draconis
"DivX Setup.divx.com" = DivX-Setup
"EA Download Manager" = EA Download Manager
"ExpressBurn" = Express Burn Disc Burning Software
"Fallout Mod Manager_is1" = Fallout Mod Manager 0.11.9
"fmXML_is1" = fmXML version 0.3
"Football Manager 2010" = Football Manager 2010
"Fraps" = Fraps (remove only)
"Free iPod Video Converter_is1" = Free iPod Video Converter 1.34
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"GNU Aspell_is1" = GNU Aspell 0.50-3
"GTK 2.0" = GTK+ Runtime 2.14.7 rev a (nur entfernen)
"HijackThis" = HijackThis 2.0.2
"Impulse" = Impulse
"Just Cause 2_is1" = Just Cause 2
"LastFM_is1" = Last.fm 1.5.4.24567
"Magic The Gathering - Duels of the Planeswalkers_is1" = Magic The Gathering - Duels of the Planeswalkers
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.0.0.5
"MiNODLogin" = ESET Antivirus License Finder (MiNODLogin)
"Mount&Blade" = Mount&Blade
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"OpenAL" = OpenAL
"Pidgin" = Pidgin
"Sins of a Solar Empire" = Sins of a Solar Empire
"Sins of a Solar Empire - Diplomacy" = Sins of a Solar Empire - Diplomacy
"Sins of a Solar Empire - Entrenchment" = Sins of a Solar Empire - Entrenchment
"Sophos-AntiRootkit" = Sophos Anti-Rootkit 1.5.0
"Steam App 240" = Counter-Strike: Source
"Steam App 43110" = Metro 2033
"Steam App 48700" = Mount&Blade: Warband
"Steam App 50280" = Mafia II - Demo
"StreamTorrent 1.0" = StreamTorrent 1.0
"TuneUp Utilities" = TuneUp Utilities
"uTorrent" = µTorrent
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"X3TC Bonuspaket_is1" = X3TC Bonuspaket 4.1.01
"X3TerranConflict_is1" = X3 Terran Conflict v2.7
"xp-AntiSpy" = xp-AntiSpy 3.97-9
"Zombie Driver" = Zombie Driver 1.1.4b
 
[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"QIP Infium" = QIP Infium 2.0.9034
"QipGuard" = QIP Internet Guardian
 
[color=#E56717]========== Last 10 Event Log Errors ==========[/color]
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

#7 Wo sind die Logs aus Schritt 4 und 5?

#8

Code

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Hallo
->Temp folder emptied: 86655639 bytes
->Temporary Internet Files folder emptied: 5807617 bytes
->Java cache emptied: 16378837 bytes
->FireFox cache emptied: 84191332 bytes
->Opera cache emptied: 1327321 bytes
->Flash cache emptied: 60503 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 24576 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 577767 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 77332419915 bytes
 
Total Files Cleaned = 73.936,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08122010_155737

Files\Folders moved on Reboot...
C:\Users\Hallo\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
File move failed. C:\Windows\temp\logishrd\LVPrcInj02.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Code

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4422

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12.08.2010 16:12:25
mbam-log-2010-08-12 (16-12-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 130624
Laufzeit: 2 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

#9 Da sist nicht das ganze OTL log

#10 Zumindest alles was er ausgegeben hat ôo

#11 Egal

Wie läuft die Kiste?

#12 Sie läuft ganz wundervoll, keine merkwürdigen eingehenden verbindungen mehr Eset hat sich beruhigt wie geschmiert ^^


Herzlichen Dank



Erklärst du mir jetz noch wie du ihn gefunden hast das würd mich nämlich echt interessieren ^^

#13 Durch die Glaskugel SMILE

Nein mit VIEL Erfahrung in Logs lesen in über 5000 Posts

Schritt 1

F-Secure Onlinescanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
• Unterstützte Betriebssysteme: Windows 2000, Windows XP und Windows Vista (32bit)
• Bitte den Internet Explorer unbedingt mit Rechtsklick auf das Icon und als Administrator starten.
• Einen Haken bei "I have read and accepted the license terms".
• Den Button "Install" drücken.
• IE-User müssen die Installation des ActiveX Elements erlauben und auf "Installieren" klicken.
• Firefox-User müssen die Installation des Firefox Addons erlauben und anschließend den Firefox neu starten.
• Den Button "Start" drücken.
• "Full Scan" einstellen und den Button "Start" drücken.
• Die Signaturen werden heruntergeladen.
• Der Scan beginnt automatisch.
• Scanende (Finish).
• Bei Funden benutze => Automatische Bereinigung (Automatically)
• und klicke auf den Button "Next".
• Bericht anzeigen, indem Du auf den Button "Full report" klickst.
• Menü => Datei => Seite speichern unter
• Dateityp auf Textdatei umstellen und
• auf dem Desktop als f-secure.txtspeichern.
• Log hier posten.

Schritt 2

CCleaner installieren und einstellen
• CCleaner ist ein Bereinigungstool, welches für Windows 98/NT4/ME/2000/XP/2003/Vista geeignet ist.
• CCleaner löscht unnötige Dateien und säubert die Registrierung.
• CCleaner (Slim ohne Toolbar) herunterladen und installieren.
• CCleaner starten und => unter options settings => german einstellen.
• Gehe auf den Button links oben "Cleaner" => Reiter "Windows"
setze Häkchen wie folgt:
alle außer "Eingabefeld Verlauf" und bei
Erweitert nur ein Häkchen bei "Alte Prefetchdaten" und "Benutzerdefinierte Dateien und Ordner".• Wechsel zum Reiter "Anwendungen",
dort alle Häkchen setzen außer bei Firefox/Mozilla (falls vorhanden) "Gespeicherte Formulardaten".

#14 64bit system daher relativ nutzlos =D, WIN 7

CCleaner hatt ich mal hab ich aber durch Tuneup ersetzt das programm find ich schöner

#15 Bist Du sicher das es nicht geht? Mach mal den Scan

Also TuneUp geht gar nicht, aber deine Wahl!