Skype- Virus und kein Zugriff auf externe Festplatte

06.10.2012, 14:23

marxs999

...neu hier

Beiträge: 2

#1 Hallo liebe Comunity!

Ich habe mich heute unglücklicher Weise und durch eigene Dummheit, mit dem Skype- Virus "angesteckt".
Da ich bereits ein Video über diesen Virus angeschaut habe, konnte ich die Dateien erfolgreich löschen.

Jedoch viel mir einige Zeit später auf, als ich auf meine externe festplatte zugreifen wollte, dass die Ordner die sich auf der Festplatte befinden, allesamt eine Verknüpfung zu C:\Windows\System32 beinhalten. Auch der Ordner $RECYCLE wurde mir angezeigt, obwohl ich nie eingestellt habe das dieser versteckte Ordner angezeigt werden soll.

Wenn ich jetzt versuche einen dieser Ordner zu öffnen, kommt folgende Fehlermeldung:

"E:\RECYCLER\e621ca05.exe" konnte nicht gefunden werden. Stellen sie sicher, dass Sie den Namen richtig eingegeben haben und wiederholen Sie den Vorgang.

Der Ordner öffnet sich dabei natürlich nicht.

Ob diese beiden Dinge (also Skype- Virus und das Odner- Problem) in direkter Verbindung stehen oder es sich um 2 paar Schuhe handelt, kann ich leider nicht sagen.

folgende Schritte habe ich schon getan:

http://board.protecus.de/t23188.htm

und das kam dabei heraus...

-MBAM-

Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.10.06.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: HOME [Administrator]

Schutz: Aktiviert

06.10.2012 12:37:41
mbam-log-2012-10-06 (12-37-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|L:\|M:\|N:\|P:\|R:\|S:\|T:\|W:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 283822
Laufzeit: 38 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

-GMER-

GMER 1.0.15.14966 - http://www.gmer.net
Rootkit scan 2012-10-06 14:06:04
Windows 6.1.7601 Service Pack 1

---- Files - GMER 1.0.15 ----

File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_event01.bmc 394 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_event01.smc 414 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_oubli.bm 19044 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_oubli.smc 405 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_phynix.bm 19645 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_phynix.bmc 202 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_phynix.smc 410 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_sp.bm 30953 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_sp.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_sp.smc 391 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_004.smc 350 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_005.bm 13694 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_005.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_005g.bm 13696 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_005g.bmc 386 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_005g.smc 359 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_006.bm 30398 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_006.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_007.bm 28934 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_007.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_007b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_008.bm 20054 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_008.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_009.bm 19862 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_009.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_00g.bm 19165 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_00u.bm 45925 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_00u.bmc 380 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_00u.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_010.bm 17509 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_010.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_011.bm 25238 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_011.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_012.bm 40105 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_012.bmc 380 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_012.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_013.bm 29533 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_013.bmc 203 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_013.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_014.bm 29149 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_014.bmc 203 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_014.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ma_wand_oubli.bmc 382 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_015.bmc 203 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_015.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_016.bm 29437 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_016.bmc 380 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_016.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_017.bm 20796 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_017.bmc 380 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_017.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_018.bm 56581 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_018.bmc 203 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_018.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_019-1.bm 39340 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_019-1.bmc 205 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_019-1.smc 395 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_019-2.bm 39340 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_019-2.bmc 392 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_019.bm 39348 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_019.bmc 380 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_019.smc 354 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020-1.bm 45508 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020-1.bmc 205 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020-1.smc 394 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020-2.bm 45508 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020-2.bmc 392 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020-2.smc 394 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020.bm 44592 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020.bmc 380 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_020.smc 384 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_021-1.bm 55684 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_021-1.bmc 205 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_021-1.smc 396 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_021.bm 55680 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_021.smc 386 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_022-1.bm 46948 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_022-1.bmc 205 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_022-1.smc 395 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_022.bm 46944 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_022.bmc 203 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_022.smc 385 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_023-1.bm 60105 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_023-1.bmc 205 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_023-1.smc 395 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_023.bm 60102 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_023.bmc 205 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_023.smc 385 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_024.bm 35857 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_024.bmc 203 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_024.smc 386 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_000.bm 10738 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_000.smc 350 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_001.bm 12370 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_001.smc 350 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_002.bm 13810 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_002.smc 350 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_003.bm 15394 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_003.smc 350 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_025.bmc 380 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_025.smc 386 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_biza_01.bm 19274 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_biza_01.bmc 207 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_biza_01.smc 368 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_cos01.bm 18653 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_cos01.bmc 205 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_cos01.smc 398 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_oubli.bm 54221 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_oubli.bmc 205 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_oubli.smc 394 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_phynix.bm 45919 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_phynix.bmc 206 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_phynix.smc 401 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_sp.bm 55199 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_dsword_sp.bmc 374 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_012.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_012.bmc 384 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_012.smc 358 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_013.bm 20037 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_013.smc 462 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_016.bmc 203 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_016.smc 356 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_025.bm 19523 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_025.bmc 384 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_025.smc 358 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_sp.bm 17528 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_sp.bmc 378 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_shield_sp.smc 353 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_000.bm 5909 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_000.bmc 362 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_000.smc 389 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_000.tbn 49248 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_001.bm 6316 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_001.bmc 362 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_001.smc 390 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_001b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_002.bm 6868 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_002.bmc 362 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_002.smc 390 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_002b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_003.bm 7636 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_003.bmc 362 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_003.smc 388 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_004.bm 8836 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_004.bmc 362 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_004.smc 389 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_004b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_005.bm 7053 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_005.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_005.smc 393 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_005b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_005g.bm 7055 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_005g.bmc 382 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_005g.smc 408 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_006.bm 15117 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_006.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_006.smc 394 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_006b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_007.bm 14169 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_007.smc 390 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_008.bm 10113 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_008.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_008.smc 393 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_008b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_009.bm 10089 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_009.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_009.smc 391 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_009b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_00g.bm 9693 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_00g.bmc 376 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_00g.smc 402 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_00gg.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_00u.bm 22809 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_00u.bmc 376 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_00u.smc 401 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_010.bmc 376 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_010.smc 401 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_010b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_011.bm 12777 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_011.bmc 376 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_011.smc 403 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_011b.bm 16 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_012.bm 20259 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_012.bmc 377 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_012.smc 404 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_013.bm 13965 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_013.bmc 376 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_013.smc 403 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_014.bm 14349 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_014.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_014.smc 392 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_015.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_015.smc 392 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_016.bm 15405 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_016.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_016.smc 393 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_017.bm 10496 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_017.bmc 366 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_017.smc 393 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_018.bm 28521 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_018.bmc 376 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_018.smc 401 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_018_drop.bm 28381 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_018_drop.bmc 200 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_018_drop.smc 315 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_019-1.bm 20040 bytes
File E:\$RECYCLE.BIN\S-1-5-21-915638463-3607260244-130990012-1000\$RWZSBSY\Data\Item\Weapon\ni_sword_019-1.bmc 203 bytes

---- EOF - GMER 1.0.15 ----

-HiJackThis-

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:15:17, on 06.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
L:\Malwarebytes' Anti-Malware\mbamgui.exe
P:\AVG\avgtray.exe
P:\Firefox\firefox.exe
P:\Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
P:\Skype\Phone\Skype.exe
P:\AVG\avgui.exe
C:\Users\Standard\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - P:\AVG\avgdtiex.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_TRAY] "P:\AVG\avgtray.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] L:\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Cleanup] C:\cleanup.exe
O4 - HKCU\..\Run: [Steam] "L:\Steam\Steam.exe" -silent
O9 - Extra button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - P:\AVG\avgdtiex.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - P:\AVG\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG Firewall (avgfws) - AVG Technologies CZ, s.r.o. - P:\AVG\avgfws.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - P:\AVG\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - P:\AVG\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - L:\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - L:\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Unknown owner - C:\Program Files (x86)\Skype\Updater\Updater.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 5997 bytes

Zusätzlich zu den Scan von MBAM habe ich noch ein SystemScan meines Antiviren-Programmes (AVG) gemacht und folgende Dateien wurden dabei bereits gelöscht:

siehe Anhang

Ich hoffe ihr könnt mir helfen und gemeinsam den Virus löschen.
Ob das was GMER ausgespuckt hat hilfreich ist, bezweifel ich, sieht für mich aus wie alte Spieledateien.

So dann sage ich schon mal danke und ich bin auf eure Meinungen zu dem Thema gespannt.

MfG, Marcus.

Anhang:

06.10.2012, 17:06

Swisstreasure

Moderator

Beiträge: 5694

#2 Herzlich Willkommen auf dem Protecus Forum

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
• Bitte arbeite alle Schritte der Reihe nach ab.
• Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
• Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
• Bitte kein Crossposting (posten in mehreren Foren).
• Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
• Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
• Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
• Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
• Kopiere nun den Inhalt in die

Textbox.

Code

activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
explorer.exe
regedit.exe
winlogon.exe
wininit.exe
userinit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
CREATERESTOREPOINT

• Schliesse bitte nun alle Programme. (Wichtig)
• Klicke nun bitte auf den Quick Scan Button.
• Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

06.10.2012, 17:39

marxs999

...neu hier

Themenstarter

Beiträge: 2

#3 Hey, erstmal danke für deine Antwort.

Ich habe OTL drüber laufen lassen und folgendes kam dabei heraus...

-OTL.txt-
OTL logfile created on: 06.10.2012 17:31:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Standard\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 80,30% Memory free
15,96 Gb Paging File | 14,19 Gb Available in Paging File | 88,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,90 Gb Total Space | 19,32 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 347,62 Gb Free Space | 74,64% Space Free | Partition Type: NTFS
Drive L: | 200,00 Gb Total Space | 199,21 Gb Free Space | 99,60% Space Free | Partition Type: NTFS
Drive M: | 250,00 Gb Total Space | 249,89 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive N: | 300,00 Gb Total Space | 298,75 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
Drive P: | 19,24 Gb Total Space | 18,77 Gb Free Space | 97,58% Space Free | Partition Type: NTFS
Drive R: | 50,00 Gb Total Space | 49,90 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
Drive S: | 50,00 Gb Total Space | 32,05 Gb Free Space | 64,11% Space Free | Partition Type: NTFS
Drive T: | 10,00 Gb Total Space | 9,91 Gb Free Space | 99,13% Space Free | Partition Type: NTFS
Drive W: | 100,00 Gb Total Space | 83,54 Gb Free Space | 83,54% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - [2012.10.06 17:29:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
PRC - [2012.10.04 17:29:00 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- L:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\avgidsagent.exe
PRC - [2012.07.31 03:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\avgtray.exe
PRC - [2012.06.13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\avgfws.exe
PRC - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- P:\AVG\avgwdsvc.exe

[color=#E56717]========== Modules (No Company Name) ==========[/color]

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - [2012.07.28 04:09:44 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.05 21:55:47 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.10.04 17:29:00 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- L:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- L:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.17 04:37:50 | 000,007,168 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.08.13 03:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- P:\AVG\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.19 19:10:34 | 000,634,632 | ---- | M] (Intel(R) Corporation) [Disabled | Stopped] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.06.13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- P:\AVG\avgfws.exe -- (avgfws)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- P:\AVG\avgwdsvc.exe -- (avgwd)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.24 15:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.08.17 04:33:42 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.08.17 04:33:38 | 000,027,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.07.28 06:07:44 | 010,278,912 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.07.28 03:14:46 | 000,368,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.07.26 03:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.07.25 15:11:36 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.06.07 11:17:04 | 000,319,336 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.05.02 12:31:56 | 000,403,232 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2012.05.02 12:31:56 | 000,134,944 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.11.10 09:28:22 | 000,052,160 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2011.11.10 09:28:22 | 000,024,640 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2011.05.23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010.12.28 21:45:54 | 000,412,776 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 05:32:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 05:32:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.27 13:25:10 | 000,027,160 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV - [2012.10.06 12:22:56 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\clhpna.sys -- (hrdewyfo)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.startup.homepage: "http://www.youtube.com/|https://www.google.de/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: P:\Java\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: P:\AVG\Firefox\DoNotTrack\ [2012.10.02 13:06:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: P:\Firefox\components [2012.10.02 13:12:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: P:\Firefox\plugins

[2012.10.02 13:12:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - P:\AVG\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - P:\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - P:\AVG\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] P:\AVG\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Driver Genius] File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\RunOnce: [Cleanup] C:\cleanup.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] L:\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = P:\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - P:\AVG\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - P:\AVG\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9432E67-9EC8-43C3-899A-37368B5C7589}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - P:\AVG\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - P:\AVG\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (P:\AVG\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
MsConfig:64bit - StartUpReg: ProfilerU - hkey= - key= - C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek)
MsConfig:64bit - StartUpReg: SaiMfd - hkey= - key= - C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek)
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - File not found
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2012.10.06 12:14:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.10.06 12:14:48 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.10.06 12:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.10.06 12:14:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.04 17:29:47 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Battlefield Heroes
[2012.10.04 17:28:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.10.03 11:55:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012.10.02 15:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2012.10.02 15:02:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2012.10.02 15:02:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2012.10.02 14:56:36 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Screaming Bee
[2012.10.02 14:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2012.10.02 14:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
[2012.10.02 14:55:15 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
[2012.10.02 14:55:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012.10.02 14:55:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.10.02 14:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012.10.02 14:49:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP
[2012.10.02 14:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP-2.0
[2012.10.02 14:48:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.10.02 14:48:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps
[2012.10.02 14:38:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.10.02 14:31:28 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012.10.02 14:31:19 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012.10.02 14:30:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.10.02 14:29:28 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\SmartTechnology
[2012.10.02 14:29:03 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Saitek SD6 Profiles
[2012.10.02 14:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartTechnology
[2012.10.02 14:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Technology
[2012.10.02 14:28:49 | 000,000,000 | ---D | C] -- C:\Program Files\SmartTechnology
[2012.10.02 14:27:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\WinRAR
[2012.10.02 14:27:53 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.02 14:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2012.10.02 14:27:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.10.02 14:22:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.10.02 14:22:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012.10.02 14:19:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation
[2012.10.02 14:18:16 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Intel Corporation
[2012.10.02 14:14:41 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ElevatedDiagnostics
[2012.10.02 14:12:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ATI
[2012.10.02 14:12:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\ATI
[2012.10.02 14:12:45 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.10.02 14:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel
[2012.10.02 14:12:06 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2012.10.02 14:11:19 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
[2012.10.02 14:10:37 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012.10.02 14:10:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012.10.02 14:10:31 | 000,000,000 | ---D | C] -- C:\Intel
[2012.10.02 14:10:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ASM104xUSB3
[2012.10.02 14:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.10.02 14:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2012.10.02 14:09:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2012.10.02 14:09:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2012.10.02 14:09:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.10.02 14:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2012.10.02 14:08:53 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.10.02 14:08:20 | 000,000,000 | ---D | C] -- C:\AMD
[2012.10.02 14:07:54 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2012.10.02 14:07:43 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2012.10.02 14:07:43 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2012.10.02 14:07:43 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2012.10.02 14:07:43 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2012.10.02 14:07:43 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2012.10.02 14:07:42 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2012.10.02 14:07:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2012.10.02 14:07:42 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2012.10.02 14:07:42 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2012.10.02 14:07:42 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2012.10.02 14:07:42 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2012.10.02 14:07:42 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2012.10.02 14:07:42 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2012.10.02 14:07:42 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2012.10.02 14:07:42 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2012.10.02 14:07:41 | 007,598,456 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2012.10.02 14:07:41 | 007,163,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2012.10.02 14:07:41 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2012.10.02 14:07:41 | 001,433,976 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2012.10.02 14:07:41 | 000,834,936 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2012.10.02 14:07:41 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2012.10.02 14:07:41 | 000,433,544 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2012.10.02 14:07:41 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2012.10.02 14:07:41 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2012.10.02 14:07:41 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2012.10.02 14:07:41 | 000,141,192 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2012.10.02 14:07:41 | 000,123,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2012.10.02 14:07:41 | 000,074,632 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2012.10.02 14:07:40 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2012.10.02 14:07:40 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2012.10.02 14:07:40 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2012.10.02 14:07:40 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2012.10.02 14:07:40 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2012.10.02 14:07:40 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2012.10.02 14:07:40 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2012.10.02 14:07:40 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2012.10.02 14:07:40 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2012.10.02 14:07:40 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2012.10.02 14:07:40 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2012.10.02 14:07:40 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2012.10.02 14:07:40 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2012.10.02 14:07:40 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2012.10.02 14:07:40 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2012.10.02 14:07:40 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2012.10.02 14:07:40 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2012.10.02 14:07:40 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2012.10.02 14:07:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2012.10.02 14:07:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2012.10.02 14:06:55 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2012.10.02 14:06:53 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll
[2012.10.02 14:06:53 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll
[2012.10.02 14:06:53 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll
[2012.10.02 14:06:53 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll
[2012.10.02 14:06:53 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll
[2012.10.02 14:06:53 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll
[2012.10.02 14:06:53 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll
[2012.10.02 14:06:53 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll
[2012.10.02 14:06:53 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll
[2012.10.02 14:06:53 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll
[2012.10.02 14:06:53 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll
[2012.10.02 14:06:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2012.10.02 13:34:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DriverGenius
[2012.10.02 13:33:55 | 000,000,000 | ---D | C] -- C:\ProgramData\DriverGenius
[2012.10.02 13:33:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition
[2012.10.02 13:22:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung SSD Magician
[2012.10.02 13:22:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2012.10.02 13:17:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Macromedia
[2012.10.02 13:17:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Macromedia
[2012.10.02 13:17:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Adobe
[2012.10.02 13:16:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed
[2012.10.02 13:16:55 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.10.02 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Mozilla
[2012.10.02 13:12:50 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Mozilla
[2012.10.02 13:06:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\AVG2012
[2012.10.02 13:06:16 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012.10.02 13:06:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.10.02 13:06:11 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.10.02 13:06:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012.10.02 13:06:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\AVG
[2012.10.02 12:59:06 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.10.02 12:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.10.02 12:50:27 | 001,882,104 | ---- | C] (Codejock Software) -- C:\Windows\SysWow64\Codejock.Controls.v15.0.1.ocx
[2012.10.02 12:50:27 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\SysWow64\XceedCry.dll
[2012.10.02 12:50:27 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\SysWow64\XCEEDZIP.DLL
[2012.10.02 12:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Magician
[2012.10.02 12:35:18 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2012.10.02 12:04:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Skype
[2012.10.02 12:04:16 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2012.10.02 12:04:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2012.10.02 11:40:30 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012.10.02 11:40:30 | 000,000,000 | R--D | C] -- C:\Users\Admin\Searches
[2012.10.02 11:40:30 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.10.02 11:40:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Identities
[2012.10.02 11:40:24 | 000,000,000 | R--D | C] -- C:\Users\Admin\Contacts
[2012.10.02 11:40:23 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\VirtualStore
[2012.10.02 11:40:21 | 000,000,000 | --SD | C] -- C:\Users\Admin\AppData\Roaming\Microsoft
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Videos
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Saved Games
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Pictures
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Music
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Links
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Favorites
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Downloads
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Documents
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\Desktop
[2012.10.02 11:40:21 | 000,000,000 | R--D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Vorlagen
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Verlauf
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Temporary Internet Files
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Startmenü
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\SendTo
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Recent
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Netzwerkumgebung
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Lokale Einstellungen
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Videos
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Musik
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Eigene Dateien
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Documents\Eigene Bilder
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Druckumgebung
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Cookies
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\AppData\Local\Anwendungsdaten
[2012.10.02 11:40:21 | 000,000,000 | -HSD | C] -- C:\Users\Admin\Anwendungsdaten
[2012.10.02 11:40:21 | 000,000,000 | -H-D | C] -- C:\Users\Admin\AppData
[2012.10.02 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Temp
[2012.10.02 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Microsoft
[2012.10.02 11:40:21 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Media Center Programs
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\Recovery
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\Programme
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2012.10.02 11:40:19 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2012.10.02 11:40:17 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012.10.02 11:36:01 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012.10.02 11:35:53 | 000,000,000 | -HSD | C] -- C:\System Volume Information

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2012.10.06 15:52:06 | 096,750,624 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.10.06 12:30:56 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.06 12:30:56 | 000,014,960 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.06 12:30:32 | 001,475,424 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.06 12:30:32 | 000,644,666 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.06 12:30:32 | 000,608,030 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.06 12:30:32 | 000,126,724 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.06 12:30:32 | 000,103,906 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.06 12:23:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.06 12:23:36 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.06 12:22:56 | 000,135,168 | ---- | M] () -- C:\zip.exe
[2012.10.06 12:22:56 | 000,061,440 | ---- | M] () -- C:\Windows\SysWow64\drivers\clhpna.sys
[2012.10.06 12:22:56 | 000,019,286 | ---- | M] () -- C:\cleanup.exe
[2012.10.06 12:22:56 | 000,000,574 | ---- | M] () -- C:\cleanup.bat
[2012.10.06 12:22:56 | 000,000,000 | ---- | M] () -- C:\backup.reg
[2012.10.06 12:14:48 | 000,000,631 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.05 23:51:44 | 000,018,081 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.10.05 20:28:07 | 000,628,824 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012.10.05 15:34:33 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.05 15:34:33 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.05 11:31:34 | 000,270,240 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.04 17:29:00 | 000,075,136 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.04 09:13:05 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.04 09:09:32 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.10.03 23:41:54 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.03 23:41:53 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.02 18:45:14 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.02 15:10:36 | 000,000,648 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.10.02 15:02:59 | 000,000,551 | ---- | M] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.10.02 14:55:15 | 000,000,727 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.10.02 14:49:53 | 000,000,920 | ---- | M] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.10.02 14:48:53 | 000,000,525 | ---- | M] () -- C:\Users\Admin\Desktop\Fraps.lnk
[2012.10.02 14:48:16 | 000,000,671 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.10.02 14:27:01 | 000,000,573 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.10.02 14:19:08 | 001,499,556 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.02 14:15:56 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2012.10.02 13:22:54 | 000,000,675 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
[2012.10.02 13:22:54 | 000,000,653 | ---- | M] () -- C:\Users\Public\Desktop\Samsung SSD Magician.lnk
[2012.10.02 13:06:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.10.02 13:06:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012.10.02 13:06:16 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.10.02 11:37:32 | 000,054,699 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012.10.02 11:37:32 | 000,054,699 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2012.10.06 15:52:06 | 096,750,624 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.10.06 12:22:56 | 000,135,168 | ---- | C] () -- C:\zip.exe
[2012.10.06 12:22:56 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\clhpna.sys
[2012.10.06 12:22:56 | 000,019,286 | ---- | C] () -- C:\cleanup.exe
[2012.10.06 12:22:56 | 000,000,574 | ---- | C] () -- C:\cleanup.bat
[2012.10.06 12:22:56 | 000,000,000 | ---- | C] () -- C:\backup.reg
[2012.10.06 12:14:48 | 000,000,631 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.10.05 23:51:44 | 000,018,081 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.10.05 20:28:07 | 000,628,824 | ---- | C] () -- C:\Windows\SysNative\drivers\AVG\iavifw.avm
[2012.10.05 11:31:34 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.04 17:29:01 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.04 17:29:01 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.04 17:29:00 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.10.04 09:13:05 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.10.03 23:41:54 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.10.03 23:41:53 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.10.02 18:45:14 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012.10.02 15:10:36 | 000,000,648 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.10.02 15:02:59 | 000,000,551 | ---- | C] () -- C:\Users\Public\Desktop\Steam.lnk
[2012.10.02 14:55:15 | 000,000,727 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.3.lnk
[2012.10.02 14:49:53 | 000,000,920 | ---- | C] () -- C:\Users\Public\Desktop\GIMP 2.lnk
[2012.10.02 14:48:53 | 000,000,525 | ---- | C] () -- C:\Users\Admin\Desktop\Fraps.lnk
[2012.10.02 14:48:16 | 000,000,671 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk
[2012.10.02 14:48:16 | 000,000,609 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
[2012.10.02 14:31:32 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012.10.02 14:31:28 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012.10.02 14:31:20 | 000,146,389 | ---- | C] () -- C:\Windows\SysWow64\printmanagement.msc
[2012.10.02 14:31:20 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012.10.02 14:31:20 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012.10.02 14:31:20 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012.10.02 14:27:01 | 000,000,573 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.10.02 14:27:00 | 000,087,040 | ---- | C] () -- C:\Windows\SysNative\pdfcmnnt.dll
[2012.10.02 14:19:08 | 001,499,556 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.02 14:15:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.10.02 14:07:42 | 000,334,357 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2012.10.02 13:22:54 | 000,000,675 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk
[2012.10.02 13:22:54 | 000,000,653 | ---- | C] () -- C:\Users\Public\Desktop\Samsung SSD Magician.lnk
[2012.10.02 13:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\incavi.avm
[2012.10.02 13:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012.10.02 13:06:16 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavichjw.avm
[2012.10.02 12:50:27 | 000,110,602 | ---- | C] () -- C:\Windows\SysWow64\xcdsfx32.bin
[2012.10.02 11:40:32 | 000,001,419 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.10.02 11:40:31 | 000,001,453 | ---- | C] () -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.10.02 11:37:28 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012.10.02 11:37:22 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012.10.02 11:35:53 | 2132,713,471 | -HS- | C] () -- C:\hiberfil.sys
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.06.19 18:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2012.10.02 13:06:20 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012
[2012.10.02 14:56:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Screaming Bee

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Custom Scans ==========[/color]

[color=#A23BEC]< %SYSTEMDRIVE%\*. >[/color]
[2012.10.02 13:06:11 | 000,000,000 | -H-D | M] -- C:\$AVG
[2012.10.02 14:43:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.10.02 14:08:20 | 000,000,000 | ---D | M] -- C:\AMD
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.10.02 11:40:19 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.02 14:10:31 | 000,000,000 | ---D | M] -- C:\Intel
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.10.02 14:49:48 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.10.02 14:55:00 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.10.06 12:14:48 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.10.02 11:40:19 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.10.02 11:40:19 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.10.06 17:31:42 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.02 14:43:28 | 000,000,000 | R--D | M] -- C:\Users
[2012.10.03 23:38:58 | 000,000,000 | ---D | M] -- C:\Windows

[color=#A23BEC]< %PROGRAMFILES%\*.exe >[/color]

[color=#A23BEC]< %LOCALAPPDATA%\*.exe >[/color]

[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]

[color=#A23BEC]< MD5 for: EXPLORER.EXE >[/color]
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\SysWOW64\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 03:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe

[color=#A23BEC]< MD5 for: REGEDIT.EXE >[/color]
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 03:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 03:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe

[color=#A23BEC]< MD5 for: USERINIT.EXE >[/color]
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

[color=#A23BEC]< MD5 for: WININIT.EXE >[/color]
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

[color=#A23BEC]< MD5 for: WINLOGON.EXE >[/color]
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >[/color]

[color=#A23BEC]< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >[/color]

< End of report >

-Extras.txt-

OTL Extras logfile created on: 06.10.2012 17:31:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Standard\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,98 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 80,30% Memory free
15,96 Gb Paging File | 14,19 Gb Available in Paging File | 88,92% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 49,90 Gb Total Space | 19,32 Gb Free Space | 38,72% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 347,62 Gb Free Space | 74,64% Space Free | Partition Type: NTFS
Drive L: | 200,00 Gb Total Space | 199,21 Gb Free Space | 99,60% Space Free | Partition Type: NTFS
Drive M: | 250,00 Gb Total Space | 249,89 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive N: | 300,00 Gb Total Space | 298,75 Gb Free Space | 99,58% Space Free | Partition Type: NTFS
Drive P: | 19,24 Gb Total Space | 18,77 Gb Free Space | 97,58% Space Free | Partition Type: NTFS
Drive R: | 50,00 Gb Total Space | 49,90 Gb Free Space | 99,80% Space Free | Partition Type: NTFS
Drive S: | 50,00 Gb Total Space | 32,05 Gb Free Space | 64,11% Space Free | Partition Type: NTFS
Drive T: | 10,00 Gb Total Space | 9,91 Gb Free Space | 99,13% Space Free | Partition Type: NTFS
Drive W: | 100,00 Gb Total Space | 83,54 Gb Free Space | 83,54% Space Free | Partition Type: NTFS

Computer Name: HOME | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- P:\Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0ED2C6C5-C2DD-4442-8707-F61E792D456E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{1ECD270C-FF65-4E0B-AFA5-7B60C687E096}" = protocol=6 | dir=in | app=l:\steam\steam.exe |
"{1FA77B51-0D98-4B77-ADC2-FFFE0F3BE12A}" = protocol=6 | dir=in | app=p:\avg\avgmfapx.exe |
"{20C8E579-B693-4CB3-932F-BDD349D9D8B5}" = protocol=6 | dir=in | app=p:\avg\avgnsa.exe |
"{2F592BAD-E8D7-41CE-B6CB-FF103A297D79}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{34DC704A-C4F6-48D7-A19C-6A1FA25420ED}" = protocol=17 | dir=in | app=p:\avg\avgemca.exe |
"{43D10C92-E4E7-4AF0-AFA4-4D34B8C223A0}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{63DC4C03-6FB2-4BF3-BF4B-C0757224F599}" = protocol=6 | dir=in | app=p:\avg\avgdiagex.exe |
"{6515CBC3-E2D0-4697-829E-47FEF590FA78}" = protocol=17 | dir=in | app=l:\steam\steam.exe |
"{6FBB5842-A109-455F-B016-0862D75A8570}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{8510F6CE-4AD6-42D5-A5C3-3BDE4F162D47}" = protocol=17 | dir=in | app=p:\avg\avgnsa.exe |
"{8BA24863-3D59-4B8E-BEFF-7C80E67B56D0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{C2BC0A6A-8A83-4EC7-8188-923D9D537F15}" = protocol=6 | dir=in | app=p:\avg\avgemca.exe |
"{CA7CFC3A-8E07-437C-A44C-BD9ADFE0B89D}" = protocol=17 | dir=in | app=p:\avg\avgmfapx.exe |
"{E9DE6DD0-9CCB-4DB7-93FC-42BEDB7EDAC6}" = protocol=17 | dir=in | app=p:\avg\avgdiagex.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{2E30131D-5B07-4491-83C4-DDF00397B3D3}" = Smart Technology Programming Software 7.0.12.11
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{6C2E334F-37F5-C312-53BA-1482F9A6FD4D}" = ccc-utility64
"{81D00339-968D-15D1-3499-8431658E896F}" = AMD Catalyst Install Manager
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{E6F5D8BE-0B00-6DD9-18F9-D4045798FCBE}" = AMD Media Foundation Decoders
"{F55458B0-DCA9-38C9-6C8D-829F22463A55}" = AMD Drag and Drop Transcoding
"AVG" = AVG 2012
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.20 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01496C89-6117-AD97-3CB3-98AF2026070C}" = CCC Help German
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0486991B-63F4-5106-06CE-404D7BA55041}" = CCC Help Italian
"{177A3BC5-ECD3-BFF1-4D87-C4B417924DF2}" = CCC Help Russian
"{19D368B2-5601-007B-A296-535706E00D97}" = CCC Help English
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{278FA289-F502-D888-A3BA-5FA10308AAAD}" = CCC Help Danish
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44F77218-4BBD-1B74-88B7-FC302868F2B3}" = CCC Help Japanese
"{489BC3B4-AEF9-E14A-11BC-B70FDE9D543D}" = CCC Help Chinese Traditional
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A85AE1B-9727-261D-9EAF-07C1AECCF977}" = CCC Help Turkish
"{502699FF-F586-54B1-91E8-E85D9FAE0D6D}" = CCC Help Greek
"{53EF1C4D-0705-98F2-1889-A69BBF9F03F3}" = CCC Help Thai
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{548A4EF3-BD97-0813-B469-E1E2FC9DE487}" = CCC Help Korean
"{55533224-CAD0-39B5-6297-E1B2D1D8F176}" = Catalyst Control Center
"{590828E0-9BA6-3E4D-8491-A1D9CC3EB8CE}" = CCC Help French
"{62DAB694-358E-4C6F-82BF-26DA64B297A6}" = MorphVOX Pro
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6563FAF5-84F9-0A35-C032-182EBC4C3BDB}" = CCC Help Finnish
"{6D46F639-5F2F-90F3-4B60-EB2EF264B82E}" = CCC Help Spanish
"{70210CF8-CAB1-8FEB-D964-C33AFE18730B}" = CCC Help Czech
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8B1AEC85-4507-28BD-F3BA-4A5D732752E7}" = CCC Help Hungarian
"{8C5ACED4-34D3-23BB-F90E-2F90420321BC}" = Catalyst Control Center Localization All
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{A3DAD349-E48E-AE45-3F26-7B80A4FFCD26}" = Catalyst Control Center InstallProxy
"{B0B1A8A5-4711-BB6C-DD59-9794AD928368}" = CCC Help Dutch
"{B33D2348-2938-1A03-0CD3-E6F7101244E0}" = CCC Help Polish
"{B7C8D838-9C3A-1177-B80A-E3C512FD8AF5}" = CCC Help Swedish
"{DDCB737A-EEC8-3815-42DA-69011A55E3E5}" = Catalyst Control Center Graphics Previews Common
"{E170E984-6B20-79C2-1E9F-0256EC5ADFB4}" = CCC Help Chinese Standard
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E866E52C-1F56-4CCF-0071-CA915F8CFEDA}" = CCC Help Norwegian
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5D245CC-C332-1E8E-CCB1-75E0C3C4D6F1}" = CCC Help Portuguese
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Driver Genius Professional Edition_is1" = Driver Genius Professional Edition
"Driver Magician_is1" = Driver Magician 3.7
"Fraps" = Fraps (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"PunkBusterSvc" = PunkBuster Services

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 02.10.2012 06:37:03 | Computer Name = Home | Source = EventSystem | ID = 4621
Description =

Error - 02.10.2012 08:39:18 | Computer Name = Home | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IAStorDataMgrSvc.exe, Version: 11.5.4.1001,
Zeitstempel: 0x502d5a1d Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x74f36cc4 ID des fehlerhaften
Prozesses: 0xf80 Startzeit der fehlerhaften Anwendung: 0x01cda0981ea8889e Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 2e653ad5-0c8e-11e2-b73a-f46d040fca87

Error - 02.10.2012 08:56:59 | Computer Name = Home | Source = Application Hang | ID = 1002
Description = Programm MorphVOXPro.exe, Version 4.3.2.20874 kann nicht mehr unter
Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: 550 Startzeit: 01cda09d5aaeed83 Endzeit: 0 Anwendungspfad: P:\MorphVOXPro\MorphVOXPro.exe

Berichts-ID:
a504a877-0c90-11e2-a394-f46d040fca87

Error - 06.10.2012 06:35:58 | Computer Name = Home | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.140 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1324 Startzeit:
01cda3acd4026678 Endzeit: 56069 Anwendungspfad: L:\Malwarebytes' Anti-Malware\mbam.exe

Berichts-ID:
762aee08-0fa1-11e2-92da-f46d040fca87

[ System Events ]
Error - 06.10.2012 07:51:37 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:51:40 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:51:44 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:51:48 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:51:51 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:51:55 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:51:59 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:52:02 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:52:06 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

Error - 06.10.2012 07:52:10 | Computer Name = Home | Source = Disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk2\DR2.

< End of report >

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1